Marcel Brown: September 25th, 1973, Micro Computer Machines of Canada introduces their MCM 70 microcomputer at a programmer’s user conference in Toronto.

Edwin Kwan:  Beware of what you download! A malicious actor has attempted to disguise a malware as a proof of concept exploit for the recently-released WinRAR vulnerability.

Katy Craig:   With the release of iOS 17, there’s a heads-up you need to know about. iOS 17 has a knack for reactivating sensitive location options you might have disabled.

Hillary Coover:  Amazon has made some big improvements to its Alexa devices, making them even more conversational. However, these advances have sparked important concerns about our privacy. Is the convenience of conversational AI devices like Alexa truly worth the potential privacy violations and increased security risks they bring into our homes?

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Malware Disguised as Fake Proof of Concept Exploit

Beware of what you download! A malicious actor has attempted to disguise a malware as a proof of concept exploit for the recently-released WinRAR vulnerability.

This is Edwin Kwan from Sydney, Australia.

WinRAR was recently discovered to suffer from an improper validation issue, which can be exploited to achieve remote code execution on the victim’s machine.

Four days after the flaw was announced, the threat actor released the malicious, fake, proof of concept exploit on GitHub. Unfortunately for those who downloaded the script, the proof of concept is fake and does not exploit the WinRAR vulnerability. The code looks like a modification of a different proof of concept exploit for a different software application.

However, when the script is executed, it attempts to install a malware, and creates a scheduled task to run the malware every three minutes. The malware has key logging, data stealing, and remote code execution capabilities.

There has been a rise in fake proof of concept exploits trying to target security researchers and other cybercriminals. This fake proof of concept has since been reported and the attack is no longer active.

Resources
– https://www.bleepingcomputer.com/news/security/fake-winrar-proof-of-concept-exploit-drops-venomrat-malware/
– https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html

 

Katy Craig
iOS 17 Privacy Settings

In the world of tech, safeguarding your data is paramount. Now, with the release of iOS 17, there’s a heads-up you need to know about, and I’ll explain why it matters.

This is Katy Craig in San Diego, California.

iOS 17 has a knack for reactivating sensitive location options you might have disabled. These options could potentially compromise your privacy, and here’s why you need to care.

First up, we’ve got significant locations. They stay local on your iPhone, but there’s a catch. They quietly document detailed info about your frequently visited places. Think about it. Do you want your phone keeping tabs on where you go, day in and day out? Probably not.

Then, there’s iPhone Analytics. These reports are shared with Apple, and while they might not point directly at you, your location info can sneak into these reports. So in essence, your data is part of a larger pool, and that could have implications you might not be comfortable with.

So here’s the deal: your privacy is precious, and these settings could put it at risk. Dive into your settings app, tap on Privacy and Security, then Location Services. Scroll all the way down to System Services and you’ll find the culprits: significant Locations and iPhone Analytics. Toggle these off and you’re back in control of your data.

This is Katy Craig. Stay safe out there.

 

 

Hillary Coover
Balancing Conversational AI Advancements with Privacy Concerns

Amazon has made some big improvements to its Alexa devices, making them even more conversational. However, these advances have sparked important concerns about our privacy. Is the convenience of conversational AI devices like Alexa truly worth the potential privacy violations and increased security risks they bring into our homes?

Hi, this is Hillary Coover in Washington, DC.

Amazon has given Alexa the ability to have conversations without needing a wake word. This means Alexa responds faster, understands us better, and can handle follow-up questions more effectively. It can even change its tone and talk about a wide variety of topics. These updates make our interactions with Alexa feel… much more natural.

But here’s the catch: these improvements mean Alexa collects a lot of data, and that’s where the privacy concerns come in. This data could be used to create detailed profiles of users for advertising or other purposes, sometimes without our permission. Worse yet, it could potentially be used for fraudulent activities or identity theft.

Evan McMillan, CEO of Gridspace, a company that provides AI voice agents, says we can program AI agents to forget personal data. However, he warns that as these conversational AI interfaces become more popular, there’s a greater risk of unauthorized access by bad actors. So companies really need to be careful about who has access to these systems.

To protect your privacy, follow these tips:

– First, before downloading apps related to AI devices like Amazon Echo, check how they use your data and whether it’s linked to your identity.

– Second, limit the permissions apps have on your devices to reduce data exposure.

– Third, be aware that conversational AI systems may have vulnerabilities that attackers can exploit.

-And last, but not least, if you’re extremely concerned about privacy, consider not using AI assistants at home and assume your conversations might be recorded and analyzed.

While these conversational AI enhancements bring convenience, they also raise privacy challenges, and we need to find a balance between enjoying the benefits of AI technology and safeguarding our personal data and privacy. Staying vigilant, making informed choices, and using these technologies responsibly are essential in navigating this evolving landscape.

Resources
– https://www.lifewire.com/ai-powered-echo-raises-privacy-concerns-7974005

 

Marcel Brown
This Day, September 22-25, in Tech History

This is Marcel Brown bringing you some technology history for September 22nd through the 25th.

September 22nd, 1986. The US District Court for the Northern District of California rules that computer code is protected under copyright law. The ruling stems from the case NEC Corp versus Intel Corp, which was basically a battle over who had the right to produce x86 processors.

The ruling, while finding that Intel had copyright protection for the code in their processors, also found that reverse-engineering code was also legal, and therefore, NEC did not violate Intel’s copyright in producing their own x86 processors. This ruling, that code could be copyrighted, changed the landscape, for better or worse, of software and computer development.

September 23rd, 2008. Google and T Mobile introduce the T Mobile G1, also known as the HTC Dream, the world’s first Android-based smartphone.

September 24, 1979. CompuServe launches the first consumer-oriented online information service, which they called Micronet. This marked the first time a consumer had access to services such as email.

The service was not favored internally within the business-oriented CompuServe, but as the service became a hit, they renamed the service CompuServe Information Service, or CIS. By the mid-1980s, CompuServe was the largest consumer information service in the world, and half the revenue came from CIS. In 1989, CompuServe connected its proprietary email system to the Internet email system, making it one of the first commercial Internet services.

However, CompuServe did not compete well with America Online or independent Internet service providers in the 1990s, and lost its dominant market position.

September 25th, 1973, Micro Computer Machines of Canada introduces their MCM 70 microcomputer at a programmer’s user conference in Toronto. Possibly the earliest commercially-manufactured device that can now be considered a personal computer, the MCM 70 gained customers at companies such as Chevron, Mutual Life Insurance, NASA, and the US Army. The company worked closely with Intel on the design of their computer and made very early use of the Intel 8008 processor, of which the basic design was used for the future Intel 8086. However, failing to generate venture capital in the Canadian marketplace, the MCM 70 never gained significant market acceptance and by the time the Apple II and other early personal computers were being released, the MCM 70 was relegated to a footnote in history.

That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory.com.

Resources
– https://thisdayintechhistory.com/09/22
– https://thisdayintechhistory.com/09/23
– https://thisdayintechhistory.com/09/24
– https://thisdayintechhistory.com/09/25