Welcome to the third edition of Tech Talk! This week, we dive into some of the most pressing cybersecurity issues and updates, from Microsoft’s latest tweaks to its Recall feature to a major data breach at The New York Times. Here are the highlights:
Microsoft’s Response to Recall Criticism
Microsoft has made several updates to its Recall feature for Windows 11 24H2 on Copilot+ PC, including making the opt-in process clearer and improving privacy controls. These changes come after significant backlash over privacy issues. The update ensures that Recall is disabled by default and requires Windows Hello sign-up for added security. Just-in-time decryption and additional encryption layers have also been added to protect user data. LINK
New York Times Data Leak
A massive data breach at The New York Times exposed 270 GB of source code, including the website, mobile apps and the Wordle game. The breach was caused by an exposed GitHub access token, underscoring the importance of securing development tools. The leaked data includes nearly 3.6 million files, mostly unencrypted, making it a significant security breach that emphasizes the need for careful access management and code repository security. LINK
Apple Introduces Password Manager
At WWDC 2024, Apple unveiled its new Passwords app, designed to offer a clear interface for managing passwords, Passkeys and OTP authentication across iOS, macOS and visionOS. This new app simplifies password management for Apple users and seamlessly integrates with the Apple ecosystem to improve security and user experience. LINK
SlashData Developer Survey Insights
A SlashData survey of over 10,000 developers found that 59% use AI tools in their workflows. The survey also found that JavaScript is the most popular programming language, with 25.2 million developers. This trend underscores the growing importance of AI in development and the continued dominance of JavaScript in the programming community. LINK
Linux Kernel Project’s CVE Surge
The Linux Kernel Project has issued a significant number of CVEs, causing concern in the infosec community. The project’s policy of assigning CVEs to almost every bug fix has led to confusion and calls for a more thoughtful approach. Critics argue that this practice can dilute the effectiveness of CVE tracking and overwhelm users with non-critical updates. LINK