OSIRIS Brief 1.18.0
Alexa endangers a child; Log4J remains a problem; Twitter swings the ban hammer.
Twitter Swings the "Ban Hammer" Like a Bulgarian Olympian
This past week Twitter permanently banned Marjorie Taylor Greene and Robert Malone. Twitter claims both Taylor Greene and Malone were spreading misinformation about the COVID-19 vaccine. Taylor Greene is a congresswoman from South Carolina, while Malone is a physician whose primary work has been around vaccines.
These bans are ill-advised and seem destined to harm discourse.
When Twitter, or its partners, declare something is misinformation, they set themselves as arbiters of what is true. Even academic journals are loath to take upon them such a mantel, and we academics are not known for our modesty. Even if Twitter is right, bans will only further balkanize our information environment as people will seek out other outlets.
Banning users is also a coarse tool that flattens distinctions between different groups. Taylor Greene is part of the new breed of congressperson who works harder to get media appearances than to pass laws. Malone is a physician with enough credentials to earn a right to talk about vaccines knowledgeably, even if he has the same crank strain that many of us nerds develop. Banning both Taylor Greene and Malone tells the public that the woman who claims COVID-19 is only a threat if you are obese or elderly is the same as a doctor who thinks a vaccine he worked on may have been approved too quickly. Snigger all you want about conspiratorial tone, those two claims are not the same, but treating them as equally dangerous or false will equate them in some people’s minds.
Log4J is Still a Huge Problem
The vulnerability in the Log4J library remains the single biggest problem in cybersecurity. Several prominent ransomware gangs are actively exploiting the Log4J vulnerability. CrowdStrike has also observed the Chinese Advanced Persistent Threat (APT), Aquatic Panda exploiting the Log4J vulnerability. Apache is issuing patches, but researchers keep finding new vulnerabilities in the code. With each discovery, a new category of systems need patching. The problem has even spread as far as European electric car charging stations.
I have already explained in depth why Log4J is such a problem. The ubiquity of Log4J makes these vulnerabilities like glitter…we’re going to be picking it out of our hair for some time. The popularity of Apache among hobbyist websites, in other words, websites without a professional maintaining them, implies millions of sites may have the vulnerability and no one is looking for it on those sites. Every unmonitored site running Log4J will remain a vulnerability someone could stumble into until the site gets patched.
Alexa Risks a Child's Life
Alexa, the smart home program operating in Amazon Echo products told a ten-year-old to try to electrocute herself. The girl and her mother were playing with an Alexa “app” that proposed challenges to do, like “stand on one leg for a minute.” Alexa challenged the daughter to pull out a plug part-way and touch a penny to both prongs, which would electrocute anyone who does that in the US at least. The challenge derived from the supposed TikTok “penny challenge”, which may be a complete fabrication.
Despite hyperbolic claims that this is the first strike of the robot apocalypse, or that an Alexa device attempted murder, this is more of an indication of the “garbage-in, garbage-out” problem. The garbage, in this case, was the “whole internet” where the Alexa program found the “challenge.” Though computers are powerful tools we shouldn’t surrender our judgment. Garbage information is not unique to the internet; when I was in middle school, we had a special assembly to tell everyone that a specific random weed would not, in fact, get you high.
Noteworthy
Cybersecurity in Hans Christian Andersen’s fairy tales by Pankov
Global Cyberattacks from Nation-State Actors Posing Greater Threats by Ellis
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
Ask a question! Raise an objection! Leave a comment!