open source and cybersecurity news

July 6, 2023

CWE Top 25 Most Dangerous Software Weaknesses; Robotaxis are Fire Hazard; This Day in Tech History

In this Episode:

Episode Transcription:

Pokie Huang:

From Sourced Network Production in New York city. “It’s 5:05”. I’m Pokie Huang. Today is Thursday, July 6th. Here is the full story behind today’s cyber security and open source headlines.

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

Mitre has recently released their CWE Top 25 Most Dangerous Software Weaknesses list for 2023. CWE stands for Common Weaknesses Enumeration. This list demonstrates the currently most common and impactful software weaknesses. Those are often easy to find and exploited by attackers.

Some interesting insights about the list as compared to last year. First, the top three spots remain the same. They are

– CWE-787: Out of bounds right in first place, 

– CWE-79: Cross-site Scripting in second place, and 

– CWE-89: SQL Injection in third place 

 The biggest mover apps on the list are 

-CWE-416: Use After Free, 

-CWS-862: Missing Authorization, 

-CWE-269: Improper Privilege Management, and 

-CWE-863: Incorrect Authorization

 The biggest downward movers are 

-CWE-502: Deserialization of Untrusted Data, 

– CWE-798: Use of Hard-coded Credentials, and

-CWE-276: Incorrect Default Permissions 

Check out the full list on the Mitre website.

Katy Craig: 

It seems that the rise of driverless taxis is causing quite a stir in San Francisco. The city’s fire chief has issued a warning about the potential risks these autonomous vehicles pose during emergencies. 

This is Katie Craig in San Diego, California. 

Driverless cars may be the future, but are they ready for prime time?

According to the fire chief in San Francisco, the answer is a resounding no. The Chief cites numerous incidents where self-driving taxis have obstructed fire engines and blocked roads during critical emergencies. It’s becoming a growing headache for residents and officials alike. 

The San Francisco Police Department reported nearly 40 cases this year alone, where robo taxis interfered with fire department operations. These incidents range from blocking one-way streets to obstructing firehouse driveways, forcing firefighters to take alternate routes. Imagine the impact on response times when every second counts. 

One particularly alarming incident involved a cruise robo taxi idling in the midst of a mass shooting, delaying the response of emergency personnel. Another case saw a firefighter having to break the window of a cruise vehicle to prevent it from running over the fire hoses during a house fire. 

These incidents have caught the attention of the public and the media. As the self-driving revolution continues, striking a balance between innovation and public safety remains a critical challenge.

The concerns raised by the San Francisco Fire Chief serve as a reminder that technology must be carefully integrated into our communities. 

This is Katie Craig, stay safe out there.

Marcel Brown: 

This is Marcel Brown serving you up some technology history for July 6th. 

July 6th, 1995. IBM completes a $3.5 billion buyout of Lotus Development, the producer of the once dominant Lotus 1-2-3 spreadsheet software, and the then popular Lotus Notes Groupware. 

IBM had hoped to leverage Lotus 1-2-3 to challenge the increasingly demanded Microsoft Excel software. But alas, there was little slowing down the Microsoft juggernaut during the 1990s. Lotus 1-2-3 steadily lost market share, and IBM finally announced the end of support for the software in 2013. 

Lotus Notes groupware fared little better than 1-2-3 succumbing to Microsoft Exchange as the dominant groupware platform among large companies. But it remained entrenched among certain corporations for many years, under the name IBM Notes. In 2018, IBM sold Notes along with other software products to HCL Software for $1.8 billion. 

HCL still develops and supports Notes to this day with a focus on security and lower cost as a way to compete with Microsoft Exchange. 

July 6th, 1996. America Online settles 11 class action lawsuits alleging misleading billing practices. Among the claims raised against AOL were that customers were not aware that charges were rounded up to the next full minute, that 15 seconds were added to each session for connection time, and occasionally billing customers for time in free areas. AOL continued to charge by the hour until December of that year, switching to a flat monthly rate of $19 and 95 cents.

Who here remembers that point in time when this pricing change caused AOL to have such a huge spike in new users, that for a time it was almost impossible to connect to AOL due to the busy signals. 

AOL was a major driver of the growth of internet usage in the 1990s as their blanket marketing campaign of distributing free trial discs was the introduction for many people to the nascent Global Network. It is reported that at one point in the 1990s, half of all CDs pressed were AOL installers. 

To illustrate AOL’s growth, and by proxy users accessing the internet, from 200,000 subscribers in 1993, when AOL first offered internet access, AOL had grown to 1 million subscribers in 1994, 4 million in 1995, 8 million in 1996, 10 million in 1999, and through continued growth by marketing and acquisitions of other online services such as CompuServe, 23 million subscribers in the year 2000 when they made over $4 billion in subscription fees. 

In 2001, AOL made the biggest merger in history at the time with Time Warner, and in 2002 reached over 26 million users before the emergence of broadband DSL and cable Internet services began the slow decline of the once dominant company.

That’s your technology history for today. For more, tune in tomorrow and visit my website

Pokie Huang:

That’s our updates for today, July 6th. I’m Pokie Huang. We’ll be back tomorrow… at 5:05. 



Leave the first comment