Mark Miller:  October 4th, 1968. The new issue of Science Magazine contains a Hewlett Packard ad for its new HP9100A. The ad boasted the dynamic functionality of this new device called both a personal computer. and a programmable calculator.

Edwin Kwan: A popular library for rendering images in the WebP format has a critical vulnerability that is under active exploitation. The vulnerability is with the LibWebP library and it suffers from a heap buffer overflow, which allows a remote attacker to perform an out-of-bounds memory write.

Katy Craig: Google is secretly altering billions of queries every day, all with one goal in mind: to lead you into purchasing more products and services.

Hillary Coover: We’re all familiar with the “She-cession,” but were you aware that the cybersecurity industry lost 40 percent of its female workforce in that time? That, along with many other jaw-dropping insights, came out of this week’s gathering of hundreds of women in cybersecurity.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Critical Vulnerability in Popular Image Rendering Library Under Active Exploitation

A popular library for rendering images in the WebP format has a critical vulnerability that is under active exploitation.

This is Edwin Kwan from Sydney Australia.

The vulnerability is with the libwebp library and it suffers from a heap buffer overflow which allows a remote attacker to perform an out of bounds memory write via a crafted HTML page. Successful exploitation could cause a system crash, as well as access to privilege data and arbitrary code execution. It was first disclosed by Google and given a high CVSS rating as it was thought to only affect the chrome browser. However Google raised the rating to the maximum score, making it a critical vulnerability when it was discovered that the vulnerability’s scope was much wider than initially assumed.

The flaw affected browsers and applications that use the libwebp library and include popular applications like 1Password, Signal, other browsers like Firefox, Microsoft Edge, Safari and websites running applications such as ngnix, python, wordpress, Joomla and more. The extended scope means that it affects millions of applications. This vulnerability has been patched, so make sure your browsers, systems and web applications are up to date and running the most stable and secure version.

Resources
– https://therecord.media/libwebp-vulnerability-more-widespread-than-expected
– https://thehackernews.com/2023/09/new-libwebp-vulnerability-under-active.html
– https://nvd.nist.gov/vuln/detail/CVE-2023-4863

 

Katy Craig
Google Alters Search Queries for Profits

Alarming revelations have emerged during Google’s recent antitrust case, shedding light on the company’s manipulation of your daily online searches. It appears that Google is secretly altering billions of queries every day, all with one goal in mind: to lead you into purchasing more products and services.

This is Katy Craig in San Diego, California.

Google is believed to modify queries on a massive scale, potentially billions of times a day, in countless variations. Here’s how it works: Suppose you search for “children’s clothing.” Google secretly changes it to a search for “NIKOLAI-brand kidswear,” replacing your original query with one that benefits the company financially, often providing results that weren’t what you were actually searching for. Unfortunately, there’s no way for users to opt out of this substitution. Even if you attempt to refine your query to get the results you want, you may find yourself trapped in a convoluted shopping mall with no exit.

This revelation has reignited suspicions about Google’s manipulation of ad prices, and it raises concerns about how the company treats its users. The “10 blue links,” which Google has long touted as organic and unbiased results, are now seen as another avenue for Google’s profit-driven approach, cleverly hidden behind its friendly interface.

This highlights the growing concerns about the transparency and ethics of Google’s search practices, raising questions about how much control users truly have over their search queries.

This is Katy Craig. Stay safe out there.

Resources
– https://archive.ph/6a8jE#selection-653.0-691.649

 

Hillary Coover
Hundreds of Women in Cybersecurity Convene in Arlington, VA to Drive Industry Transformation

We’re all familiar with the “She-cession” caused by COVID, but were you aware that the cybersecurity industry lost 40% of its female workforce in that time? That, along with many other jaw-dropping insights, came out of this week’s gathering of hundreds of women in cybersecurity.

Hi, this is Hillary Coover in Washington, DC.

This remarkable assembly of female cybersecurity experts by local nonprofit, The Cyber Guild, marked a significant step forward in fostering diversity and inclusivity within the industry, setting the stage for a more innovative and effective future.

The event, which attracted diverse professionals, leaders, and trailblazers from various cybersecurity domains, showcased a united commitment to driving change in an industry historically dominated by men. These remarkable women are not only rising through the ranks but are lifting others up, creating a ripple effect of empowerment that promises to reshape the landscape of cybersecurity.

In the words of the unstoppable [Dr. Dianne Janosek], a true powerhouse in the cybersecurity community who’s been leading the charge, she told us straight up: “Every single one of you belongs right here.” It’s crystal clear, folks: diversity and inclusivity aren’t just fancy ideas. They’re the real deal, and they’re what we need to thrive in this crazy, connected world.

The women who gathered in Arlington, VA, have set a remarkable precedent, proving that the industry can reach new heights when powered by the diversity of thought, experience, and expertise that women bring.

For future events and to support diversity in cyber, follow the cyber guild, led by Debbie Sallis.

Resources
– https://www.linkedin.com/company/the-cyber-guild/
– https://www.linkedin.com/groups/12886700/

 

Mark Miller
This Day, October 4, in Tech History

This is Mark Miller standing in for Marcel Brown with a couple of historical tidbits for October 4th.

October 4, 1957. The first man made satellite to orbit the Earth, Sputnik 1, is launched from Kazakhstan, marking what is now considered the beginning of the space age. Surprising the world with its successful launch, Sputnik triggered the space race between the Soviet Union and United States, ushering in an era of rapid advancement in the field of space exploration.

After three months in orbit, Sputnik reentered the Earth’s atmosphere and burned up upon reentry on January 4th, 1958.

October 4th, 1968. The new issue of Science Magazine contains a Hewlett Packard ad for its new HP9100A. The ad boasted the dynamic functionality of this new device called both a personal computer. and a programmable calculator. The 9100A was capable of performing hyperbolics, roots of fifth degree polynomial, epliptic integrals, and other complex functions. As a side note, it was probably the first device in the world to be called a personal computer.

That’s your technology history for today. For more, tune in tomorrow or visit ThisDayInTechHistory. com.

Resources
– http://thisdayintechhistory.com/10/04