The Truth: Signal and WhatApp Vulnerabilities, Red Dead Redemption 2 Comes to the PC, Iranian Attacks on Office 365

Monday, 7 October 2019

Welcome to another week of tech news – I read it all, so you don’t have to. You only get the stuff that matters right to your inbox. Today, we have some security items, some gaming stuff and Brexit domain news (sort of).

There’s a security vulnerability in Signal for Android that allows attackers to call without you noticing, which means they can spy on you. It’s been patched in version 4.47.7. The iOS version is immune to it because of another bug. It seems, in this case, two wrongs do make a right.

WhatsApp on Android also has a vulnerability that allows local privilege escalation and remote code execution, all by sending the victim a manipulated GIF image. “The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below.” It’s fixed in WhatsApp version 2.19.244.

Iranian attackers have tried to breach more than 241 different Office 365 accounts, according to Microsoft. These accounts “are associated with a US presidential campaign, current and former US government officials, journalists covering global politics and prominent Iranians living outside Iran”, The Register reports. Only four of these accounts were actually broken into. The attackers' MO seems to have been to gather information on their targets, break into other accounts of theirs and then prompt a password reset for the Microsoft account, intercepting the resulting emails using those other accounts. With other words: Standard script kiddie stuff.

To not make spies working for the US government jump through the same hoops, the old “outlaw end-to-end encryption” horn is being tooted again. What the US government calls “lawful access” actually amounts to letting the government see everything you do online. Their argument for this? Child porn, of course. As a US deputy attorney general explains: “Outside the digital world, none of us would accept the proposition that grown-ups should be permitted to mingle in closed rooms with children they don’t know in order to groom them for sexual exploitation.” My response to this: Outside the digital world, none of us would accept the proposition that a US government official follows us around 24/7. Standing in the corner and looking over our shoulder in our bed- and bathrooms, watching everything we do.

Red Dead Redemption 2 is finally coming to the PC. Just about a year after its initial release, so it seems their console exclusivity deals were for a year, then. It’s out on 5 November at the Epic Games Store, Greenman Gaming, the Humble Store, GameStop, and “additional digital retailers”. Steam users will have to wait for December, Rockstar hasn’t said why.

Meanwhile Sony is now allowing all game developers to have PS4, Xbox and PC gamers play together. Why has this not always been a thing? Probably because PC gamers are just inherently better at many games because they possess this great technological marvel called “the mouse”…

If your VMware installation is broken on Windows 10, it’s not you, it’s Windows: “The culprit seems to be KB4517211, which upgrades Windows 10 to build 18362.387. Although not mentioned in the knowledgebase, this update adds entries to the Windows Compatibility database, the result being that attempting to run VMware Workstation 14 or below gives the message ‘VMware Workstation Pro can’t run on Windows’.”

In a study, researcher found that blindly copying and pasting code from Stack Overflow is bad. Well, d’oh! The unanswered question is: Would the code be better if these people, who obviously can’t code without the help, try on their own?

If you’re a UK citizen and you own a .eu domain, you might lose it. Or it may cease to function as of 30 May 2019. Or not. Is Brexit happening? Does anybody know? The BBC seems as confused as anyone (audio). Just get a proper domain, will ya? That’s probably the safest way to go.

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.