The Truth: UK Banks Have a Black Friday, New EU Anti-Trust Probe Headed for Google, Russian Hackers (Again)

Monday, 2 December 2019

Good evening! Look at that, I’m back! After an extended week of holidays and some last minute NaNoWriMo shenanigans, I’m ready to serve again. So here we go, a fresh edition of The Truth, featuring the most important and most interesting tech news of the last few days.

A number of network security products from Fortinet have hardcoded crypto keys and use laughably weak encryption – if you can even call an XOR operation that. The vulnerabilities were discovered by German security firm SEC Consult. If you use the AntiSpam, AntiVirus or Web Filter features of FortiGate or Forticlient, you should upgrade these systems to their latest software version immediately.

That checkm8 jailbreak for iOS devices? Still works in iOS 13.2.3 it seems.

According to The Register Google has warned 12,000 users of GMail, YouTube and Google Drive between July and September “that they were being targeted by government-backed attackers”. These users were in 149 different countries – so pretty much everywhere around the world. If you’re now thinking that, clearly, the cyber wars are heating up, you’d be mistaken. At least according to Google because “this was consistent with the same number of warnings sent during the same periods of 2017 and 2018.” Almost all of this was credential phishing via email. Google did mention a state-sponsored group they named Sandworm though, “which in 2017 started deploying Android-based malware to the Google Play store and evolved over time to simply phishing and compromising legit devs before deploying malicious updates to previously trusted apps.” Apparently they are from Russia. It’s always the Russians.

The websites of the UK banks NatWest, its subsidiaries Royal Bank of Scotland and Ulster Bank as well as the website of the HSBC subsidiary FirstDirect all went down on Friday. On a payday. Amidst the second biggest shopping holiday of the year, right after Christmas. Kinda looks like they couldn’t handle everyone withdrawing all that money.

The EU is investigating Google for anti-trust violations again. Reuters reports: “The Commission has sent out questionnaires as part of a preliminary investigation into Google’s practices relating to Google’s collection and use of data. The preliminary investigation is ongoing. A document seen by Reuters shows the EU’s focus is on data related to local search services, online advertising, online ad targeting services, login services, web browsers and others.” Sounds like they going after them under the GDPR now.

The Spanish security company UC Global, which provided security at the Ecuadorian embassy in London between 2012 and 2018 is accused of having spied on Julian Assange. Assange is set to be interviewed via video link by a Spanish judge about this on 20 December at Westminster Magistrates' Court, The Register reports.

A court in the UK has decided that Cambridge-based video game developer Jagex (mostly known for the MMORPG RuneScape) was not allowed to fire its lead concept artist after the man “found a document on an office printer that stated a senior veep’s salary and mentioned it to colleagues”. In fact, the judge even pointed out that the vice president “could have been argued to have committed a technical breach of his own contract of employment by failing to mark the document in accordance with the Jagex information security system”. He he. Makes me smile.

When asked about his organisation’s sale of the .org registry to a private equity firm, the CEO and president of the nonprofit Internet Society (ISOC) says he didn’t see a need to consult the public beforehand. And who cares anyway? “If you look there is a relatively small number of people complaining. We may be overstating the feeling; most people haven’t noticed. Most people don’t care one way or another”, he said when asked by The Register about the deal. It sure looks like this deal isn’t going to be stopped. Least of all by a petition.

A company is shooting artificial meteors into space aboard a commercial rocket to create shooting stars during the opening ceremony for the 2020 Olympic Games in Tokyo. As if there wasn’t enough crap in orbit already. Christ…

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.