The Truth: Blizzard Shitstorm, Intel NUC Vulnerabilities, Ken Thompson’s Password

Thursday, 10 October 2019

Good afternoon! Today seems to be a somewhat slower news day, but we have several stories that have to do with the protests in Hong Kong and another company is in trouble because the US Immigration and Customs Enforcement is using their technology. In other news, Ken Thompson’s password from the ’70s has been cracked.

Intel has patched two security vulnerabilities in its NUC mini-PC. A third vulnerability will not be patched, Intel asks users to uninstall the affected software (Intel Smart Connect Technology) instead. All three vulnerabilities can be exploited to elevate an attacker’s privileges.

After Chef, Github is now also being criticized for selling their software to the US government agency Immigration and Customs Enforcement (ICE). “On Wednesday, GitHub employees posted an open letter on the Washington Post demanding that the Microsoft-owned company cancel its contract with ICE ‘no matter the cost’, in response to an internal email by GitHub CEO Nat Friedman explaining why GitHub would not cut off ICE from its products.” Friedman has now published a defense: “As a matter of principle, we believe the appropriate way to advocate for our values in a democracy is to use our corporate voice, and not to unplug technology services when government customers use them to do things to which we object.” Sounds reasonable, but in the current climate of people barely even reading news headlines before grabbing their pitchforks, reasonable responses are getting very sparse.

Speaking of pitchforks, Blizzard is having a major shitstorm on their hands after banning a Hearthstone pro for supporting the protesters in Hong Kong. Several employees walked out of work in protest on Tuesday and the company is under sustained attack on social media from critics. Of course, there are also calls of boycotting their games a-plenty.

Meanwhile, Apple has taken the app of the news organisation Quartz off its app store in China. An editor for the publication speculates this is down to their coverage of the protests in Hong Kong. Seems reasonable as Apple has also pulled the crowdsourced mapping app HKmap, which was being used by the protesters and subsequently Apple was criticised by the Chinese government.

An Australian developer has hacked Unix pioneer Ken Thompson’s login password from the ’70s. It took him four days to crack the password hash found in an old BSD source code tree. He used an AMD Radeon Vega 64 graphics card. Thompson’s password turned out to be “p/q2-q4!”, which is a way to express the chess opening move pawn from Queen’s 2 to Queen’s 4.

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.