FOXTROT/ALFA: 5G Might Screw with GPS, O2 / Virgin Media Merger Official, Zoom Buys Keybase

Today is Friday, 8 May 2020 and this is issue 116 of FOXTROT/ALFA – the final one for this week. As usual, here are the tech news that matter. And only those.

Cisco Security Patches

Cisco has released updates that address 35 security vulnerabilities in its products. 12 of those vulnerabilities are rated at a high risk.

Despite the absence of a critical remote code or command execution bug, the patches include a number of serious programming blunders, particularly in the context of the network security appliances where they were found.

If you run Cisco hardware, check out the details on The Register.

Tails 4.6 Released

The latest version of the Linux live OS Tails, which is designed for anonymised surfing, is out. The developers say it fixes a number of security vulnerabilities and you should update as soon as possible.

The new version, among other things, also includes support for the Universal 2nd Factor (U2F) standard for USB security dongles.

O2 UK and Virgin Media Merge Official

I’ve written about it before, now it’s official: O2’s business in the UK is merging with Virgin Media.

Telcos Telefónica and Liberty Global today confirmed plans to join their O2 UK and Virgin Media subsidiaries into one combined entity in a deal analysts branded a “blockbuster merger”. The combined provider will sell fixed-line, mobile, and paid television services, and would directly challenge the dominance of BT in the UK.

The deal, which is expected to close in mid-2021 subject to regulatory approval, will create a combined entertainment and broadband provider in the UK, with 46 million subscribers and annual revenue of £11bn.

Zoom Buys Keybase

Speaking of mergers and acquisitions: Zoom has announced that it’s bought Keybase.

Zoom just confirmed it would buy identity management firm Keybase in a powerful security move that could significantly boost the fortunes of the video conferencing platform. Zoom CEO Eric Yuan said in a blog that Zoom would use Keybase to help build end-to-end encryption “that can reach current Zoom scalability.” And it seems that this integral security feature could arrive pretty soon. “In the near future,” Zoom says will offer end-to-end encryption to all its paying customers. This will of course include governments who could be having sensitive meetings that need to be protected in this way.

See, I think somebody bought a turkey and I think this Forbes reporter doesn’t know what she’s talking about.

First off, I’ve never understood how Keybase suddenly became a posterchild for E2E encryption. Or messaging, for that part. Keybase is essentially a business that failed several times. And now it looks like they failed upwards, Silicon Valley style.

Keybase originally started as a place where you could manage your public keys and enable other people to find them. That never took off – maybe unsurprisingly. PGP itself never went anywhere, why did they think PGP key verification would be a business? Then, like a good startup, they pivoted. To be an encrypted messenger. Because, after WhatsApp went E2E, there was so much money in that… So that failed. What’s next? Dubious crypto currency stuff? Check.

And that’s the company you’re buying to E2E your video conferencing service? LOL. And Forbes thinks “this could change everything”?

In case you hadn’t noticed, E2E encrypted multi-party video at scale is really hard. Especially if you’ve never done it before. And it isn’t even really the crypto that’s the challenge here. It’s the engineering at scale. Which Keybase isn’t exactly known for. I think Zoom got suckered by someone just saying crypto crypto cyber cyber a lot.

DoD: 5G Networks Might Interfere with GPS

The US military is saying 5G will screw with GPS.

GPS is facing a major interference threat from a 5G network approved by the Federal Communications Commission, US military officials told Congress in a hearing on Wednesday. In testimony to the Senate Committee on Armed Services, Department of Defense Chief Information Officer Dana Deasy disputed the FCC’s claims that conditions imposed on the Ligado network will protect GPS from interference. When the FCC approved Ligado’s plan last month, the agency required a 23MHz guard band to provide a buffer between the Ligado cellular network and GPS. Deasy argued that this guard band won’t prevent interference with GPS signals.

Ligado, formerly known as LighSquared, is a US satellite communications company. According to Wikipedia “Ligado Networks has 40 MHz of spectrum licenses in the nationwide block of 1500 MHz to 1700 MHz spectrum in the L-Band. With it, the company is developing a satellite-terrestrial network to support the emerging 5G market and Internet of Things applications.”

Results from tests by federal agencies show that “conditions in this FCC order will not prevent impacts to millions of GPS receivers across the United States, with massive complaints expected to come,” Deasy said. The FCC unanimously approved Ligado’s application, but the decision is facing congressional scrutiny.

A spokesperson for FCC Chairman Ajit Pai called the military’s concerns “baseless fear-mongering” in a statement quoted by Multichannel News.

Also Noteworthy

Some other stories I’ve been reading:

I’ll be back on Monday. Signing off for the week with one of the best songs ever written from a time when music was still real and raw: The late, great Warren Zevon performing Lawyers, Guns and Money in the ’80s. Send lawyers, guns and money… the shit has hit the fan!

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.