Newsletter

open source and cybersecurity news

July 21, 2023

- CYBERSECURITY HEADLINES TODAY -

Thousands of Container Images Leaking Secrets
Google DeepMind
US Office of Management and
Budget gathers software attestation letters
This Day, July 21, in Tech History

Episode Transcription:

Edwin Kwan: Researchers from a German university recently published a paper revealing that tens of thousands of container images hosted on Docker Hub contained confidential secrets.

Hillary Coover: Google DeepMind just made a game-changing AI discovery for designing computer chips, and it’s got some major national security implications. They’ve come up with a way to create faster and more specialized chips, which means a big boost in AI capabilities for businesses and government uses.

Olimpiu Pop: May 12th, 2021. President Biden signed the executive order 14028. The intent was to improve the nation’s cybersecurity in the aftermath of the Log4Shell tsunami. 

Marcel Brown: July 21st, 1999. Apple introduces the iBook laptop, the first mainstream computer designed and sold with built-in wireless networking. 

From Sourced Network Productions in Washington, DC. It’s 5:05. I’m Hillary Coover. Today is Friday, July 21st, 2023. Here’s the full story behind today’s cybersecurity and open source headlines.

Edwin Kwan: Thousands of Container Images Leaking Secrets

This is Edwin Kwan from Sydney Australia. 

Researchers from a German university recently published a paper revealing that tens of thousands of container images hosted on Docker Hub contained confidential secrets.

Docker Hub is an online repository for docker container images. A docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application. That includes the code, runtime, system tools, system libraries, and settings. 

The researchers analyzed over 345,000 images and found that around 8.5% of them included secrets. They found 52,107 private keys, 3,158 leaked API secrets and 275,269 TLS and SSH hosts that were using the leaked private keys for authentication.

This is a huge issue which impacts the image creators, security, and potentially everyone using those images. The secrets were most likely left in there by mistake or out of negligence. 

We scan our code repository for secrets. We need to also be doing the same for our container images. 

Stay safe out there.

Resources
-Thousands of images on Docker Hub leak auth secrets, private keys

 

Hillary Coover: Google DeepMind

Hi, this is Hillary Coover, reporting from Washington DC. 

Google DeepMind just made a game-changing AI discovery for designing computer chips, and it’s got some major national security implications. They’ve come up with a way to create faster and more specialized chips, which means a big boost in AI capabilities for businesses and government uses.

They won a programming contest with their approach, beating last year’s winner by 27%, and this year’s second place by 40%. DeepMind’s approach involves neural circuit networks, a fancy way of saying they’re training AI to design chips. This could seriously shake up critical sectors like defense, cybersecurity, and intelligence gathering. Imagine the possibilities with more powerful and efficient chips running advanced AI applications. 

From a national security perspective, this development takes on added importance. The ability to design cutting-edge chips using AI could give certain countries or organizations a significant advantage in AI-driven technologies.

It’s essential for governments to closely monitor and invest in these AI advancements to stay ahead in the race for technological superiority. The implications could be far reaching, so we need to pay attention to where this takes us. 

Resources
-In Race for AI Chips, Google DeepMind Uses AI to Design Specialized Semiconductors – WSJ

 

Olimpiu Pop: US Office of Management and Budget gathers software attestation letters

May 12th, 2021. President Biden signed the executive order 14028. The intent was to improve the nation’s cybersecurity in the aftermath of the Log4Shell tsunami. 

Now in July, 2023, the White House has given federal agencies more time to collect cybersecurity at the station forms from software vendors according to a new guidance memo from the Office of Management and Budget. The same memo also allows agency Chief Information Officers to decide whether software developed by federal contractors should be considered agency-developed, which would exempt them from attestation collection requirements. 

You can’t do it immediately? Submit a Plan of Action and Milestones (POA&M) document, which may enable them to continue to provide their services if the agency finds their documentation satisfactory. 

Open-source software is given a lifeline being exempted from these requirements, as obtaining attestation from their producers is deemed unfeasible.

The Office of Management and Budget was given the task to begin collecting data on the number of software products in use at each agency that does not meet minimum secure software requirements within a year. Further instruction will be provided on the federal collaboration website, max.gov. The federal agencies were given more time. Some of the agencies that fall into this category are, among others, department of Defense, the Department of State, the Department of Justice, and the Department of Energy. 

In the resources section of 505updates.com, you can find the memo and the article from Fedscoop.

Olympiu Pop Reporting from Transylvania, Romania.

Resources
EXECUTIVE OFFICE OF THE PRESIDENT June 9, 2023 M-23-16 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM
-White House fleshes out plan for agencies to collect software vendor attestation forms | FedScoop

 

Marcel Brown: This Day, July 21, in Tech History

This is Marcel Brown, serving you up some technology history for July 21st and 22nd. 

July 21st, 1999. Apple introduces the iBook laptop, the first mainstream computer designed and sold with built-in wireless networking. 

I remember working at the time for a corporation and being on the forefront of evaluating and testing the then known as 802.11b wireless networking protocol. This was before the term wifi had been coined. I was really impressed with Apple and having the foresight of introducing wireless networking at the time. Indeed, Apple’s introduction of the iBook helped spur wireless networking into the mainstream. 

July 22nd, 1980. One of the most important, yet little known dates in technology history. Representatives from an IBM facility in Boca Raton, Florida, where a small group of engineers were secretly developing the IBM PC, meet with Bill Gates and Steve Ballmer of Microsoft to discuss licensing software and an operating system for the still developing PC. 

Not having an operating system to offer IBM, Microsoft will eventually buy the rights to QDOS/86-DOS from Seattle Computing Products, which they will, in turn, license to IBM as PC DOS and later licensed to PC clone makers as MS-DOS. This alliance between IBM and Microsoft forms one of the most dominant platforms in the history of computing, which goes on to crush nearly all other PC platforms in the eighties and nineties.

Ironically, this platform nearly crushes IBM itself as they lost control of the platform to PC clone makers in Microsoft. 

That’s your technology history for today. For more, tune in next week and visit my website thisdayintechhistory.com.

Resources
http://thisdayintechhistory.com/07/21

Hillary Coover

That’s our update for today, July 21st, 2023. I’m Hillary Coover. We’ll be back Monday at 5:05.

Contributors:

Leave the first comment

Newsletter