Mar 27 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that values (online) privacy more than Meghan and Harry. #WorldwidePrivacyTour
Today’s hottest cyber security stories:
TikTok CEO Shou Zi Chew was given plenty to chew on whilst being roasted by both sides of the political aisle last week at a committee intended to examine the ByteDance-owned company’ risks to American national security. Spoiler alert: there’s a lot of risks posed!
Is the clock ticking for TikTok?
During the gruelling five hour indictment of the video-sharing app and its perceived shortcomings when it comes to privacy and policing of harmful content, Chew was picked apart (chewed up and spat out. Okay enough’s enough!) by Republicans and Democrats alike.
“Welcome to the most bipartisan committee in Congress,” goaded Rep. Buddy Carter, R-Ga., while addressing Chew, a couple of hours into the marathon hearing.
As is often the case with these Congress committees, wherein a well-known, often much derided CEO (think Zuckerberg or Dorsey) gets hauled in front of a series of blowhards to get blasted, it is debatable how effective they really are in bringing about change.
Get off your soapbox!
Often they feel like a chance for politicians to put on a show for the public and look like they’re ‘speaking truth to power’ when in reality it’s just lip service and the tech giants know this.
So they (the CEOs) sit there, take the abuse for a few hours, before getting back to business as usual. Gosh, when did we become so cynical, eh?
This was certainly TikTok’s official take on what took place at the hearing. They called it a wasted opportunity, during which the participants indulged in ‘political grandstanding’, rather than trying to come up with genuine solutions.
TikTok spokesperson Brooke Oberwetter said. “Also not mentioned today by members of the Committee: the livelihoods of the 5 million businesses on TikTok or the First Amendment implications of banning a platform loved by 150 million Americans.
Hard to argue with her on that point. However, when it comes to matters of national security (China obviously poses a threat to US security!) and protecting America’s youth from sexual depravity, perhaps free speech has its limits. How Soviet of us!
Indeed, it’s important to remember that, in China, content is heavily policed and only wholesome videos promoting positive, productive values are permitted on the platform. This is most certainly not the case in America, the UK and other western countries.
Plenty of food for thought!
Did we say hundreds of thousands? Sorry, we meant tens of millions… Well, nearly.
The latest number is 7.9 million. Yes folks, that’s 7.9 million Autralians and New Zealanders who’ve had their driver’s licence numbers stolen.
Additionally, a further 6.1 million customer records including some but not all of the customer’s names, addresses, phone numbers and dates of birth were stolen in the attack.
So how did this happen? Well, Australia has faced an onslaught of hacks in the last couple of years with Optus and Medibank both being targeted in massive attacks that affected millions.
It’s become apparent that the Latitude breach is in the same ballpark and the company is finally having to acknowledge that.
Latitude said they are writing to all customers, past, present and applicants whose details were stolen to outline just what was taken and their plans for remediation.
Our guess is that some of the affected parties might have more choice words to say back than simply ‘no worries, mate’. FFS Latitude.
Well, well, well, looks like OpenAI had a little bug problem! Apparently, some users were able to get a sneak peek into other people’s chats on ChatGPT thanks to a bug in the Redis library. Oopsie daisy!
This glitch was no joke. It gave users a glimpse into personal conversations and chat titles that weren’t meant for their eyes. Yikes! So OpenAI had to hit the pause button and temporarily shut down the chatbot until they could sort out the mess.
Turns out, the naughty bugger was hiding in the redis-py library, causing all sorts of mischief. It was like a bad game of telephone – cancelled requests caused corrupted connections, which led to unexpected data from the database cache, and voila – someone else’s personal info and chat history was suddenly up for grabs.
Let’s hope OpenAI gets their act together and keeps their bugs under control, or else who knows what kind of chaos we’ll see next.
Stay safe, true believers!
So long and thanks for reading all the phish!