Newsletter

open source and cybersecurity news

November 27, 2023

It's 5:05, November 27, 2023. TIme for your cybersecurity and open source headlines

In this Episode:

Marcel Brown: November 27, 1995. Nearly six months to the day after Bill Gates sent his Internet Tidal Wave memo recognizing the importance of the Internet, and only three months after releasing version 1.0, Microsoft releases Internet Explorer 2.0 for Windows 95 and Windows NT 3.5.

Edwin Kwan: Three critical vulnerabilities have been reported to affect OwnCloud, exposing users to potential data breaches. One of these flaws, with a maximum severity score, exposes administrator passwords and mail server credentials.

Katy Craig: The Pentagon is racing against time and technology in its ambitious Replicator initiative, aiming to deploy thousands of AI-enabled autonomous vehicles by 2026. This strategic push is to keep pace with China’s rapid advancements in military technology.

Hillary Coover: Despite the widespread belief that private browsing can secure better prices during online shopping, it turns out that Incognito mode doesn’t deliver on this promise. All private browsing modes do is erase your search history from the device and prevent the browser from using cookies to track your activity across sites.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
OwnCloud App Suffers Three Critical Vulnerabilities

Edwin Kwan, Contributing Journalist, It's 5:05 PodcastThree critical vulnerabilities have been reported to affect OwnCloud, exposing users to potential data breaches.

This is Edwin Kwan from Sydney, Australia.

OwnCloud is an open-source sharing software that allows individuals and organizations to self-host their own file shares. It reports having 20,000 installs, 600 enterprise customers and 200 million users.

The maintainers of the software have issued warnings about three critical security vulnerabilities. One of these flaws, with a maximum severity score, exposes administrator passwords and mail server credentials. The vulnerability arises from the software’s dependency on a third-party library, impacting containerized deployments and potentially exposing sensitive information such as admin passwords and license keys.

The recommended fix includes deleting a specific file, disabling certain functions in Docker containers, and changing exposed secrets. Two other vulnerabilities include an authentication bypass issue and a sub -domain validation bypass problem, both posing significant risks to the security and integrity of the OwnCloud environment.

Administrators are urged to apply the recommended fixes promptly to mitigate potential data breaches, data thefts, and phishing attacks. Security vulnerabilities in file-sharing platforms have been targeted, emphasizing the importance of immediate action to enhance security measures.

Resources
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/critical-bug-in-owncloud-file-sharing-app-exposes-admin-passwords/
– Hacker New: https://thehackernews.com/2023/11/warning-3-critical-vulnerabilities.html

 

Katy Craig
AI-Enabled Autonomous Vehicles and Lethal Weapons

Katy Craig, Contributing Journalist, It's 5:05 PodcastThe Pentagon is racing against time and technology in its ambitious Replicator initiative, aiming to deploy thousands of AI-enabled autonomous vehicles by 2026. This strategic push is to keep pace with China’s rapid advancements in military technology.

This is Katy Craig in San Diego, California.

Deputy Secretary of Defense Kathleen Hicks highlighted the goal of Replicator: to leverage smart, cost-effective platforms quickly. The specifics of funding and technology readiness remain under wraps, but a decision on Replicator candidates is due by early December.

AI’s role in the US military is expanding beyond piloting drones and aiding Ukraine. It’s now about predicting maintenance for Air Force planes and monitoring space rivals. But Replicator signals a shift to more comprehensive AI integration, especially with potential autonomous lethal weapons on the horizon.

Experts believe that such weapons are inevitable, with humans likely taking on supervisory roles. This is particularly true for drone swarms, a technology pursued globally. Yet, the Pentagon has not confirmed any formal assessments for deploying fully autonomous lethal systems, as required by a 2012 directive.

As the Pentagon navigates technological and personnel challenges, the Replicator initiative stands as a crucial step in the transformative journey of AI and warfare. The race towards AI dominance in defense is on, with the US determined to stay in the game.

This is Katy Craig, stay safe out there.

