Marcel Brown: August 24th, 1993. Perhaps the most famous lawsuit in technology history is decided for Microsoft. Apple claimed that Microsoft’s Windows violated their copyrights on the so-called visual displays of the Macintosh. The judge in the case ruled that most of the claims were covered by a 1985 licensing agreement.

Edwin Kwan: Thousands of donors to Australian charities have had their personal information stolen after a telemarketing company suffered a data breach. The stolen data has been published and includes full names, date of births, addresses, email addresses, and phone numbers.

Ian Garrett: Have you ever wondered what challenges security teams face due to budgetary and staffing constraints? Today is part one of a three part series where we explore the 10 common tasks that often bog down cybersecurity professionals and discuss strategies employed by security leaders to overcome these hurdles.

Katy Craig: After nearly nine years under the Mozilla public license MPL version 2.0, Terraform has transitioned to the business source license BSL version 1.1, a non-open source license. For dedicated supporters of open source principles, the business source license doesn’t align well with their values.

Hillary Coover: A recent report highlights concerns over YouTube’s advertising practices on children’s channels, potentially leading to the tracking of children’s online activities. A Canadian bank’s ad campaign illustrates how ads meant for adults ended up on a children’s video resulting in viewers being tracked by various tech companies.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Australian Charities Suffer Data Breach due to Third Party Compromise

If you have donated to an Australian charity, You might have donated more than just money in this recent data breach.

This is Edwin Kwan from Sydney, Australia.

Thousands of donors to Australian charities have had their personal information stolen after a telemarketing company suffered a data breach. Pareto Phone is a telemarketing company collecting donations on behalf of over 70 Australian charities. The stolen data has been published on the dark web, and it includes full names, date of births, addresses, email addresses, and phone numbers.

There’s no financial information published and forensic specialists are analyzing to determine if any identity documents such as tax file numbers, driver licenses, and passports were impacted.

What is deeply concerning about this breach is the amount of data Pareto Phone has retained without the charity’s knowledge. One charity has alleged that the company has retained nine year old documents without its knowledge.

This would be a breach of the Privacy Act, which requires personal information data to be destroyed or de-identified once it is no longer needed for the purpose for which it was collected. Another charity had similar concerns. And they claim that they had not worked with the telemarketing company for almost five years.

Pareto Phone has informed the regulators, the office of the Australian Information Commissioner and the New Zealand Privacy Commissioner of the data breach.

Resources
– https://www.abc.net.au/news/2023-08-23/qld-charity-donors-dark-web-cyber-criminals-pareto-phone/102757194

 

Ian Garrett
Part One: 10 Tasks Slowing Down Security Professionals

Have you ever wondered what challenges security teams face due to budgetary and staffing constraints? Today is part one of a three part series where we explore the 10 common tasks that often bog down cybersecurity professionals and discuss strategies employed by security leaders to overcome these hurdles.

Hey folks. This is Ian Garrett in Arlington, Virginia.

The life of a Chief information Security Officer, otherwise known as a CISO, can be demanding with tight budgets and limited staff. A recent report from Proofpoint’s 2023 Voice of the CISO found that economic downturns have impacted cybersecurity budgets for the 58% of CISO surveyed, leading to excess expectations among 61% and burnout among 60% of them.

Here are three of the 10 tasks that tend to consume valuable time and energy and how leaders have effectively tackled them.

Task 1: Security Alerts. One significant task is responding to security alerts. However, the overwhelming volume of alerts paralyzed teams. While having a lot of data is key to staying secure, having too much raw data means key insights will get lost. Solutions to reduce alerts include hiring a managed security service provider, buying intelligence and automation tools, and optimizing the signal to noise ratio.

Task 2: Restrictive Default Mode. Overly restrictive security policies can backfire creating inefficiencies and straining relationships with other departments.

Starting with a too restrictive default setting will ultimately create a system where you’re busy processing exceptions to your policies. Focus on achieving a balance between security and business objectives, articulating risks and creating streamlined processes to help mitigate this issue.

Task 3: Reliance on Go-To Workers. Reliance on a few experts strains their resources and limits the growth of other team members. To solve this problem, focus on creating cross-trained teams or SWAT teams that specialize in certain IT implementations, fostering deeper expertise and distributing workloads more evenly. This ensures that your top performers don’t get burned out and that newer employees can become more effective over time.

Be sure to tune in next Tuesday and Thursday for parts two and three of the 10 common tasks weighing down security professionals.

Resources
– https://www.csoonline.com/article/649822/tasks-that-bog-down-security-teams-and-what-to-do-about-them.html

 

Katy Craig
Drama at Terraform: Just fork it!

