Why Slack matters
Slack Dau 101916

Slack just got a huge new pile of cash to play with from Softbank: $250 million in fresh funding to keep accelerating its growth. I've seen a lot of people fail to grasp why Slack is so impactful, which surprised me given that I believe it's on a path to transform the modern office.

The mistake many people are making is comparing Slack to the likes of Hipchat, WhatsApp or even just IRC. Doing so discounts the entire value of Slack and how it can change the way companies actually work together.

Yes, Slack is a chat tool, but it's on track to be the new Microsoft Office — and replace your email inbox. Email has loitered around for decades with little improvement, locking important notes, documents and other data in siloed inboxes where it disappears forever.

Slack, however, surfaces all that data in one place. After just a few months of being implemented at most companies it becomes their brain, or the core nervous system of how they get work done. 

A great example is this common scenario: you need a document from... somewhere but can't remember if it's in Dropbox, Google Drive or just kicking around on your machine? Slam the title into Slack and it'll dig it up in a few seconds, no matter how old it is, in context with chatter the last time you posted it.

I've seen Slack transform companies first hand as the person who drove its implementation. People are weary of Slack at first, because there's a learning curve and it disrupts the entire way of working they're used to — the first few days of a new company on Slack are an awkward dance of trying to figure out how to use it.

What happens on day 30 every single time is incredible: Slack just sticks. At some point, it goes from a hassle to holy shit, I need this and teams buy into it. You go from siloed postcard writing in email to feeling part of a connected, productive team at high speed.

And there's the hook: once Slack's entrenched at a company it's impossible to get rid of it or try move to another tool. Even if you do find something else, the company's cadence with integrations and that every tool you can possibly find works with Slack on day one, is a killer part of that lock-in.

Therein lies why Slack's growth is so enormous. It now has 9 million weekly active users, 6 million daily active users and 2 million paid users — and $200 million in annual recurring revenue. In other words, it's blowing up faster than anyone expected.

Just for even more context about the scale here: Slack raised $200M in April 2016, $160 million in 2015 and $163 million in 2014. Slack is gunning to be the next Microsoft Office — and it has the war chest to do it.

Malware's new attack vector

More than two billion people have used a piece of software called 'CCleaner,' a small tool that cleans up rubbish on your computer left behind by lazy apps. That app, at some point in August, was compromised by attackers in quite possibly the scariest way possible: through a legitimate update.

Cisco's intelligence team discovered a backdoor in the software that would allow remote control of a computer, but what's scarier is how it got there. An attacker, of whom we don't know the identity, somehow injected code into the company's build system.

If you downloaded CCleaner for the month between August 15 and September 12, you got the malware. There was legitimately no way to detect it, because it was signed with the company's security certificate and the backdoor was tucked away in a dark corner of their code to be activated later.

What's wild about this is that the new attack vector isn't your machine, a phishing email or tricking you into clicking a link — it's a targeted attack on software development processes that allows malware to get out on a massive scale. 

This isn't the only time this has happened. Transmission, a popular torrenting app, was infected twice with a similar type of malware and it spread like wildfire thanks to the tool's aggressive auto-update mechanism.

CCleaner is downloaded by more than 5 million new people every week so the scale of this could have been a disaster — if not for a bug in the malware's own code that meant it never went active on infected machines.

Computers are a dumpster fire, and you can't trust anyone.