FOXTROT/ALFA: Facebook Email Leak, UKIP Email Blackmail, More Ring Hacks

Happy Friday! This is issue 52 of FOXTROT/ALFA for 20 December 2019. We are now coming up on the time we call Zeit zwischen den Jahren (time between the years) in Germany. The time where everybody is heading home to the family and nobody is working.

I will be working, though. There probably won’t be a newsletter every weekday until the new year, but I’ll give my best to send you an email with some tech news once in a while. Just in case you still want to know what’s going on out there. There probably won’t be that much happening anyway, so skipping a few days should be OK. Anyway, speaking of tech news, here’s what’s going on at the moment.

Self-Signed X.509 Certificates Expiring in Cisco IOS

Self-signed X.509 PKI certificates generated on most installations of Cisco IOS or Cisco IOS XE will expire on 1 January 2020 and the systems can’t generate replacement certs due to a bug. If you are admin for such a system, you should probably read this note from Cisco and act accordingly to avoid disappointment and a rude awakening come New Years.

The solution is to upgrade the Cisco IOS or Cisco IOS XE software to a release that includes the fix: Cisco IOS XE Software Release 16.9.1 and later / Cisco IOS Software Release 15.6(3)M7 and later; 15.7(3)M5 and later; or 15.8(3)M3 and later. After you upgrade the software, you must regenerate the self-signed certificate and export it to any devices that might require the certificate in their trust-store.

Massive Facebook Data Leak

Facebook has apparently lost control of a database of 267 million names and phone numbers.

Reports indicate that this presents a treasure trove of data for telemarketers and spam purveyors because the data looks legitimate and comes from the social network itself, not from an untrusted source. Having this data means scammers can start new phishing scams and correlate the data from the phone records to Facebook user profiles.

The analyst says the data was potentially compromised through an API that gives developers access to back-end data, such as friend lists, groups, and photos.

Great. So Facebook fucked up. Again. Thanks, Facebook!

Ring Under Fire Once More

It doesn’t look like those hacks of Ring cameras are going to slow down any time soon. Now there are lists with thousands of hacked credentials floating around out there.

Amazon’s Ring is having a very bad week. BuzzFeed News first reported today that login credentials for thousands of Ring camera owners have been published online, including 3,672 sets of emails, passwords, time zones, and the names given to specific Ring cameras (“front door” or “kitchen,” for example). Later today, TechCrunch reported on a set of 1,562 credentials, also consisting of unique email addresses, passwords, time zones, and a camera’s named location. It’s unclear if there’s overlap in the two datasets, but TechCrunch said that its data “appears to be a similar-looking data set to that which [BuzzFeed News] obtained.”

Ring sent me some statements to downplay the whole thing. It looks to me they kind of want to brush off responsibility of these attacks on the users. I’m not buying it and did some more reporting on this for Heise .

Boeing Starliner Won’t Reach the ISS

Boeing Interstellar, makers of DropShips and PPC armaments for BattleMechs, has suffered a setback with its Starliner spaceship.

Boeing’s Starliner astronaut taxi suffered an anomaly today during its flight to the International Space Station during the Orbital Flight Test (OFT) mission. About 90 minutes after blastoff, NASA Administrator Jim Bridenstine said on Twitter that the capsule will not be able to reach the space station because it burned too much fuel during the anomaly.

The Atlas V rocket from United Launch Alliance successfully launched from Space Launch Complex 41 here at Cape Canaveral Air Force Station in Florida at 6:36 a.m. EST (1136 GMT) as planned. But, as of about an hour after launch, the mission team had announced an anomaly with the uncrewed capsule’s orbit.

UKIP is Tearing Itself Apart over Email Leak

The UK Independence Party (UKIP) is suing former party leaders over illegally accessing email accounts of party members and then blackmailing them.

UKIP is suing former party leader Richard Braine, former general secretary Tony Sharp and one-time party returning officer Jeff Armstrong, and, in Mr Justice Warby’s words, “a former member who has IT skills” called Mark Dent. Although the lawsuit is ongoing, an interim judgment from the Queen’s Bench Division of the High Court reveals claims of illicit email access and blackmail. It also reveals the chaos tearing apart the party that put Nigel Farage onto the political map.

Amid “internal political strife” in mid-October this year, Armstrong was accused by party comrades of trying to block a group of candidates, the so-called “Batten Brigade”, from standing in internal elections to UKIP’s National Executive Committee. From a website whose address was mentioned in the judgment, it appears one of those candidates was former party leader Gerard Batten himself. He publicly defended Youtube star and party candidate Carl Benjamin, aka Sargon of Akkad, when the latter used Twitter to say he “wouldn’t even rape” a female Labour MP. Batten stood down from the leadership in June.

As senior UKIPpers argued over the NEC elections, party discipline began to break down. The NEC voted to suspend Armstrong. Party leader Braine then suspended the entire NEC – which was subsequently unsuspended by NEC member and chairwoman Kirstan Herriot, who in turn declared that Braine himself was now suspended. Party functionaries argued over who should access what IT systems at party HQ. Various people called the police to claim crimes had been committed. Email accounts were suspended and accessed.

The Register has the whole story, which is quite entertaining. Someone apparently sent a blackmail letter from the email address reply@munge.cockington.com – you can’t make this shit up.

The Inquirer is Closing Down

Tech news outlet The Inquirer has announced that it will be closing its doors, effective immediately. This comes as a surprise to pretty much everyone, including its staff. Good luck to all of them! I know exactly how it feels to be abruptly told that your publication will be shutting down and that you’re out of a job. It’s a very, very bad feeling. Stay strong, guys!

Wolfgang Back Has Died

Wolfgang Back, kind of Germany’s Leo Laporte, was very influential in getting me interested to play around with computers when I was a young kid. He and his colleague Wolfgang Rudolph hosted the TV show Computer Club on public broadcaster WDR for many, many years. Sadly, Wolfgang Back died earlier this month, Heise is reporting . A sad day for all of us growing up in the ’80s in Germany and trying to get these damn computer things to work. The guy probably taught me what an AUTOEXEC.BAT was and how you could use it to get the damn mouse to work. Rest in peace, fellow traveller.

Also Noteworthy

Some other interesting stories from today:

To round out this week on FOXTROT/ALFA, here’s The Boss and the heart-breaking, Earth-shaking, boots-quaking, Viagra-taking, E STREET BAND with some Christmas cheer for you. Have a good one!

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.