TWINN #116 Technology Debt
Technology debt is incurred at a frightening pace everywhere. It happens so quickly and a lot of the time without notice. There’s a reason for this though, and that’s because the application of technology requires us to adapt to its consequences. I posit that there are three stages to consider here.
Stage 1 was marked by the attitude of *make it work*. I mean the simple idea of sending data packets across wires that are re-assembled at the other end was a marvel in engineering and huge celebrations came about! Even in teh 90’s when it was about getting online, the focus was just getting there. Just *make it work*.
Stage 2 was marked with the necessity to *optimize*. We added memory, power, bandwidth, massively optimized how the internet peered in high density areas so it would be responsive and a good experience to the optimized extent possible.
At Stage 3 we finally paid attention to security, but it was most definitely an afterthought. All modern-day internet security carries DNA of it being bolted on, at a later stage, and now we are perpetually dealing with the fact that it must be done consciously.
Table of Contents
The 5 Top Cyber Security Stories Of The Week – March 20, 2023
I would argue that we’re at the third of three stages of maturation, but those that are stuck in stage one or two, are vulnerable. The line is a little fuzzy, but this is why we get news like this:
1. Many Android devices found to be baseband-vulnerable.
If you’re on Android, time to check on your vulnerability status again.
2. Microsoft fixes Outlook zero-day used by Russian hackers since April 2022.
Attachment handling has been a continuous weak area for Microsoft products, and office’s continuous reliance on email attachments ensures attacker attention.
3. LockBit 3.0 Ransomware: Inside the Cyberthreat That’s Costing Millions.
“LockBit 3.0 accepts additional arguments for specific operations in lateral movement and rebooting into Safe Mode”. I don’t recall this ever having been a malware feature before. Wow.
4. Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack.
Seems we rarely see a week without a Fortinet security advisory.
5. Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years.
This is a very popular control library used on Microsoft web servers and what makes this one more scary is that many organizations’ current systems administrator may not even know they are running it or have any security exposure.
Did you know?
It seems these godlike AIs are already frighteningly cheap and easy to replicate. Stanford’s Alpaca AI performs similarly to the astonishing ChatGPT on many tasks – but it’s built on an open-source language model and cost less than US$600 to train up.