Newsletter

open source and cybersecurity news

December 6, 2023

It's 5:05, December 6, 2023. TIme for your cybersecurity and open source headlines

In this Episode:

Marcel Brown: December 6, 1994. Apple sues the San Francisco Canyon Company, alleging they helped Intel and Microsoft steal code developed under contract for QuickTime for Windows. Apple was threatening Microsoft with a multi-billion dollar lawsuit that was famously settled by Steve Jobs and Bill Gates in 1997. This settlement is now believed to have helped Apple survive long enough to transform themselves in the 2000s, ushering in the mobile device revolution and the new world of technology.

Edwin Kwan: WhatsApp has introduced a new secret code feature, allowing users to add an extra layer of security to their locked chats by setting a custom password. The process of locking chats has been streamlined, utilizing a long-press action for simplicity. WhatsApp aims to enhance privacy and protect sensitive conversations, making it harder for unauthorized access.

Katy Craig:  Big news in AI: IBM and Meta, with over 50 others, including AMD, Intel, and Harvard, have launched the AI Alliance. It’s a global coalition challenging the closed AI systems of leaders like OpenAI and Google. The Alliance promotes open innovation and open science in AI, offering an alternative to private AI models.

Hillary Coover:  In a world where password updates are about as popular as Monday mornings, the recent 23andMe security breach is here to remind us that a little humor won’t save our data, but strong password hygiene will. Password 123 is just not going to cut it anymore.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
WhatsApp Updates Password Security

Edwin Kwan, Contributing Journalist, It's 5:05 PodcastWhatsApp has introduced a new secret code feature, allowing users to add an extra layer of security to their locked chats by setting a custom password.

This is Edwin Kwan from Sydney, Australia.

This code is independent of the device unlock code and can include emojis. The feature helps hide the ‘Locked Chats’ folder from the chat list, making it accessible again by entering the secret code in the search bar. Alternatively, users can choose to keep the folder in the chat list.

The process of locking chats has been streamlined, utilizing a long-press action for simplicity. WhatsApp aims to enhance privacy and protect sensitive conversations, making it harder for unauthorized access.

The chat lock feature, introduced globally in May, enables users to create a secure folder in the chat list protected by passwords or biometric authentication methods. It also conceals locked chat details from notifications, preventing unauthorized access during the phone use.

WhatsApp, with over 2 billion global users, has been focusing on privacy features, including end-to-end encryption and disappearing messages. The new secret code feature is rolling out gradually and will be available globally in the coming months.

Resources
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/whatsapps-new-secret-code-feature-hides-your-locked-chats/

 

Katy Craig
AI Alliance to Compete with Closed Source LLMs

Katy Craig, Contributing Journalist, It's 5:05 PodcastBig news in AI: IBM and Meta, with over 50 others, including AMD, Intel, and Harvard, have launched the AI Alliance. It’s a global coalition challenging the closed AI systems of leaders like OpenAI and Google. The Alliance promotes open innovation and open science in AI, offering an alternative to private AI models.

This is Katy Craig in San Diego, California.

Meta’s president, Nick Clegg, highlights the importance of open AI development for broader access and safety to harness AI’s advancements for enhancing how we work, live, and learn. The focus here is on open and transparent innovation, crucial for empowering a wide spectrum of AI researchers, builders, and adopters. This approach is vital for prioritizing safety, diversity, and economic opportunities, ensuring AI’s benefits reach everyone.

The AI Alliance is action-oriented and decidedly international. Its mission is to create opportunities worldwide through a diverse range of institutions, shaping AI’s evolution to reflect the complexity and needs of our societies. It aims to foster an open community, enabling developers and researchers to accelerate responsible AI innovation, while maintaining scientific rigor, trust, safety, security, diversity, and economic competitiveness.

By pooling resources and knowledge, the AI Alliance plans to address safety concerns and provide a platform for sharing and developing solutions. It’s a collective effort to meet the needs of researchers, developers, and adopters globally, marking a new era of collaboration in AI innovation.

