The Truth: No Electron in Apple’s App Store, Huawei’s HMS Core, Network Solutions Hacked

Tuesday, 5 November 2019

Hello and welcome to another late night edition of The Truth. Yep, I’ve been on the road again. Still, I did find the time to summarise some tech news for you. Enjoy!

If, as a security measure, you disable macros in Office for Mac, that seems to actually have the reverse effect. Carnegie Mellon’s CERT summarises: “The Microsoft Office for Mac option Disable all macros without notification enables XLM macros without prompting, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.” Hot damn!

It’s being reported that venerable DNS provider and registrar Network Solutions has been hacked and personal data has leaked. “On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed. Web.com said the information exposed includes contact details such as name, address, phone numbers, email address and information about the services that they offer to a given account holder. Both Network Solutions and Register.com are owned by Web.com”, Krebs on Security reports. Apparently passwords were not affected, but the company recommends customers to change passwords for their accounts on the company’s systems. Some customers have reported Network Solutions DNS settings or systems referenced in those DNS settings (that used the same or similar passwords to their Network Solutions account) were broken into to set up servers that sent out email spam.

Microsoft’s SQL Server 2019 has been released. Some highlights, according to Microsoft, are: “SQL Server 2019 (15.x) introduces Big Data Clusters for SQL Server. It also provides additional capability and improvements for the SQL Server database engine, SQL Server Analysis Services, SQL Server Machine Learning Services, SQL Server on Linux, and SQL Server Master Data Services.”

Driven by Trump’s trade policies, Huawei is being serious about ripping Google’s Play Services out of Android. XDA Developers explains some of details, which have just come to light: “While Android can be classified as an open source OS thanks to the existence of AOSP (Android Open Source Project), most users around the world have never really experienced AOSP in its purest sense. Most smartphones sold across the world, except in certain regions like China, come with Google’s Android, which is AOSP plus Google Mobile Services. Google Mobile Services consists of regular user-facing apps such as the Google app, Play Store, Chrome, Maps, YouTube, Gmail, Photos and more; as well as APKs for core background services such as GoogleOneTimeInitializer, SetupWizard, GooglePackageInstaller, and of course, the GMSCore, and more. GMS Core is what we commonly refer to as Google Play Services.” Google Play Services is what the company came up with to solve the issue with many phones never receiving updates in a timely manner. It allows Google to update all core operating system components that don’t directly interface with manufacturer hardware. “Huawei Mobile Services, or HMS, is Huawei’s alternative to GMS, consisting of user-facing apps as well as core background services. The idea behind HMS is the same as that of GMS – to provide an experience that is consistent across devices and independent of the platform update. Much like how GMS is made up of app elements and core elements, the HMS ecosystem comprises of HMS Apps, the HMS Core, and the HMS Capabilities that the Core enables through its available APIs. HMS Ecosystem has seen its monthly average users increase from 420 Million globally in July 2018 to a huge 530 Million by July 2019, while developers registered on this platform grew from 450,000 to 910,000 in the same time period, and HMS Core app integration grew from 20,000 apps to 43,000 apps.”

It seems Apple doesn’t like GitHub’s open source app development framework Electron: “Developers of apps built with the cross-platform Electron framework say that Apple has started rejecting their applications during its Mac App Store review process, and has threatened cancellation of Apple Developer Accounts for repeated rules violations.” This seems to be because Electron bundles Chromium and that talks to Apple’s private APIs, which is verboten.

Boeing’s manned spaceflight capsule, the CTS-100 Starliner, has had some issues during a test of its launch pad abort procedures: “While one of three main parachutes failed to deploy during the capsule’s descent, Boeing officials said the spacecraft was designed to land safely with just two and that the abort system met the requirements for a successful test.” Sounds in line with Boeing’s not exactly spotless track record in civil aviation recently. And they want to start shooting people to the ISS on board this thing soon? Maybe they should make sure all the parachutes work first? Just an idea…

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.