open source and cybersecurity news

July 12, 2023

Solar System Compromising Home Network; EU’s AI Act; Hacking Water Facility; Discord Family Center; This Day in Tech History

In this Episode:

Episode Transcription:

Pokie Huang:

From Sourced Network Productions in New York City. “It’s 5:05”. I’m Pokie Huang. Today is Wednesday, July 12th. Here’s the full story behind today’s cybersecurity and open source headlines…

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

As small households embrace green energy and install solar panels, they could unknowingly be exposing their home networks. Most of the solar systems include apps which can be used to track the efficiency of your solar generation. Your home solar system could be connecting to the manufacturer’s servers to send data that is displayed on the app. These monitoring and diagnostic systems are used for remote performance monitoring, troubleshooting, system optimization, and other functions. 

So, just how secure are those systems? Security researchers are warning that over 130,000 solar energy monitoring systems from a variety of manufacturers are exposed to the internet. These researchers say that while internet exposed systems are not necessarily vulnerable or misconfigured in a way that allow attackers to interact with them, they do provide information, including settings to unauthenticated users that could be used to mount an attack. There have been a number of reported vulnerabilities against those systems with some inactive exploitation.

One of them allows for unauthenticated remote command injection. Make sure your system is always up to date, use strong passwords, activate multifactor authentication, and segregate the system by isolating it to its own VLAN. 

Olimpiu Pop: 

The European AI Act is the first of its kind in the world. I had my thoughts about its implementation, but here it is. Being the first, it creates a precedent and a benchmark for those that will follow, but it also imposes explicit obligations on foundational model providers like OpenAI and Google. 

How many of the models out there are actually compliant?

A study conducted by members of Stanford University’s Center for Research on Foundation Models tried to respond. According to the study, all of the 10 major model providers failed to get a perfect score. This indicates that none of them fully comply with the current regulations outlined in the AI Act. Among the more popular models under scrutiny were OpenAI, Google, Meta, and 

The study was based on a dozen legislative points that could be assessed using publicly available information. The subset was selected out of the 22 requirements targeted at the foundation models. They were grouped into four categories, including data resources, computer resources, the model itself, and deployment practices. These were evaluated by assigning scores ranging from zero to four, based on adherence to the outlined requirements. Several areas of noncompliance were identified, including the failure to disclose the status of copyrighted training data, which could play a significant role in deciding on new copyright laws tailored to AI-generated content.

Moreover, most providers have undisclosed energy usage and emissions during model training data, in addition to the absence of transparent methodologies to mitigate potential risk, which also represent important parts of the AI Act. 

The study is really an interesting read and it provides also a visual representation. The resources section of 505 contains more relevant data.

Olimpiu Pop, reporting from Transylvania, Romania. 

Katy Craig: 

In a bizarre case of unauthorized access, a 53-year-old man from California has been charged for meddling with a water treatment facility’s critical software. 

This is Katy Craig in San Diego, California. 

Meet Rambler Gallo, the self-proclaimed hacker wannabe who worked for a company contracted by the town of Discovery Bay.

During his stint from 2016 to 2020, Gallo allegedly installed software that granted him remote access to the water facility’s systems from his own computer. But the real fun began after he resigned. Using his secret remote access, Gallo unleashed chaos by uninstalling the protective software that safeguarded the entire water treatment system, including water pressure, filtration, and chemical levels.

Authorities have charged him with unauthorized access, but let’s be honest, he was no super-spy hacker mastermind. This was more of a case of a disgruntled ex-employee causing trouble. 

Gallo now faces a potential 10-year prison sentence and a hefty $250,000 fine. Costly revenge to say the least. 

Let’s hope this incident prompts tighter security measures and keeps the wannabe hackers at bay. Water treatment system should be safe and clean, not a playground, for mischief makers. 

This is Katy Craig, stay safe out there. 

Hillary Coover: 

Hi, this is Hillary Coover from Washington, DC. 

Today, WIRED released an article discussing Discord’s new “Family Center” safety settings designed for teens. 

Originally created for gamers, Discord has grown into a diverse platform where users can do all sorts of things, including live audio and video broadcasts. However, it’s faced criticism due to the number of users under 18, and concerns about exposures to inappropriate content and potential interactions with predators. In response, Discord launched the Family Center, aiming to strike a balance between safety and teen privacy. 

Here’s how it works. To get started with Family Center, you’ll need to create your own Discord account if you don’t already have one. It’s important to have a conversation with your kid first about online safety, and explain why these security settings are important. Both the parent and child accounts need to opt in for the Family Center to work.

Once you activate the Family Center, you can use the Discord app to check out the friends your teen added in the past week, the servers they joined, and the ones they actively participate in. You’ll also see who they called or messaged, either one-on-one or in group chats. 

Now it’s important to remember that although parents can see their teens’ friends and server activity, the content of private messages, voice calls, and video chats remains hidden. The Family Center provides some visibility, but it’s still important for parents to keep an ongoing dialogue with their children about online safety. 

For more detailed instructions, check out the WIRED article posted with this podcast today.

Marcel Brown: 

This is Marcel Brown, with your technology history for July 12th. 

July 12th, 1949. At the IBM 100% Club Sales Convention held in Endicott, New York, the Thomas J. Watson Jr. predicts that all moving parts in machines would be replaced by electronics within 10 years.

While maybe not 100% technically correct, Watson’s visionary ideals of where the computer industry might go, help lead IBM to dominance in production of all varieties of computers, from workstations to eventually personal computers. 

July 12th, 1990. Nintendo releases the original Final Fantasy video game for it’s Nintendo Entertainment System in North America.

One of the most successful role-playing games for the NES, Final Fantasy helped to popularize the genre and has gone on to spawn one of the most well-known RPG franchises in history. Ironically, the game’s creator, Hironobu Sakaguchi, thought the game would be his last one, hence, the “final” in Final Fantasy.

Had the game not sold well, he would’ve quit making games and gone back to college. So much for that. 

That’s your tech history for today. For more, tune in tomorrow and visit my website

Pokie Huang:

That’s our updates for today, July 12th. I’m Pokie Huang. We’ll be back tomorrow… at 5:05.



Leave the first comment