open source and cybersecurity news

July 17, 2023

Ghostscript allows remote code access; FTC takes on OpenAI; Tax services playing fast and loose with client data

In this Episode:

Episode Transcription:

Mark Miller:

From Sourced Network Productions in New York City, It’s 5:05. I’m Mark Miller. Today is Monday, July 17th, 2023. Here’s the full story behind today’s cybersecurity and open source headlines. 

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

Popular open source PDF library, Ghostscript, has been discovered to have a critical vulnerability that allows for remote code execution. The vulnerability is tracked as CVE-2023-3664 and impacts Ghostscript versions prior to 10.01.2. 

The software is installed by default in most Linux distributions and is used by many software, including some Windows applications such as Inkscape.

The vulnerability can be exploited upon opening a malicious file. It is recommended to upgrade to the latest version of Ghostscript. Applications could also be using Ghostscript without it being obvious, so it is recommended that applications that have the ability to render PDF or EPS files are checked for Ghostscript usages and updated as patches become available.

Katy Craig: 

Taxes and data privacy- two things we all love to hear about, right? Well, it appears our favorite tax preparation services, TaxAct, H&R Block and Tax Layer have been playing a little fast and loose with our personal data.

This is Katie Craig in San Diego, California. 

Yes. It seems the tax prep services have been sharing your tax data with Google and Meta, who were supposedly just there to help track user activity on the tax preparation sites. That’s kind of like inviting someone over for dinner and finding them going through your medicine cabinet.

This news comes courtesy of an investigation by seven US senators, including Richard Blumenthal, the chair of the Senate Finance Committee. They say this behavior violates taxpayer privacy laws. 

There was a time when your tax data was as secret as grandma’s cookie recipe, but it seems these tax companies missed that memo.

So, time to double check those privacy policies folks. Or who knows, your tax data might just end up in the hands of identity thieves and scammers. 

This is Katie Craig, stay safe out there.

Mark Miller: 

Al Capone was brought down almost a hundred years ago. It was evasion of taxes that got him completely unrelated to what he was actually being pursued for. Friday’s filing of Civil Investigative Demand by the FTC against OpenAI reminds me a lot of that process. With the mass media and social media channels, providing a platform for touting the uses and benefits of ChatGPT, and the other side fear-mongering about how AI is going to take over the world, who would have thought the FTC was going to be the one to step in and say, hold on a second. Your use of “Large Language Models has (1) engaged in unfair or deceptive privacy or data security practices. And (2) engaged in unfair or deceptive practices relating to risks of harm to consumers, including reputational harm.”

 The FTC is considering whether it should obtain monetary relief in the public interest. 

This is Mark Miller in New York City. If you follow my other podcast, “That’s in my EULA??” with lawyer Joel MacMull, we covered a bit of this during our extended discussion about Stephen Schwartz, the lawyer who used ChatGPT, which hallucinated a bunch of court filings Schwartz then submitted as evidence in federal court. 

We also did an episode on what’s in the terms of agreement when you choose to use ChatGPT. That’s all by way of saying I’ve thought about this a little bit. 

The real problem to be considered is where did all the data to create these Large Language Models come from? And is there implied license on that content? It seems as if there’s a lot of site scraping and data scraping going on before anyone realized it. 

However, isn’t that what the web has been from the beginning? Granted, not at the scale we’re talking about here, but data scraping to aggregate information has been there since the beginning. Every search engine you’ve ever used is doing it. 

It’s built into the protocol to have open access to content on websites. With that as background, does the value of what OpenAI provides override what the FTC is looking at? There is a good argument in favor of OpenAI, providing that value. Anecdotally haven’t we all seen how people and companies are using this. 

Billions of dollars are being spent by major players – Google, Microsoft, Amazon – because there is so much value in what is being provided. 

 Don’t think the media’s word for what’s going on. Read the FTC filing yourself and see what you think. I’ve put a direct link to the filing in the resources of this episode on It’s an easy read and it’s fascinating. 

Actually it’s part of history And you might want to be part of it

Marcel Brown: 

This is Marcel Brown bringing you some technology history for July 16th and 17th. Happy World Emoji Day. 

July 16th, 1969. Apollo 11 is launched from Cape Kennedy, Florida on the way to becoming the first space mission to land men on the moon. Stay tuned this week for more Apollo 11 technology history.

July 17th, 1850. The first photograph of a star is taken at the Harvard Observatory. The star photographed was Vega in the Lira Constellation, the second brightest star in the Northern Hemisphere. 

July 17th, 1970. Ralph Baer demonstrates the video game system he invented, simply called the Brown Box, to Magnavox Engineering, production, and marketing management in Fort Wayne, Indiana. Previously, Baer had demoed the Brown Box to many other TV manufacturers, including RCA, GE, Zenith, Sylvania, and Magnavox themselves without any licensing agreements. A licensing agreement with RCA was written but canceled in March of that year. 

It was this demo with Magnavox’s VP of Marketing present that would eventually lead to the creation of the first home video game system, the Magnavox Odyssey, and the birth of the video game industry. 

July 17th, 1975. Apollo 18 and Soyuz 19 successfully dock in orbit and the astronauts and cosmonauts shake hands. This marks the first time in history that spacecraft of two Nations doc in space. 

July 17th, 2002. Steve Jobs introduces Apple’s now ubiquitous calendaring software originally called iCal for Macintosh computers. At the time, it was an innovative advancement in calendaring software for the Mac, allowing internet sharing of calendar data and letting users manage multiple calendars. iCal became a mainstay for Mac users, but it achieves mainstream usage starting with the release of the iPhone in 2007. Since the operating system of the iPhone is at its core identical to the Mac OS 10 operating system, much of the software that runs on the Mac Os can easily be ported to the iPhone, iCal included. 

Apple, however called the iOS version simply Calendar. Apple renamed iCal on the Mac OS to match the iOS name in 2012 with the release of Mac OS10, 10 Mountain Lion.

Originally released as a free standalone download, iCal was not actually available until September of that year and then bundled as part of the Mac OS in the next year. However, the date of July 17th has become very important in technology history because it was used as the basis of World Emoji Day started in 2014. The date was chosen because the emoji that Apple created to represent a calendar has always shown the date, July 17th, and recognition of the date that the original iCal software was introduced by Steve Jobs.

July 17th, 2014. Jeremy Burge, founder of Emojipedia, creates World Emoji Day, a celebration of emojis, the now ubiquitous icons we use in text communication to visually represent emotional cues. Burge chose the date of July 17th because Apple’s emoji for calendar displays July 17th, in reference to the date that Steve Jobs originally introduced Apple’s iCal software. 

World Emoji Day has become so popular that it has influenced the design of the calendar emoji on other platforms. Originally, companies other than Apple used a variety of dates on their calendar emoji. As World Emoji Day grew in popularity, the various dates cause confusion. So as of the writing of this article in 2023, most major platforms now display July 17th on their calendar emoji, Microsoft and Facebook being notable exceptions.

That’s your technology history for today. For more, tune in tomorrow and visit my website

Mark Miller: 

That’s our updates for today, July 17th, 2023. I’m Mark Miller. We’ll be back tomorrow… at 5:05.​



Leave the first comment