The Truth: Google is Hoarding Health Data, BlueKeep Patching is Lacking, Labour Under “Cyber-Attack”

Tuesday, 12 November 2019

Welcome to Tuesday’s tech news here at The Truth. Things still seem a bit slow, but here are some stories nonetheless.

The “sophisticated and large-scale cyber-attack” that the UK Labour party said took place against its campaign site was probably just a mundane DDoS. Labour says they fixed it, but in reality it was probably just Cloudflare dealing with it.

Still wondering why Google bought Fitbit? Well, wonder no more. They are building an enormous health database. Reporting on a Wall Street Journal report, The Register says: “Following a controversial data-sharing project within the National Health Service (NHS) in the UK, the search engine giant has partnered with the second-largest health system in the United States, St Louis-based Ascension, to collect and analyze the health records of millions of patients. According to a report in the Wall Street Journal, which claims to have seen confidential internal documents confirming the move, Google already has the personal health information of millions of Americans across 21 states in a database. The project is codenamed Project Nightingale and according to the WSJ, over 150 Google employees have access to the records of tens of millions of patients. Neither patients nor doctors have been told about the project and have not given their consent to Google being given access to their health data. But Google is relying on a legal justification that says hospitals (under the Health Insurance Portability and Accountability Act of 1996) are allowed to share data without telling patients if that data is used to ‘only to help the covered entity carry out its health care functions.'” Project Nightingale? More like Project Nightmare!

Even though many security experts, all kinds of publications – and also this humble newsletter – have been warning Windows admins to get their systems patched so as to not fall prey of the BlueKeep RDP vulnerability (CVE-2019-0708) that’s now being exploited in the wild, people have not been doing that, it seems. The SANS Institute is saying that a survey they ran of publicly accessible systems shows that the rate at which admins are patching this vulnerability hasn’t increased lately: “The percentage of vulnerable systems seems to be falling more or less steadily for the last couple of months and it appears that media coverage of the recent campaign didn’t do much to help it. And since there still appear to be hundreds of thousands of vulnerable systems out there, we have to hope that the worm everyone expects doesn’t arrive any time soon.”

That parachute on Boeing’s CST-100 Starliner that failed during a recent test had “a lack of a secure connection between pilot and main parachute on the third parachute”, says Boeing. That’s a bit like saying that MCAS can lead to a lack of a secure landing on the 737 MAX.

The Register has some interesting tales from the Chrome Dev Summit. Apparently Google tried very hard to suggest Chrome is just one of many, many equal players in the browser field. And then promptly pointed attendees to a web app that didn’t work in Firefox or Safari. FACEPALM

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.