News Bites for the Week Ending October 19, 2018

Austria Issues First GDPR Fine; Has 115 Fine Proceeding In Q

Austria has issued its first GDPR fine.  4,800 Euros for having a security camera that covers the sidewalk (a no-no) without warning people that they are under surveillance.  Welcome to GDPR.  In the first 100 days of GDPR,  they have 115 fine proceedings in the works.  They also have 58 investigations in process.  Austria’s data protection authority has been notified of 252 breaches and have 721 complaints from data subjects.  Consider also that Austria is a small country.  This is all likely to ramp up over time.  Source: Lexology

Voter Records for 19 States Sold On Hacker Forum

It is a good thing that the Russians and Chinese and everyone else are not interfering with our elections.  It is probably, then, just a vanilla crook who is selling this voter data.  The data, including name, address, phone number, voting history and other information is public in some states and sold by the states themselves in some others. Other states do not release this data.

Being an entrepreneur, the hacker is selling the data for different states for different prices.  Georgia, for example, is $250 while New Mexico is $4,000.  Why?  I have no clue.

The estimate is that the aggregate data is around 35 million records. Source” ZDNet.

Google: Don’t Get Mad, Get Even

Google got hit with a $5 billion fine for forcing EU phone makers to bundle Google apps with Android phones they sell.  Google said that this was an exchange for giving away Android for free.

Since they can no longer do that, they are now going to CHARGE only EU phone makers if they choose to bundle Google apps like the Play Store and Chrome.  Phone makers will have to pay another fee if they want to include apps like Google Maps and Youtube.

This fee is independent of where the phone is made; rather it is tied to where the phone is sold.  It is unclear if users can download those apps themselves if their phone maker chooses not to include those apps.  Of course, if the phone maker does not include the Google Play Store app, it is not clear, exactly, how a user would download those other apps.   Source: Bleeping Computer.

Is Open Source Software More Secure  ?

One of the ongoing conversations in IT circles is the question about whether open source software is more secure than commercial software.

The theory that it is more secure is based on the fact that anyone can look at the software.  It doesn’t mean that anyone has looked or if they have looked that they have found bugs or security holes, but it is technically possible to look.

This week we had 3 separate announcements of very popular open source software with security holes.  While it is a good thing that patches were developed, it means that you as a user are responsible for watching to see if any software that you are using has a patch and deploying it.

In addition, you are also responsible for, somehow, figuring out if any software that you use incorporates that buggy software under the cover.  If that other software is also open source, you are on the hook for that too.  Whether or not anyone has recompiled that software with the new patched version of the underlying software that was released.

The three buggy products are:

  • A four year old bug in libSSH, a library that provides a supposedly secure way to log in to servers and that was classified as SEVERE was patched.  See details here.
  • A critical flaw was patched in the library used by the open source video player VLC (the library is called Live555) and other open source software to stream audio and video.  The bug allows an attacker to execute arbitrary code on your computer.
  • Lastly, a flaw was patched in Amazon’s free IoT operating system called FreeRTOS.  13 bugs were patched that allowed both arbitrary code execution and denial of service attacks. See details here.

So, based on that, my opinion is that open source software is no more secure than commercial software, but the onus is on you to watch out for patches and hope that developers that used that buggy software under the covers patched their software too.

Leave a Reply

Your email address will not be published.