Resources
– C4ISR Net: https://www.c4isrnet.com/artificial-intelligence/2023/11/26/pentagons-replicator-gambit-may-speed-decisions-on-lethal-autonomy
– AP News https://apnews.com/article/technology-science-politics-military-drones-f4a42279515a067c6db2ce75128328c4
– Defense.Gov: https://www.defense.gov/News/News-Stories/Article/Article/3518827/hicks-discusses-replicator-initiative/
– The DeBrief: https://thedebrief.org/pentagon-secretly-working-to-unleash-massive-swarms-of-autonomous-multi-domain-drones-to-dominate-enemy-defenses/

 

Hillary Coover
Debunking the Incognito Shopping Myth

Hillary Coover, Contributing Journalist, It's 5:05 Podcast

Do you believe you score better prices and maintain anonymity in the shadows of Incognito mode? Well, I hate to burst the bubble, but the illusion of privacy isn’t as foolproof as you might believe. Your browsing cookies are just a tiny piece of the digital fingerprint puzzle. Companies can still identify you through your internet service provider, IP address, zip code, the link you clicked on to get to that site, and much more. Brace yourselves for a reality check- Incognito mode isn’t pulling off the magic trick you think it is and you are not gaming the system to get a better price during your online shopping.

Hi, this is Hillary Coover in Washington, DC.

Despite the widespread belief that private browsing can secure better prices during online shopping, it turns out that Incognito mode, like Google Chrome’s or Apple’s Safari private browsing, doesn’t deliver on this promise.

All private browsing modes do is erase your search history from the device and prevent the browser from using cookies to track your activity across sites. While this can be useful for hiding purchases from shared device users, it doesn’t affect the pricing algorithms that determine costs based on various factors unrelated to your personal search habits.

Contrary to the belief that private searches impact pricing, big tech companies know with near certainty who is conducting supposedly secret searches, even in private mode. Amazon, for example, can identify users through digital fingerprints that they’ve developed over time.

Ken Carnesi, CEO of DNSfilter, points out that even when not in private mode, tracking may persist if the private window isn’t closed. And despite the illusion of privacy, internet service providers and network administrators may still have access to all of your searches.

In essence, private modes offer benefits like hiding searches and preventing autofill in the search bar, but the idea that they influence pricing or provide true anonymity is debunked. So next time you’re in Incognito mode, remember, it’s not as private as you might think.

Resources
– WSJ: https://www.wsj.com/tech/cybersecurity/private-browsing-incognito-mode-safe-730dafad

 

Marcel Brown
This Day, November 27, in Tech History

Marcel Brown, Contributing Journalist, It's 5:05 PodcastThis is Marcel Brown delivering some technology history for November 26th and 27th.

November 26th, 1976. Bill Gates and Paul Allen register the trade name “Microsoft” with the Office of the Secretary of State of New Mexico. Previously, Gates and Allen had been working under an informal partnership known as “Micro-Soft,” a combination of microcomputer and software. This new, formalized partnership continued for several more years until Microsoft incorporated in July of 1981, just prior to the introduction of the IBM PC.

November 26, 1996. A US patent is granted to the Fraunhofer Institute in Germany for a ” digital encoding process,” the technology used in MPEG Audio Layer 3, more commonly known as MP3. MP3 technology paved the way for the digital music industry by creating a high-quality format that was compressible, so that many songs could fit on the relatively small data storage devices of the time. Fraunhofer had started work on compressing music as far back as 1977, began work on what would become MP3 in 1987, and was awarded a patent in Germany in 1989.

November 27, 1995. Nearly six months to the day after Bill Gates sent his Internet Tidal Wave memo recognizing the importance of the Internet, and only three months after releasing version 1.0, Microsoft releases Internet Explorer 2.0 for Windows 95 and Windows NT 3.5. IE 2.0 was still based on the licensed code from Spyglass Mosaic, but was the first IE version to support now common features such as SSL, JavaScript, and cookies. It was also the first version to allow the importing of bookmarks from Netscape Navigator, which at the time had a virtual monopoly on the web browser market. This was the first inkling of the browser war that was soon to erupt over the next few years. That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory. com.

Resources
https://thisdayintechhistory.com/11/27

Contributors:

Comments:

Leave the first comment

Newsletter