This is Katy Craig. Stay safe out there.

Resources
– The Alliance: https://thealliance.ai/news
– ArsTechnica: https://arstechnica.com/information-technology/2023/12/ibm-meta-form-ai-alliance-with-50-organizations-to-promote-open-source-ai/

 

Hillary Coover
23andMe: Guard Your DNA Data, Protect Your Family

Hillary Coover, Contributing Journalist, It's 5:05 Podcast

In a world where password updates are about as popular as Monday mornings, the recent 23andMe security breach is here to remind us that a little humor won’t save our data, but strong password hygiene will. Password 123 is just not going to cut it anymore.

Do you need additional motivation for adopting better password hygiene? You are not the only victim if your 23andMe account gets compromised.

Hi, this is Hillary Coover in Washington, DC.

In the wake of a security breach at 23andMe, users are urged to reassess their approach to password security and take immediate steps to protect their accounts. The breach, affecting 14,000 user accounts and approximately 6.9 million individuals, underscored the risks associated with password reuse- an issue prevalent in cyber threats called credential stuffing.

The California-based biotech company, known for its at-home DNA analysis services, reported that the breach did not compromise its computer network, but was a result of credential stuffing. What sets this incident apart is the sensitivity of the compromised information, as 23andMe combines social networking features with healthcare data, exposing users to a lot of privacy risks.

The compromised data includes DNA Relatives profiles, and Family Tree profiles, containing details about relationships, locations, personal identifiers, and more. Your DNA is not a password. You cannot change it once it’s been compromised. So, while the market value of DNA for hackers remains unclear, privacy experts warn of the potential exploitation by online scammers who may impersonate family members for fraudulent purposes.

Users are advised to change their passwords immediately, opting for unique and complex combinations. practice of using the same password across multiple accounts is strongly discouraged and users are encouraged to consider employing password manager tools to maintain distinct passwords for each site and minimize the risk of password reuse.

As a protective security measure, 23andMe announced that existing customers will automatically be enrolled in two-factor authentication during their next sign-in. This move is seen as a commendable step toward enhancing overall account security, but my question- Why wasn’t this a default to begin with, with such sensitive data at stake?

Check out the full article at 505updates.com.

Resources
– WSJ: https://www.wsj.com/tech/personal-tech/23andme-breach-hack-passwords-7587015f?mod=tech_lead_pos2

 

Marcel Brown
This Day, December 6, in Tech History

Marcel Brown, Contributing Journalist, It's 5:05 PodcastThis is Marcel Brown serving up some technology history for December 6th.

December 6, 1994. Apple sues the San Francisco Canyon Company, alleging they helped Intel and Microsoft steal code developed under contract for QuickTime for Windows. Apple first released QuickTime for the Macintosh in December 1991, and then contracted the San Francisco Canyon Company to port QuickTime to Windows in 1992.

Microsoft’s competing Video for Windows technology was not as advanced as Apple’s QuickTime, even though it came out a year after QuickTime. In 1993, Intel hired the San Francisco Canyon Company to help them optimize their own video technology. Later, in 1993, Intel and Microsoft combined their efforts to improve video for Windows, releasing a version that was significantly improved and roughly matched the quality of QuickTime.

Apple discovered that code, developed by the San Francisco Canyon Company for QuickTime, was also present in the improved version of Video for Windows, and sued the San Francisco Canyon Company in 1994. In 1995, Apple expanded the lawsuit to include Intel and Microsoft, claiming that the companies knowingly used the San Francisco Canyon Company to help them steal the QuickTime code.

It was later revealed that Apple was threatening Microsoft with a multi-billion dollar lawsuit that was famously settled by Steve Jobs and Bill Gates in 1997. This settlement is now believed to have helped Apple survive long enough to transform themselves in the 2000s, ushering in the mobile device revolution and the new world of technology.

That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory.com.

Resources
This Day in Tech History: https://thisdayintechhistory.com/12/06

Contributors:

Comments:

Newsletter