Debugged Weekly: Apr 10th-14th
By: Eric Hahn
After a short recess, Debugged is back with Internet Privacy, Encryption Controversies, and Vulnerability Patchwork all on the docket!
Congress Passes Controversial Privacy Bill:
Summary: After being introduced in the Senate, a controversial bill addressing privacy has passed in both Houses. The bill rolls back Obama-era regulations that prevent internet service providers (ISPs) from selling users’ internet browsing information to marketers. Previously, laws required ISPs to offer users the opportunity to opt out of these marketing sales, but this bill allows the companies sell the information. FCC Chairman Ajit Pai asserted earlier this month that he planned to suspend the rules, regardless of whether or not the bill passed.
Why this Matters: This bill is an outrage to privacy activists who believe that a person’s internet history should remain private, but for many it will mean little change in their day-to-day behavior. Many in the business of privacy suggest that a Virtual Private Network or VPN is the most successful way to work around companies collecting internet usage data and selling it to marketers, however, these tools also have their limitations. Many companies such as Netflix do their best to block all VPN usage, for the purpose of keeping users from accessing content not licensed in their region. This is indicative that other companies and websites could soon only allow you to access their websites if you grant them the ability to sell your information to companies looking to exploit it to sell further products to you.
Patch Tuesday Returns after Strange Deferral:
Summary: After a four-week hiatus from its Patch Tuesday program, Microsoft is once again releasing security updates for its products on the second Tuesday of each month. Patch Tuesday is a program that Microsoft has had in place since it was formalized in 2003, and it has become an industry standard for patch distribution timelines. The tech giant did not comment on the reason for taking a break in their most well-known program for disseminating vulnerability patches for their programs.
Why this Matters: While this may not be the splashiest headline in the news, this provides interesting insight into the vulnerability detection and mitigation work that Microsoft is doing. To withhold Patch Tuesday, it is reasonable to assume that the Microsoft team found a significant vulnerability and dedicated their time to fixing it rather than updating software over smaller vulnerabilities.
Encryption Fight across the Pond:
Summary: The British government is asking tech company WhatsApp to decrypt messages sent by the perpetrator of the Westminster attack, Khalid Masood, in an effort to gain insight on his motives. While investigating the Westminster attack, the deadliest terror attack on UK soil since the underground bombings in July 2005, it became clear that Masood used the encrypted messaging app shortly before committing the attack. WhatsApp is refusing to let the government have access to the encrypted data and the controversy continues to broil. The story of a tech company at odds with a government over encrypted data is all too familiar on this side of the pond after the showdown between the FBI and Apple over access to encrypted data on the iPhones belonging to the perpetrators of the San Bernardino shooting.
Why this Matters: This newest round of controversy over encryption and tech companies is revitalizing a long held debate over to what extent tech companies are required to assist law enforcement with their investigations. A request for an “encryption back door” or a “universal key” is concerning for multiple reasons, first and foremost being that it leaves the door open for the government to over step its bounds with respect to privacy. This becomes even more complicated when tech companies like Apple and WhatsApp operate around the world- the U.S. government operating an encryption back door is a very different story to other countries with less respect for privacy regulations and constitutional restrictions.
Apple Closes Vulnerabilities Announced by Wikileaks:
Summary: Since the controversial announcement from WikiLeaks regarding vulnerabilities in Apple products discovered by the CIA, Apple has made a statement claiming that the company believes that it has resolved all of the vulnerabilities disclosed. They also asserted that the majority of vulnerabilities reported only affected the iPhone 3G, and many of them had already been fixed in 2009. This comes as part of WikiLeaks’ “Vault 7” release on CIA hacking capabilities on a wide array of common place internet connected devices. The Anti-Privacy Coalition offered to aid tech companies in patching the vulnerabilities by giving them information before they leaked it to the public. Apple said on record that it did not accept any assistance from WikiLeaks in patching the vulnerabilities, following the trend of many other vendors who turned down the offer “because of concerns about receiving classified information and risking government contracts.”
Why this Matters: The CIA along with other intelligence community officials did not confirm whether or not the documents actually came from the CIA or if they were fabricated; regardless, it is generally held that if the documents were real, the leak would pose a significant threat to the CIA’s ability to operate clandestine cyber operations and surveillance.
Amazon Buys the Largest Online Retailer in the Middle East:
Summary: Amazon is jumping into a rather untouched market with the purchase of Souq, the largest online shopping market in the Middle East. Based in Dubai, Souq is valued at around $700 million, making it one of the larger acquisitions made by the company in the past few years. A subsidiary of the company already has offices in Dubai and Bahrain, but this move takes the online market giant to another level of involvement in the region. Amazon is understandably trying to take advantage of the growing online shopping market in the Gulf, which is estimated to reach $20 billion by 2020.
Why this Matters: While the globalization of American tech companies always provides interesting insights into the general trends of the tech sector, this acquisition bucks the general trend of Middle Eastern tech startups struggling to find a successful exit strategy through acquisition by large western firms. Yahoo and German tech company Rocket Internet are two of the only large western tech firms to dip into the market in the past few years. Amazon stock has grown over 6% since the acquisition was announced on March 28th, but only time will tell if Amazon can successfully enter the Gulf markets.
That’s all for this week! But first, The Best Thing We Saw in Cyber This Week was this all to familiar moment that led this Debugged blogger to download Google Chrome:
