FOXTROT/ALFA: IBM Slow to Fix Vulnerabilities, Microsoft Kills its Twitch Competitor, 61 Million Epic Game Store Users

Good evening, everyone! This is issue 126 of FOXTROT/ALFA for Tuesday, 23 June 2020 and here are your tech news of the day.

IBM Criticised for Not Fixing Critical Vulnerabilities

Looks like the Red Hat spirit hasn’t permeated the rest of IBM yet.

IBM is under fire for refusing to patch critical vulnerabilities in its Data Risk Manager product until exploit code was publicly disclosed. In what seems a shortsighted move, when a proactive approach may have been better, Big Blue turned down a privately disclosed report of flaws in its enterprise security software – only to issue fixes after details of the holes emerged online.

Three of the four vulnerabilities – CVE-2020-4427, CVE-2020-4428, and CVE-2020-4429 – can be combined to potentially achieve unauthenticated remote code execution as root on vulnerable installations. This is possible if the user account a3user’s default password of idrm has not been changed, and administrators are not prompted to do so. The fourth vulnerability, CVE-2020-4430, can be abused to download arbitrary files from the system.

Ah, now I get why the product is called Data Risk Manager. After all, there needs to exist some risk if you want to manage it properly…

Mixer is Dead

It usually pays not to immediately jump from a working platform to something else just because a huge company thinks they can do a better job with their thing. Especially if all they do is pay huge sums for stars to switch over instead of actually developing a better service. Case in point: Microsoft has killed Mixer.

Mixer has been consigned to the Microsoft graveyard to rot alongside other abortive stablemates like Windows Phone, Zune and Clippy to name just a few. Microsoft’s me-too attempt at a Twitch-like streaming platform is to be subsumed into Facebook Gaming, which will grant Mixer Partners – people lucky enough to make money by playing video games through ad impressions and fan subscriptions – the same status. As of 22 July, visitors to Mixer will be redirected to the anti-social network’s Twitch clone.

Facebook, while rubbing its hands with glee at the Microsoft partnership, noted that Mixer refugees, freed from their contracts, would now have a choice of where they could stream – and that means they could opt to return to Twitch. Microsoft made headlines in August 2019 when it essentially poached Twitch’s biggest name, tie-dye-haired Fortnite superstar Tyler “Ninja” Blevins, with a multimillion-dollar exclusivity deal. Months later, Michael “Shroud” Grzesiek – another Battle Royale pro who also made a name for himself on Twitch – followed.

Looks like Ninja and Shroud didn’t want to jump in bed with Facebook (who could blame them). Facebook in general isn’t very popular with the live streaming / gaming crowd anyway.

Sources: Facebook offered an insane offer at almost double for the original Mixer contracts of Ninja and Shroud but Loaded/Ninja/Shroud said no and forced Mixer to buy them out. Ninja made ~$30M from Mixer, and Shroud made ~$10M. Ninja and Shroud are now free agents

Holy shit. They made out well. Microsoft is excellent at these moonshot projects that utterly fail because they are killed to quickly and then end up costing them a ton of money, aren’t they?

Twitch, the real OG in the livestreaming space, continues to be as popular as ever, while the johnny-come-latelies erupted in bidding wars over famous gamers only to not even scrape the Amazon-owned powerhouse’s viewer figures. So millions upon millions well spent, then, huh Microsoft? If only you’d prefixed it with “Azure” or pinned a “365” on the end, things might have turned out differently. Or maybe not.

The Epic Games Store Has 61 Million Active Users

Epic is mighty proud of its yet-another-launcher-I-have-to-have-running store.

The Epic Games Store has over 61 million monthly active users on PC, Epic has revealed. The Epic Games Store’s impressive numbers were fuelled by The Vault campaign, which ran from 14th May to 18th June. This promotion featured a free game each week players could download and keep forever, and four of the games included were huge: Grand Theft Auto 5, Ark: Survival Evolved, Civilization 6 and Borderlands: The Handsome Collection.

“Monthly active users” means “signed in at least once a month to download a free game” I guess. I wonder how many people are actually using the thing to play games they have purchased with their own money…

BlueLeaks

Millions of documents from hundreds of police departments in the US have been leaked on the internet.

Millions of law enforcement documents – some showing pictures of suspects, bank account numbers, and other sensitive information – have been published on a website that holds itself out as an alternative to WikiLeaks, according to security news website KrebsOnSecurity.

DDOSecrets, short for Distributed Denial of Secrets, published what it said were millions of documents stolen from more than 200 law enforcement groups around the country. Reporter Brian Krebs, citing the organization National Fusion Center Association (NFCA), confirmed the validity of the leaked data. DDOSecrets said the documents spanned at least a decade, although some of the dates in documents suggested a timespan twice as long. Dates on the most recent documents were from earlier this month, suggesting the hack that first exposed the documents happened in the last three weeks.

Also Noteworthy

Other stories I’ve been reading:

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.