Computer and mobile phone users worldwide remain at risk of financial fraud, romance scams, identity theft, and other harms perpetrated by malicious hackers, IT security experts warned earlier this month.
Flaw-riddled software sold by famous vendors exposes customers like you and me to crimes perpetrated by organized gangs who enslave unwitting job-seekers and force them to prey on netizens.
Malicious hackers also work as contractors to military and espionage agencies.
Warfare today uses both kinetic attacks (aka blowing things up) and cyberweapons that turn multi billion-dollar defense systems into exorbitant paperweights.
Even the savviest computer users within corporations, governments or at home can't keep abreast of the latest exploits devised by full-time malware innovators. Customers rely on patches issued by software vendors.
Monthly patch batches on Tuesdays currently are the first line of defense.
The big commercial software vendors have shipped flaw-riddled products for decades, with impunity.
The big software vendors rely on compulsory, incomprehensible, wordy licensing agreements that shift responsibility for their mistakes to users.
Far from mending their errant ways and selling safe products, commercial software vendors rely on on the bizarre practice of convincing end-users to fix the bugs lurking in their computers.
That’s like offering free scuba gear to shipwrecked sailors so they can dive down and patch the holes in their sunken vessels.
April's Patch Tuesday featured a dizzying 147 fixes from a single vendor.
Longtime software security analyst Brian Krebs cited Dustin Childs, from Trend Micro’s Zero Day Initiative (ZDI): “This is the largest release from Microsoft this year and the largest since at least 2017.”
“As far as I can tell, it’s the largest Patch Tuesday release from Microsoft of all time,” Childs told Krebs.
The KrebsonSecurity online report has tracked the constantly-changing cyberspace world for decades.
Krebs combines analysis from topflight software engineers with his own reporting.
His April 9th article about Patch Tuesday also quotes Ben McCarthy, lead cyber security engineer at Immersive Labs: “McCarthy called attention to CVE-2024-20670, an Outlook for Windows spoofing vulnerability described as being easy to exploit. It involves convincing a user to click on a malicious link in an email, which can then steal the user’s password hash and authenticate as the user in another Microsoft service.”
Krebs reported that cyber security engineers recently have pointed out the emerging risks of AI-generated malware.
To be fair, software engineering is a difficult job with unknown risks, like nuclear reactor design. Repeat that sentence in Russian, with a Ukrainian accent, to understand the Chernobyl-like scale of the problem.
But the buck stops somewhere. Right now, it stops with you and me.
Calamities like the Corvair and Pinto defects triggered lawsuits that put the fear of God into Detroit’s carmakers. This month’s Tesla cybertruck recall forced Elon Musk to confront the same grim reality.
Before humanity enjoys the benefits of trustworthy software, however, it will have to invent consistently ethical corporate attorneys. As Donald Trump’s ongoing criminal trial shows, that hasn’t happened yet.