October 5, 2023
In this Episode:
Marcel Brown: October 5th, 1991. At just 21 years old, Linus Torvalds releases the first publicly available version of the Linux kernel, version 0.2, weighing in at just over 10,000 lines of code when first released. As of 2020, the Linux kernel was nearly 30 million lines of code.
Edwin Kwan: Security researchers have spotted evidence of mass exploitation of vulnerabilities in Progress Software’s WS_FTP server file-sharing platform. The server file-sharing platform has a maximum severity remote code execution vulnerability, which attackers can exploit using a simple HTTP request.
Katy Craig: There’s a new app called Permission Slip by CR that empowers you to take control of your personal information. With Permission Slip, you can swipe through a list of companies that may possess your data, and with a simple tap, request them to delete your account or halt the sale of your information.
Hillary Coover: Did you know that over 50 million people are affected worldwide by modern human trafficking? Have you ever considered the fact that the very technology cybersecurity and open-source professionals use day in and day out could be used to help combat such evil?
The Stories Behind the Cybersecurity Headlines
Mass Active Exploitation of WS_FTP Vulnerability
This is Edwin Kwan from Sydney, Australia.
The server file-sharing platform has a maximum severity remote code execution vulnerability, which attackers can exploit using a simple HTTP request. Security researchers who discovered and reported the flaw published a blog post with a proof of concept exploit and additional technical details last weekend. This was two days after Progress Software released its security advisory on the vulnerability. Not long after the proof of concept blog post was published, evidence of exploitation of the vulnerability could be seen across multiple instances of WS_FTP.
In fact, It was roughly 72 hours from patch release to active exploitation. For defenders, that means that we don’t have much time to patch our systems before exploitation commences. And it doesn’t help when Progress Software lists their high-profile customers on their website, helping to simplify target selection.
A Shodan search has shown that over 2,000 devices are running WS_FTP servers that are accessible through the internet. A Progress spokesperson released a statement expressing the disappointment at how quickly third parties had released proof of concepts for the vulnerability, as it provided threat actors a roadmap on how to exploit the vulnerabilities while many of their customers were still in the process of applying the patch.
– Progress: https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
– The Register: https://www.theregister.com/2023/10/02/ws_ftp_update/
– Gov InfoSecurity: https://www.govinfosecurity.com/alert-attackers-actively-exploiting-wsftp-vulnerabilities-a-23200
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/exploit-available-for-critical-ws-ftp-bug-exploited-in-attacks/
Permission Slip: Manage Your Digital Data
There’s a new app called ‘Permission Slip by CR,’ that empowers you to take control of your personal information. This free app, available on iOS and Android, allows you to effortlessly request that companies delete or cease selling your data.
This is Katy Craig in San Diego, California.
With ‘Permission Slip,’ you can swipe through a list of companies that may possess your data and, with a simple tap, request them to delete your account or halt the sale of your information. The app covers a wide range of industries and companies, from fast-food giants like McDonald’s to entertainment titans like Netflix, making it a comprehensive privacy tool. More companies will be added in the future.
Developed by Consumer Reports’ Innovation Lab in response to evolving privacy laws, ‘Permission Slip’ operates as an ‘authorized agent,’ filing data requests on your behalf and ensuring companies comply. This eliminates the need for you to navigate the often complex process of dealing with individual companies regarding your data. The app leverages Consumer Reports’ influence to encourage companies to act promptly on these requests.
This is Katy Craig. Stay safe out there.
– Washington Post: https://www.washingtonpost.com/technology/2023/10/03/delete-personal-data-privacy-free-app/
– Permission Slip: https://permissionslipcr.com/
– Consumer Reports: https://www.consumerreports.org/media-room/press-releases/2023/10/consumer-reports-introduces-free-permission-slip-by-cr-app-to-empower-consumers-to-take-back-control-of-their-personal-data/
Mobilizing Cybersecurity Professionals and Technology to Fight Human Trafficking
Did you know that over 50 million people are affected worldwide by human trafficking? Have you ever considered the fact that the very technology cybersecurity and open source professionals use day in, and day out could be used to help combat such evil?
This is a call to cybersecurity and open-source data professionals to not only “see something, say something,” but also DO something.
This is Hillary Coover in Washington DC.
At the recent Uniting Women in Cybersecurity Conference in Arlington, VA, we heard the harrowing stories and missions of experts dedicated to ending this evil. They have issued a compelling call to action, and we must respond.
In a rapidly evolving digital age, our technical skills and expertise are more vital than ever.
Human trafficking is a highly profitable industry that leverages technology for its dark purposes.
The “see something, say something” campaign is a starting point, but as cybersecurity professionals, we have the tools and knowledge to do more than just observe and report. We can dismantle the digital infrastructure that supports human trafficking, analyze data to uncover hidden connections, and collaborate with NGOs and other organizations to develop innovative solutions.
Our expertise extends beyond digital boundaries. By using our skills and resources, we can help create a safer world for those most vulnerable. We can be the heroes who rescue victims from traffickers and restore their hope and dignity.
Join the fight. Stand up against human trafficking. Unite your technical skills, data analysis capabilities, and technology expertise to combat this global issue.
For more information and to get in touch with these incredible professionals, follow The Cyber Guild on Linkedin.
– The Cyber Guild: https://www.linkedin.com/company/the-cyber-guild/posts/
This Day, October 5, in Tech History
October 5th, 1991. At just 21 years old, Linus Torvalds releases the first publicly available version of the Linux kernel, version 0.2, weighing in at just over 10,000 lines of code when first released. As of 2020, the Linux kernel was nearly 30 million lines of code.
October 5th, 2011. After a long battle with pancreatic cancer, technology visionary and founder of Apple Computer, Steve Jobs, passes away. Jobs’ contributions to the technology industry are undeniable. Together with Steve Wozniak, Steve Jobs started the personal computer revolution with their Apple II computer.
After being forced out of Apple, Jobs went on to found NeXT Incorporated and then purchase Pixar, the company that would redefine the animated motion picture industry. In 1997, Apple purchased NeXT, which brought jobs back to the Apple, and the technology developed at NeXT was used as the foundation for Apple’s future operating systems, Mac OS X, and the iOS.
By introducing the iPhone and iPad, he ended the PC era he created, kick started the new world of technology, and led Apple back from the brink of collapse to the most valuable company in the world.
That is your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory.com.
– This Day in Tech History: https://thisdayintechhistory.com/10/05/