May 11, 2023
Twitter Leaks Private Tweets, Github Protects Secrets, Zero Trust API
In this Episode:
Twitter Security Incident Results in Data Leak of Private Tweets
GitHub Automatically Protects Secrets
Zero Trust API Access
This Day in Tech History
Hey, it’s 5:05 on Thursday, May 11th, 2023. From the Sourced Podcast Network in New York city, this is your host, Pokie Huang.
Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Chris Hughes in Virginia Beach, Virginia, Katy Craig in San Diego, California and Marcel brown in St. Louis, Missouri.
Let’s get to it.
This is Edwin Kwan from Sydney, Australia.
Twitter has disclosed that a security incident is causing private tweets sent to Twitter Circles to leak and be shown publicly to users outside of the Circle. Twitter Circles is a feature that was released in August, 2022. It is a way for users to send tweets to a smaller circle of people promising to keep them private.
However, around April 7 Twitter users began complaining that their tweets to Twitter Circle were no longer private and was shown publicly to people in their timelines.
Weeks after the incident, Twitter has finally acknowledged the incident and sent an email to impacted users informing them of the security incident.
I’m still recovering from a fantastic and invigorating RSA Conference. While I was there, I had the opportunity to interview several leading minds in the areas of cybersecurity and artificial intelligence. One of the exciting innovations that I learned of is called Zero Trust API Access, or ZTAA. It’s a platform made by Traceable. In plain language, ZTAA is a security solution that helps protect the ways computer programs talk to each other, called APIs from hackers and other threats.
The system is unique because it constantly adapts to new risks and only grants access to the right users at the right time. It also helps organizations control the number of requests made to their APIs preventing overloading, potential attacks, and API DDoS.
Dr. Jisheng Wang, Vice President of Artificial Intelligence Machine learning and Engineering, emphasized the importance of API security. With the fast adoption of cloud native and microservices based software development architecture, APIs, which are often referred to as the glue that holds the software, applications and services together, are unsurprisingly becoming the new attack surface of some business threatening attacks, including OWASP threats, abuse and fraud, and data exfiltration.
Dr. Wang spoke extensively about the need for preventing fraud and collusion. One standout feature of ZTAA is its dynamic data access policies. These policies help businesses set specific rules for who can access certain information and when, making it easier to protect sensitive data. Think of it as a digital doorman checking IDs and only letting approved guests into the party.
Another great feature is its intelligent rate limiting. This helps organizations manage the flow of incoming requests to their APIs, which not only safeguards against potential attacks, but also ensures a smoother, more efficient user experience. It’s like having a traffic cop directing the flow of requests, keeping things running smoothly and safely.
In a nutshell, ZTAA provides a safer environment for businesses to grow and innovate without worrying about their sensitive data being accessed by unauthorized users.
This is Katy Craig. Stay safe out there.
Chris Hughes here from Virginia Beach, Virginia with an update coming out today regarding GitHub, the major software development platform.
They released a feature that proactively prevents the leaks of scanning for secrets before Git push operation is accepted, and it covers over 69 token types, including API keys, private keys, secret keys, access tokens, credentials, and more.
And it has a very low false positive detection rate. GitHub stated in their announcement that it blocks these secrets with low false positive rate, and it lets you know when you’ve had a finding essentially that’s been identified. And it says, since the beta release, software developers who have been abled to have successfully averted around 17,000 accidental exposures of sensitive information, saving more than ninety-five thousand hours that would’ve been spent revoking rotating and remediating compromised secrets, according to GitHub.
This is a major capability that’s coming out from a platform provider like GitHub, and we’ve seen this push now in other areas like two factor authentication, for example. These methods really bolster software supply chain security and tackle one of the most pervasive issues in the ecosystem when it comes to secrets management and exposure.
That said, stay resilient out there.
This is Marcel Brown, the most trusted name in technology with your technology history for May 11th.
May 11th, 1979. At the West Coast Computer Fair, Harvard MBA candidate Daniel Bricklin and programmer Robert Frankston give one of the first private demonstrations of VisiCalc, the original spreadsheet software. It would later be publicly demoed for the first time at the National Computer Conference in June of that year.
First released for the Apple 2, VisiCalc made a business machine of the personal computer. VisiCalc was a huge success. Selling more than 100,000 copies in the first year. VisiCalc also spurred the sales of the Apple 2 as people would buy the Apple 2 just to run VisiCalc.
Overall, the spreadsheet validated the usefulness of the home computer and was likely a major factor for IBM accelerating their entry into the PC market.
May 11th, 1997. The IBM computer and artificial intelligence, Deep Blue, defeats reigning chess champion, and one of the greatest chess players of all time, Gary Kasparov in the sixth and deciding game of a tournament match. Thus becoming the first time a computer defeated a chess champion in match play.
A year earlier, Deep Blue had bested Kasparov in two individual games, but Kasparov eventually won the match four to two this time. After being reprogrammed and upgraded the 1997 Deep Blue, capable of calculating 200 million moves per second, won two matches out of six versus Kasparov’s, one victory and three draws. After the defeat. Kasparov asked for a rematch, but IBM declined and retired Deep Blue.
The defeat of a reigning chess champion at the hands of artificial intelligence made headlines around the world and marked a milestone in the development of AI and machine learning. From this early landmark moment, the advancement of computing power and machine learning has created even more powerful artificial intelligence. Kasparov in 2016 stated that today you can buy a chess engine for your laptop that will defeat Deep Blue quite easily.
Honestly, I don’t see what the big deal is. Chess computers had been wiping the floor with me since I was a kid in the eighties.
That’s your tech history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.
That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.
5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.
Thank you to Edwin Kwan, Chris Hughes, Katy Craig, and Marcel brown for today’s contributions.
The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.