FOXTROT/ALFA: Tens of Thousands of Students Made to Queue to Reset Passwords, Huge Smart Home News, Gamer Socks

Hello and welcome to FOXTROT/ALFA, issue 51. It is Thursday, 19 December 2019 and here are your tech news for the day:

Emergency Patch for SharePoint Server

Microsoft has published an out-of-band update for an information disclosure vulnerability (CVE-2019-1491) in SharePoint Server. Microsoft says:

To exploit the vulnerability, an attacker would need to send a specially crafted request to a susceptible SharePoint Server instance. The update addresses the vulnerability by changing how affected APIs process requests.

German Uni Makes 38,000 Students Queue Up for Password Resets

After the Justus Liebig Universität in Gießen (that’s in Germany, as you can probably tell from the “ß”) got attacked and shut down by the ransomware Emotet, it had to reset passwords for 38,000 students. And those students had to appear in person – with identification. You can probably imagine the chaos.

The malware outbreak, which is said to have kicked off around December 8, spread through the university’s internal network, including to PCs used by university professors. Because of this, the school says that in addition to resetting all passwords, it will have to scan and clean faculty machines.

To that end, the school is distributing USB sticks to staffers and asking that they use those drives to scan and clean their machines. Once that scan is done, the school says its IT staff will issue a second scan with an additional tool purpose built to detect the specific malware that hit the school. Once cleared, the PCs will be adorned with a green sticker signifying they are ready for use again.

Very German, that procedure. I believe that purpose-built tool is Heise’s Desinfec’t . I used to share an office with the guys who run that project.

One Smart Home to Rule Them all

This is big. Amazon, Google, Apple, Ikea, Samsung, Schneider Electric, Legrand, NXP Semiconductors and pretty much every other player in the smart home / IoT market have joined together in a new working group called “Connected Home over IP”. Apple has already published an open source version of HomeKit because if this. The Register reports on the details of the new standard:

The new approach will be developed through a new working group within smart home veteran organization the Zigbee Alliance, and the broad brush blueprint of the new standard is stark in its obviousness. It will be an IP-based protocol so it can connect directly to the internet rather than require a hub; it will be open-source and royalty-free and allow for end-to-end secure communication; and it will work with core standards like Bluetooth and Wi-Fi. The new standard should emerge in draft form in late 2020, meaning that 2021 will be the start of a new era in smart home tech, where Alexa talks to Nest and you can have a single app on your phone to talk to everything else. The initial push appears to be to work with digital voice assistants.

It means you can buy an Amazon Alexa and a Google Nest thermostat and have them work seamlessly together, rather than the current sorry state of affairs where you’re never quite sure what will happen. Beyond that headline though, it’s hard to know what will happen: Google has said it will throw in its Thread and Weave protocols (Thread will likely emerge intact; Weave, not so much); Amazon will put in its Alexa system; Apple its HomeKit approach (which has been a mess tbh); Zigbee will put in its Dotdot approach. And somehow out of all of this, a new wonderful single standard will emerge. The biggest losers from this announcement though is Intel and The Open Connectivity Foundation’s Iotivity standard, as well as Zigbee rival Z-Wave.

The good news is that all those involved have promised that their current kit will continue to work, so no more bricking of very expensive electronics. The even better news is that there is a real opportunity here to massively raise the baseline of security in smart home devices. The bad news is that while existing products will still work, you will need to buy all new kit if you want to benefit from full interoperability. So if you have decided to take the plunge and equip your whole house with smart home tech, you would be well advised to wait a year.

I for one don’t believe in The Register’s optimistic assertion that “there is a real opportunity here to massively raise the baseline of security in smart home devices.” Security will still be down to individual vendors. Yes, the protocols by which these devices talk to each other will probably be more secure, but that is only a very small part of the problem. I doubt this standard will change badly written firmware, slow or non-existent security updates, backdoors, forgotten development code, hardcoded passwords or any of the other bad practices IoT manufacturers have gotten into.

In my almost thirty years of working with information technology, I have yet to see an industry standard fix things like this across a whole ecosystem. More of the Internet of Shit will now more easily talk to each other and some of it will be a bit more secure, but it’ll still be the Internet of Shit.

The Ninety Euro Gamer Socks

What do gamers really need when they’re trying to be competitive at esports for hours on end in front of their computer or console? Exactly! Socks. They need gaming socks. Luckily, Puma has got us covered:

Created with console gamers in mind, the gaming sock is the first edition Active Gaming Footwear. Designed for indoor and in-arena use, it delivers seamless comfort, support and grip so gamers can adapt to different active gaming modes and game their best.

Features & Benefits: Medial wrap-up grip in SEEK mode. Lateral wrap-up support in ATTACK mode. Heel wrap-up stability in CRUISE and DEFENSE mode.

Ninety euros. For a pair of socks.

Intel Closing Factories in Nuremberg and Duisburg

Intel is closing a factory in my birthplace of Duisburg with 200 jobs being cut. In Nuremberg, 250 jobs will be slashed. The plant in Duisburg was started by Siemens, which later became Infineon and then got sold to Intel. Intel was developing modem chips and the corresponding firmware in Nuremberg and Duisburg, but had announced to leave that market in April. Intel then proceeded to sell this part of its business to Apple. Because Apple did only want to keep a connected Intel location in Munich, but not the ones in Nuremberg and Duisburg, these plants are now being shut down.

For Duisburg, this is, once again, a big blow. The city in Germany’s industrial heartland has continously struggled to re-invent itself in the wake of the decline of coal mining and steel manufacturing in the late ’80s and early ’90s.

Also Noteworthy

Some other news items I came across today:

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.