Oddbean new post about | logout

Notes by afb33820 | export

 There are 220bn lines of COBOL code in use today (1.5bn new lines/year). COBOL is the foundation of 43% of all banking systems. Such systems handle $3 trillion of daily commerce. COBOL handles 95% of all ATM card-swipes, 80% of all in-person credit card transactions.

https://files.mastodon.social/media_attachments/files/111/517/987/231/521/706/original/ab59ae646d32820e.png 
 Are your systems safe from cat cyberattacks? "four-hour system interruption in September ... while a technician was reviewing the configuration of a server cluster, their cat jumped on the keyboard and deleted it" https://www.theregister.com/2023/10/05/hospital_cat_incident/

https://files.mastodon.social/media_attachments/files/111/186/839/178/403/946/original/7b8d49d190d35a4c.png

https://files.mastodon.social/media_attachments/files/111/186/841/862/299/517/original/5431a5edeaf681c0.png 
 United Nations Secretary General and International Committee of the Red Cross chief call on States to create binding treaty/rules regulating the uses of autonomous weapons systems ("AI", but actually beyond that). "have the potential to significantly change the way wars are fought and contribute to global instability and heightened international tensions" https://www.un.org/sg/en/content/sg/note-correspondents/2023-10-05/note-correspondents-joint-call-the-united-nations-secretary-general-and-the-president-of-the-international-committee-of-the-red-cross-for-states-establish-new 
 ~EVERY Linux distribution has a major local root privilege escalation vulnerability. Exploitable. How fun. "exploitation works against almost all of the SUID-root programs that are installed by default" https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

https://files.mastodon.social/media_attachments/files/111/177/233/364/508/045/original/7828d5d8cc6498d5.png 
 The meta will give users in the EU a choice - display ads or pay a $14 monthly fee for Instagram. $17 for Facebook and Instagram. TikTok is testing a similar system. Will you pay? #GDPR #DigitalServicesAct #DigitalMarketsAct #ePrivacy  https://www.wsj.com/tech/meta-floats-charging-14-a-month-for-ad-free-instagram-or-facebook-5dbaf4d5 
 My newsletter #TechLetters is out after a break. Europe wants to save the world from AI Extinction? US voluntary AI security commitments. Effects of cyber operations are nuanced. WebP bugs. Antimateria falling down isn't surprising - its mass is positive. https://techletters.substack.com/p/techletters-144-europe-to-save-the

https://files.mastodon.social/media_attachments/files/111/163/953/225/616/811/original/575183a29e049178.png 
 WebP bugs affected multiple software like web browsers - the issue is in graphics library. The vulnerability has been exploited in wild, and the bug itself is quite complex and tricky to identify. Fascinating story. https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/ https://blog.isosceles.com/the-webp-0day/

https://files.mastodon.social/media_attachments/files/111/137/115/434/972/448/original/4f7fb9ea5715e152.png 
 nostr:npub1ja9xuu0z8lll7rqzh88fm0zj3936d8nkyajt2n5ggx7j4nt3eadqc5egyf I hate it.... of all the so... 
 @14abadff indeed. But it’s flashy, even if it’s impact — measured with actual risks due to uses, might be, well, limited. The bug itself is critical but I agree that its potency of use has been probably a bit overstretched. Unless of course its exploitation is simple, or a frequent issue — not sure of that. 
 Software patch on the front page of the Financial Times Companies and Markets section. The IT/software industry has come a long way.

https://files.mastodon.social/media_attachments/files/111/033/653/375/665/858/original/43c7d2bffff02042.png 
 Microsoft reveals details of signficant account compromise operation (Chinese actor). Unclear how MS's infrastructure has been breached. So, how did this happen? The system crash and threat actor activity was a coincidence? https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

https://files.mastodon.social/media_attachments/files/111/022/570/955/985/967/original/47de6c7cb5fc496f.png