The Truth: Apple Paying for Teacher Trips, Ring Doorbell Insecurity, OpenSUSE Sticks with Its Name

Monday, 11 November 2019

New week, more truth from your’s truly. The weekend was relatively quiet, but we had some stuff happening today. Here’s a roundup of the news since Friday.

As if Amazon’s Ring doorbell wasn’t already creepy enough, AV vendor Bitdefender has now disclosed a security vulnerability in the company’s Video Doorbell Pro that allowed attackers to gain access to the WiFi network the doorbell is using. This was possible during the initial configuration of the device. The attacker could also force the doorbell to reconfigure itself and exploit that as soon as the user re-entered the WiFi credentials. Amazon has fixed the vulnerability with an OTA software update.

The first exploits for the Windows remote desktop vulnerability BlueKeep (CVE-2019-0708) are starting to appear. Patch your Windows systems! Side note: I wasn’t aware that Marcus Hutchins, famous for halting the WannaCry attack and later getting arrested in Vegas, was involved in finding BlueKeep – neat!

If someone is telling you they can decrypt your backupless data that has been made unaccessible by the Dharma ransomware, they probably can’t. Looks like they’re just paying the malware author for you and are taking a cut of the money for the trouble. Backups, people! Backups!

The OpenSUSE project has voted on a name change. It wasn’t at all clear what the new name would have been, but that’s off the table now anyway as 225 project members voted against the proposal, with only 42 voting for it.

SpaceX has cluttered our orbit with 60 more Starlink satellites, meant to provide internet access across the globe. The Register was on the scene: “Since the launch of the first batch of the broadband birds, back in May, SpaceX engineers have upgraded things to maximise the use of both the Ka and Ku bands. The enhancements have meant that the satellites have bloated out a little, and SpaceX declared that the payload of 60 was the heaviest to date.” As seems to have become the norm for SpaceX, not everything went according to plan, however: “Worryingly, those upgrades do not seem to have done much for their reliability as SpaceX also admitted that one of the Starlink satellites on the launch was looking a little iffy before the rocket had even left the pad. That will worry scientists wringing hands about the impact constellations like those planned by SpaceX will have on the sky and neighbouring spacecraft. ESA has already had to dodge one Starlink satellite after Musk’s rocketeers failed to pick up the phone. If only they had some sort of communications network.”

Remember when Blizzard shut down community servers offering a vanilla World of Warcraft experience? Heavy criticism eventually forced them to promise to provide their own vanilla version of WoW. I bet they are glad they did that right now. Because according to their most recent earnings report World of Warcraft Classic brought WoW the biggest increase in subscribers in a quarter ever. This gave their finanicals a big push; revenue is up to $1.28 billion.

The kids aren’t just striking on Fridays now. Apparently, they’re also DDoS-ing their schools. And World of Warcraft Classic.

Speaking of schools… Ever wondered why all these schools are buying expensive iPads with tax dollars or are forcing parents to shell out for them? Apple is sending teachers on expensive trips and is paying for expenses. Who needs conspiracy theories when shit like this is actually happening?

The Register has a fun prehistoric computing story from the ’70s when a single misplaced hyphen could cause a lot of trouble.

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.