The podcast discusses the issues with unmaintained open source projects, a significant protocol vulnerability, data breaches affecting companies, the city of Oakland's plans to purchase more automated license plate readers, recent open source news like the Delete Act and Ubuntu 23.10 release, and the prevalence of backdoor firmware in Android devices.
Only around 11% of open source projects are actively maintained, challenging the assumption that open source software is inherently secure.
Multiple data breaches, including those of Flagstar Bank and Air Europe, highlight the ongoing cybersecurity threats faced by individuals and companies.
Google's announcement of seven years of security updates for Pixel devices emphasizes the importance of ongoing security measures.
The discovery of the HTTP/2 Rapid Reset vulnerability underscores the need for community efforts and precautions to protect web servers.
Deep dives
Open Source Projects Lack Active Maintenance
A recent report reveals that only around 11% of open source projects are actively maintained, leaving nearly 90% without any maintenance. This challenges the common assumption that open source software is inherently more secure. It emphasizes the importance of checking for recent updates and activity before downloading and using open source software to ensure ongoing security and bug fixes.
Data Breaches: Flagstar Bank, Air Europe, Shadow PC, and Indian State Government
Flagstar Bank experienced its third data breach since 2021, impacting 800,000 customers. Air Europe, a Spanish airline, suffered a breach exposing credit card information of its customers. Shadow PC, a cloud gaming service, also fell victim to a data breach where personal information of over 500,000 users was compromised. An Indian state government website bug exposed Aadhaar numbers and fingerprints. While the bug has been fixed, it is unclear if it was exploited.
Google and Brave Update, Mastodon User Increase, and Ubuntu 23.10 Release
Google announced that their Pixel devices will receive seven years of security updates. They also made passwordless sign-in using physical keys the default for personal accounts. Brave, the browser company, laid off 9% of its workforce, citing economic challenges. Mastodon reported an increase in monthly active users, totaling over 1.8 million. Ubuntu 23.10 was released, offering a smaller installation option and support for ZFS as the primary file system. Finally, Crunchyroll faces a $16 million settlement for allegedly violating viewers' privacy by sharing personal viewing information without consent.
Backdoor Firmware Found in US School Devices and California Privacy News
Human Security identified a cyber criminal operation called Badbox, which injected a backdoor into the firmware of 70,000 Android devices, including smartphones and tablets. These infected devices were found on public school networks in the US. Additionally, privacy concerns arise as Oakland considers installing 300 automated license plate readers, and Governor Newsom signs a bill making it easier for Californians to request the deletion of their online personal data.
Protocol Vulnerability Threatens Web Security
A new protocol vulnerability called HTTP/2 Rapid Reset has been discovered, impacting major web players like Google, Microsoft, and Cloudflare. The vulnerability allows for record-setting DDoS attacks and requires global patching efforts to mitigate. This highlights the importance of community efforts in securing the web and the need for web server operators to take necessary precautions to protect their systems.
Political Stories: Oakland's License Plate Readers and California's Personal Data Deletion Act
Oakland is considering installing 300 automated license plate readers, raising privacy concerns. The Privacy Advisory Commission has recommended a new policy allowing the installation of these cameras. Governor Newsom signed the Delete Act, which enables Californians to request the removal of their data from all data brokers in the state.
Shorter Segment: Crunchyroll Privacy Settlement and Mulvad Browser Updates
Crunchyroll faces a $16 million settlement for violating viewers' privacy by sharing their personal viewing information without consent. Mulvad Browser releases version 13.0 with multilingual support, marking its first major update since the initial release. Mastodon reports an increase in monthly active users, reaching a total of 1.8 million.
