The Truth: The Vatican is Under Attack (in Minecraft), US Trade War with France Heats Up, The FBI Discovers FaceApp

Tuesday, 3 December 2019

Yeah, I know. I’m a bit late today with this. Again. Spent most of the day launching a new podcast. Anyway, tech news …that’s what you’re here for! Let’s go!

It’s Patch Day for Android. Get your security fixes for December now!

Don’t expect this to make your Android device secure, though, as ZDnet is reporting on an as yet unfixed critical Android vulnerability its discoverers have named “StrandHogg” (it doesn’t have a CVE number right now). “The research team said the vulnerability can be used to trick users into granting intrusive permissions to malicious apps when they tap and interact with legitimate ones.” The vulnerability is being actively exploited in the wild. The researchers found 36 different apps in the Play Store doing so. “These were installed on users' devices as second-stage payloads. Users initially installed other malicious apps from the Play Store, which then downloaded the StrandHogg-infected apps for more intrusive attacks. StrandHogg is a bug in the OS component that handles multitasking – the mechanism that allows the Android operating system to run multiple processes at once and switch between them once an app goes in or out of the users' view. A malicious app installed on an Android smartphone can exploit the StrandHogg bug to trigger malicious code when the user starts another app – via a feature called task reparenting. Basically, a user taps on a legitimate app, but executes code from a malicious one.”

That sale of the .org registry by the nonprofit Internet Society to a private equity firm? It netted the ISOC $1.14 billion. Bloody hell. I own a few .org’s …I should ask for a cut!

There’s the China vs. US trade war and then there’s the US vs. France one. Because France is imposing a 3% tax on all digital sales and advertising revenue, the US is striking back now and imposing tariffs on goods imported to the USA from La France. The US Trade Representative (USTR) feels the US is unfairly targeted by these online revenue taxes which are being discussed, and implemented, all over Europe.

British startup Den Automation (sounds more Durch, but what the hell) wanted to reinvent the light switch. Now they’ve gone bankrupt. It turns out, it seems, the light switch is quite OK as it is. “Den Automation was founded in 2014 by Yasser Khattak, a 17-year-old wunderkind from Maidstone, Kent, who came up with the idea for the business while studying for his A Levels. Khattak subsequently dropped out to focus on the business full time. The concept behind Den Automation was simple. It built smart light switches and wall sockets that were visually indistinguishable from their dumb equivalents and could be installed by a layman, rather than a trained electrician. The concept took flight, attracting investors across seven equity crowdfunding rounds, the most recent of which concluded on 15 February 2019. It also steadily accrued media interest, culminating in an appearance on Channel 5’s cult Gadget Show programme. Unfortunately, Den Automation struggled to convert that enthusiasm into a sustainable, cashflow-positive business.” No shit. It’s hard to imagine how one could actually improve the light switch, if you think about is. Especially since “smart” mostly means “insecure spyware” these days.

Lot’s of companies have all kinds of sensible shit in unprotected AWS buckets. If you administer AWS buckets, you might want to check them with Amazon’s new Access Analyzer for S3. Says The Register: “Customers can enable Access Analyzer via a new option in the console for IAM (Identity and Access Management). The tool will then alert you when a bucket (an area of storage in S3) is configured to allow public access or access to other AWS accounts. The implication of the tool, of course, is that this is sometimes done accidentally via misconfigured policies or access control lists (ACLs). A new single-click option will block public access – hopefully letting you avoid unauthorised use of the data before it is too late. The tool will also let you see which policy or ACL allows the access so that you know what to fix.”

Months after everyone on Twitter was issuing worried hot takes about Russian selfie software FaceApp, the Feds finally have also cottoned on to this idea. Apparently “the FBI considers any mobile application or similar product developed in Russia, such as FaceApp, to be a potential counterintelligence threat”. Well, thanks for sharing your opinon, comrade.

God help us! The Vatican’s Minecraft sever is under DDoS attack! No, I’m not making this up. Luckily, Padre Robert Ballecer, the self-proclaimed “digital Jesuit” is on the case. “There’s currently no time frame for getting everything straightened out but they’re working on it, and Ballecer said the test server will become the whitelist server once everything is switched over.” Yes, that guy really has set up a Minecraft server for the Pontifex. “In September Father Robert Ballecer, a former tech blogger and host of This Week in Tech as well as a Catholic priest, asked his 23,000 Twitter followers which game he should spin up a few servers for in the Vatican. Given the options of Minecraft, Rust, Ark, and Team Fortress 2, 64% of them voted for the classic crafting game. And that’s why the Vatican now has its own Minecraft server.” Man, I would’ve loved to see a Rust server. Preferabily a legacy version where everyone starts naked. But joking aside, do we think it’s a good idea these Vatican assholes are luring in a bunch of kids with a Minecraft server? Isn’t that cyber-gooming?

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.