Researchers at SpyCloud find new vulnerabilities that can get past even multi-factor authentication, a major publishing company announces that it is suing an AI company for copyright violation, and just because – who doesn’t need constant chaos, Twitter announces a “use it or lose it policy.”
These top tech news stories and more for Wednesday, May 10th, 2023, I’m your host Jim Love, CIO of IT World Canada, and Tech News Day in the US.
Researchers at the threat intelligence firm SpyCloud have found 6.34 million sets of credentials — including corporate email addresses and passwords — that came from only of nine large telecommunications companies. Those nine companies generated almost as many compromised credentials in total as 167 other companies in their report.
The same report goes through many of the things we already know – too many companies have poor passwords hygiene. Over 60 per cent people reuse passwords which makes them highly vulnerable.
But the surprise in the report was a growing exploitation of what are called cookies. For those who don’t know, cookies are essentially strings of text that are exchanged with site that you visit. They are stored in your browser. They establish your identity – they are the reason that websites know how to keep track of you and know who you are so they can guide you through a site.
And that’s useful.
If you come back to the site and it remembers you? That’s because the site read the cookies in your browser. And if you go to a similar site and they try to sell you something – let’s say you look at cars on one site and then you go to another site, totally unrelated and you see an ad for the car you were just looking at? That’s a cookie.
That’s either useful or mildly annoying, depending on your point of view.
But there’s another aspect of session cookies. Once you log in to a site, they tell the site not only who you are, but that you are logged into a session – you can be trusted.
So, if someone could steal those cookies, they could gain access pretending to be you. And they identify you past the login, so when used to gain access through what is called “session high-jacking” they even get past multi-factor authentication.
In fact the report says that “As criminal tactics evolve, bad actors are finding that the level of effort to hijack a session with malware-stolen cookies is significantly less than social engineering methods like phishing that require an action from the victim.”
The report estimates that there are over 2 billion (that’s billion with a B) stolen session cookie records tied to employees and consumers of Fortune 1000 companies out on the dark web.
“Preventing session hijacking is not impossible,” according to the report, but “It requires rapid identification of stolen cookies and invalidation of active sessions that could put a business at risk.”
Sources include: Axios and Spy Cloud (registration required)
Last month, Intel reported the largest quarterly loss in the company’s history. The first quarter net loss was 2.8 billion dollars and revenue was down 36 per cent.
On Monday, it served notice that it plans to cut its workforce to reduce costs.
Intel won’t say how many workers will be affected, but according to a report in USA Today, the cuts will occur all across the organization.
In an emailed statement, the company said that they are “working to accelerate its strategy while navigating a challenging macro-economic environment.”
Sources include: USA Today
Facebook parent Meta is threatening to block online news from Facebook and Instagram in response to the Canadian government’s Bill C-18 which would force tech giants to pay Canadian media companies for linking to or reusing their content.
Meta claims that less than three per cent of what people see on Facebook is linked to news articles. They also claim that many of their users believe there is “already too much news.”
The government shows no sign of backing down on this legislation, however.
In 2021, facing a similar dispute with the Australian government, Facebook blocked Australians from sharing news stories, but accidentally also blocked some government communications, including some messages about emergency services.
Rachel Curran, the head of public policy for Meta Canada, said the company was putting together a team to ensure that they don’t make the same mistakes the company made when it blocked services in Australia.
But getting into a conflict with a government, at a time when big tech is already being heavily scrutinized around the world, even if it is a smaller country like Canada, might mean that Meta has already made a mistake.
Sources include: ITWorldCanada.com (and a second story on Meta)
Sam Altman announced yesterday that he was looking to find a way to deal with copyrighted information in ChatGPT. Did he know something we didn’t?
Today textbook giant Pearson announced that it has sent “cease and desist” letters and laid out plans and that it is taking legal action over the use of its intellectual property to train AI models.
This announcement follows last weeks 15 per cent drop in share prices when it’s key publishing rival Chegg said publicly that its business had been hurt by the rise of ChatGPT.
Pearson announced that it would develop its own AI model which could claim greater accuracy if it was trained on Pearson’s data. But that advantage is lost if other AI models have trained on Pearson’s data.
Pearson said that they were in litigation with a company but would not provide any additional information.
Sources include: Evening Standard UK
Use it or lose it – that’s the message from Elon Musk. According to a tweet send Monday, Musk has warned that all inactive Twitter accounts would soon be deleted.
Musk also warned that this could cause follower counts to drop.
Twitter’s official policy considers a user inactive if they haven’t logged in for 30 days but it’s unlikely that Musk really meant that that was the point at which accounts would be deleted. His tweet refers to “no activity for several years.”
He did manage to threaten his favourite whipping boy, NPR, saying that Twitter might reassign its account. In turn NPR reporter Bobby Allyn pointed out that that would be a violation of Twitter’s inactive account policy and proposed that NPR could just login but not tweet and prevent deletion or reassignment.
But in classic fashion, Musk hasn’t announced what would happen to accounts of famous and now deceased individuals whose accounts remain on Twitter or what would happen other inactive usernames other than NPR.
As the report in Ars Technica says, “It’s still unclear to many Twitter users what the most recent change to the inactive policy means.”
You do have to admire one thing about Musk – he is consistent, at least in his ability to create chaos. And that’s just the thing that you go to a social media site to find.
Sources include: Ars Technica
That’s the top tech news for today. We go to air with a daily newscast five days a week, as well as a special weekend interview with an expert on topics relevant to today’s tech news.
Follow Hashtag Trending on Google, Apple, Spotify or wherever you get your podcasts. And you can even get us on your Alexa or Google smart speaker. You can even find us on YouTube as TechNewsDay.
We love your comments. You can find me on LinkedIn, Twitter, or on Mastodon as @therealjimlove on our Mastodon site technews.social. Or if that’s too much, just leave a comment under the text version at itworldcanada.com/podcasts
I’m your host, Jim Love. Have a Wonderful Wednesday!