Security News Bites for the Week Ending July 7, 2023

Twitter Limits Number of Tweets You Can See Per Day

Due to – according to Twitter – an insane amount of data scraping, Twitter is limiting the number of posts an unverified (free) account can see to 1,000 per day; new unverified accounts are limited to 500 a day. Verified (paid) accounts are limited to 10,000 posts viewed per day. As usual, Musk did not explain what was going on, but likely it is related to large language models trying to suck up every Tweet that exists. Musk, pretty reasonably to me, wants to be paid for this since it is, apparently, valuable to the models. For the average user, this will have zero impact. This desire to be paid for valuable data is not limited to Twitter; Reddit is doing something similar. However, I don’t see Twitter paying me for this valuable data. Credit: BBC

Microsoft and OpenAI Being Sued for $3 Billion Over Scraping

This is one of many lawsuits and there will be many more. It will take years if not a decade for the case law on data scraping for AI training to settle down. This suit, filed last week in San Francisco, says that OpenAI secretly scraped 300 billion words from the Internet without registering as a data broker or obtaining consent. This is somewhat novel and we will see what the courts do with it. They are not actually selling your data so they will claim they are not a data broker, nor do they need to get your permission for the same reason. On the other hand, you can ask it what it knows about Mitch Tanenbaum. They likely will say that this is not much different, just friendlier than asking Google the same question. Stay tuned; judges, who, in some cases, cannot open their own emails, are going to decide this. The appeals will ultimately wind up at SCOTUS, who has already said they are not Internet expects. Credit: Vice

MOVEit Victims Now Exceed 16 Million and Counting

With hundreds or more companies and government agencies compromised by the MOVEit vulnerability, the count of known victims now exceeds 16 million and growing. Recently added to the list is UCLA, Siemens Energy and Schneider Electric. Since many companies and agencies are still trying to add up the damage and notify people, this count will only grow. Credit: The Record

GPS Company Hit With Product Liability Lawsuit Over Role in Murder

I think (I hope) that we can all agree that murder is a bad thing. Two people were fatally shot last year when an ex-boyfriend took a tracker that is available on Amazon, hid it under his ex-girlfriend’s car, stalked her to another state, killed her and her current boyfriend and then committed suicide. The lawsuit says that there is no utility to covert tracking by private individuals and, in New York, doing so requires a PI license. The suit was filed in New York, but the couple was murdered in Missouri. The suit focuses on lack of consent for tracking. This case is designed to call attention to the problem; it is probably a long shot, but it will likely get media attention. Credit: Law.com

When Did You Last Patch Your Solar Panels?

The Mirai botnet, which has been wreaking havoc since 2016 to varying degrees is now going after solar panels and, by extension, your home network since your solar panels are likely not on their own network – but should be. This particular attack is going after the remote management interface of the solar panel system made by Contec. Contec has not even made an official announcement about the flaw, which is rated 9.8 out of 10. IoT is the wild west and you need to treat it that way. Assume any IoT device you have is vulnerable and build a moat around it/them. Credit: Tech Times

by