open source and cybersecurity news

May 17, 2023

Secure WhatsApp Chat, SBOM Bombshell, AI Threat

In this Episode:

Episode Transcription:

Pokie Huang: 

Hey, it’s 5:05 on Wednesday. May 17th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Olimpiu Pop in Transylvania, Romania, Katy Craig in San Diego, California, Marcel Brown in St. Louis, Missouri. 

Let’s get to it. 

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

WhatsApp is rolling out a new privacy feature which allows users to block others from accessing their most personal conversations. The feature is called Chat Lock , and it creates a new folder that can be locked with a password or a biometric method like a fingerprint.

It will also automatically hide details of the Lock Chat in notifications to prevent others from snooping in while using the phone. This is especially useful for those who share their phones from time to time with a family member.

Olimpiu Pop: 

Presidential Executive Order 14028 signed by the First Coder of the US in May, 2021, boils down to understanding the supply chain of software, obtaining an SBOM and using it to analyze known vulnerabilities is crucial in managing risk or, plainly speaking, “Any software to be used by a federal body will require to label its ingredients, a Software Bill of Materials in case of software.” 

The good news is that finally, SBOMs are starting to be part of software offerings, both vendor and open source. The major problem, not all SBOMs are created equal. There is no standard way across platforms. Which means that creating a holistic risk model for managing risk and determining vulnerability impact based on SBOMs is very hard.

According to SBOM bombshell, we need to understand three key points from software bombs. 

1 – Understanding where the software is used. Details on how and where a piece of software is used is becoming more complex when we have multiple products and environments. To make the best decisions, we need more metadata and environment information in addition to SBOMs.

2 – Characterizing the legal risk of your open source libraries. Even though it is often overlooked, using open source license software can have legal implications that would open your code to discovery and legal claims.

3 – Understanding downstream libraries. A spoiled library upstream can literally destroy downstream users. It is important to recursively search downstream libraries that might be affected. 

Even though we are moving in the right direction, the evolution to a working standard approach will require time .Up to that point it is important to understand the ever-growing attack surface of continuously more and more complex systems. contains all the resources and the full episode. 

This was Olimpiu Pop reporting from Transylvania, Romania. 

Katy Craig: 

Last week, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency, issued a sobering warning about AI. She described it as possibly the most powerful capability of our time and the most powerful weapon of our time. 

This is Katy Craig in San Diego, California. 

Imagine a world she said, where how-to guides, AI generated images and auto-generated shopping lists are available to terrorists and criminals. We’re not just talking about cyber weapons here, but chemical and biological weapons too. And according to Easterly, that’s not even the worst case scenario. 

Easterly’s warning echoes her earlier comments in a Carnegie Mellon speech where she urged software vendors to prioritize safety over profit and to stop building products that are insecure by design. In her view, we’ve already paid a steep cost for favoring speed over security. But AI she warns is a different beast all together. 

It’s a chilling vision, isn’t it? A stark reminder that every coin has two sides, and the shiny, promising coin of AI is no exception. Sure, AI can help us predict weather patterns, diagnose diseases, and even streamline our online shopping. But it can also be exploited, weaponized, and used to cause untold harm.

This is Katy Craig. Stay safe out there.

Marcel Brown: 

This is Marcel Brown, the most trusted name in technology, bringing you some technology history for May 17th. 

May 17th, 1939. NBC carries the first broadcast televised sporting event in history, the second game of a double-header baseball game between Columbia and Princeton. Only about 400 TV sets were capable of receiving the transmission. But it was an important first step in the history of televised sports. 

NBC would later broadcast a Major League baseball game in August of that year, a college football game in September, closely followed by an NFL game in October. Previously, Germany had televised parts of the 1936 Olympic games, but TV sets were not available for sale in Germany at the time. Therefore, viewing was limited to a number of public viewing rooms in Berlin and Potsdam. 

May 17th, 1943. The US Army and the University of Pennsylvania signed a contract to develop ENIAC, which would become the world’s first fully electronic computer making the use of vacuum tubes rather than electromagnetic switches. The Army wanted to use this computer to calculate ballistic firing tables in World War II. 

However, ENIAC was not completed until after the war was over and went on to solve complex mathematical problems in fields such as atomic energy and rocketry. 

That’s your technology history for today. For more, tune in tomorrow and visit my website

Pokie Huang: 

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Edwin Kwan, Olympio Pop, Katy Craig, and Marcel Brown for today’s contributions.

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by This is Pokie Huang. See you tomorrow… at 5:05.



Leave the first comment