In a notable shift, HashiCorp, a provider of infrastructure software, has made a significant change to its popular Infrastructure as Code IaC tool, Terraform. After nearly nine years under the Mozilla public license MPL version 2.0, Terraform has transitioned to the business source license BSL version 1.1, a non-open source license.

This is Katie Craig in San Diego, California.

For dedicated supporters of open source principles, the business source license doesn’t align well with their values. Consequently, the plan is to fork the previous MPL license to Terraform. This fork will be maintained by a foundation, not a company, to ensure continuity.

The envisioned OpenTF Foundation aims to uphold the code under a widely accepted license fostering trust among companies. This license is likely to be MPL version 2. The foundation intends to function as a community driven entity where impartial code reviews and contributions will be a norm. Over a hundred companies and individuals have pledged support for the Open TF initiative, underlining the significance of maintaining Terraform’s open source nature.

To show support, individuals can engage by submitting pull requests to the OpenTF Manifesto GitHub repo, and sharing the initiative on various platforms.

This is Katie Craig. Stay safe out there.

Resources
– https://thenewstack.io/opentf-disgruntled-hashicorp-rivals-threaten-to-fork-terraform/

 

Hillary Coover
Is YouTube Targeting Your Kids? Of course they are!

Caution parents! Uncover YouTube’s ad practices on children’s channels where adult ads and possible tracking collide revealing the importance of advertising cookies, small pieces of data used to track online behavior and personalized ads.

Hi, this is Hillary Cooper in Washington, DC.

A recent report highlights concerns over YouTube’s advertising practices on children’s channels, potentially leading to the tracking of children’s online activities.

An example involving a Canadian bank’s ad campaign illustrates how ads meant for adults ended up on a children’s video, resulting in viewers being tracked by various tech companies. This could potentially violate the Children’s Online Privacy Protection Act, which requires parental consent before collecting personal data from users under 13 for ad targeting.

YouTube previously faced fines for illegally collecting children’s data for targeted ads, promising to limit data collection and personalize ads less on children’s content. US Senators are now urging an investigation into potential COPA violations by Google and YouTube as they might have tracked and targeted children without parental consent.

Furthermore, analytics found more than 300 ads from adult brands on videos labeled “made for kids” alongside violent content on children’s channels.

The New York Times analysis revealed that clicking these ads led to brand websites embedding tracking code from major tech companies onto users browsers.

Google challenged the report’s findings, claiming the ad’s purpose was to attract parents as potential customers. While they admitted to policy violations regarding violent ads, Google asserted compliance with COPA stating that ad targeting is based on webpage content, not user profiles.

The BMO campaign’s case exemplifies the challenges of ensuring children’s data isn’t inappropriately collected. Google offers brands an option to exclude ads from children’s videos, but some campaigns failed to do so initially.

Despite these complexities, Google clarified its limitations in controlling data collection after users click on ads. In a separate case, a BMO credit card ad appeared on a children’s video prompting BMO to clarify that they do not intentionally target minors with online ads.

These developments highlight ongoing debates surrounding children’s online privacy and appropriate ad targeting practices.

Resources
– https://www.nytimes.com/2023/08/17/technology/youtube-google-children-privacy.html

 

Marcel Brown
This Day, August 23 and 24, in Tech History

This is Marcel Brown with your technology history for August 23rd and 24th.

August 23rd, 2002. Apple releases Mac OSS X 10.2 code named Jaguar. For the first time. the Happy Mac icon is not a part of the MAC operating system startup process, replaced instead by the gray Apple logo that is still in use today.

Jaguar was also the first Mac operating system where Apple publicly used the code name to reference the operating system and for marketing purposes. All Mac releases since Jaguar were referred to by its big cat theme code name, until Apple switched to the name of places in California.

From my perspective, Mac OSS 10.2 was the first Mac OSS X release that was truly usable. The previous releases 10.0 and 10.1 felt more like transitional stages from Mac OS 9, almost like a technology preview. But Jaguar tied up a lot of loose ends from a usability standpoint and introduced many of the underlying technologies that are now standard parts of modern MAC operating systems.

August 24th, 1993. Perhaps the most famous lawsuit in technology history is decided for Microsoft. Apple claimed that Microsoft’s Windows violated their copyrights on the so-called visual displays of the Macintosh. The judge in the case ruled that most of the claims were covered by a 1985 licensing agreement.

Other claims were not violations of copyright due to the merger doctrine, which basically states that ideas cannot be copyrighted. This paved the way for Microsoft to develop Windows 95, which imitated the Macintosh even more so than previous versions of Windows.

It also led Apple and many other technology companies since then to patent virtually every concept that they came up with.

That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.

Resources
– http://thisdayintechhistory.com/08/23
– http://thisdayintechhistory.com/08/24