FOXTROT/ALFA: Hacked Penis Cage, McAfee Indicted, Firefox Loses Second Place in Browser Wars

Welcome to issue 146 of FOXTROT/ALFA for Tuesday, 6 October 2020! Here’s your tech news overview for the day.

Firefox No Longer Second in Browser Race

Firefox is rapidly losing ground in the browser battle. Long after being overtaken by Chrome, Edge has now also passed it by, according to Netmarketshare’s desktop numbers for September. Chrome now dominates the market at about 70%, Edge holds 8.84% and Firefox comes in third at just 7.19%.

DDR5 is Here!

DDR5 is now officially a thing!

South Korean memory giant SK Hynix has released the world’s first commercially available DDR5 DRAM sticks, pipping rivals Samsung and Micron.

First developed in 2018 before shipping off to partners for compatibility and functionality tests, these 16GB sticks promise faster transfer rates as well as lower power consumption. The operating voltage is 1.1V, down from DDR4’s 1.2V.

While memory isn’t the most energy-hungry component in a server or personal computer (compared to a CPU, GPU, or mechanical hard drive), RAM is often deployed at scale. Put simply: You’ll notice lower power consumption if you’re running a data centre with thousands, if not tens of thousands, of DIMMs.

Throughput also sees a bump compared to DDR4. SK Hynix claims its DIMMs support between 4,800 and 5,600 megatransfers per second (MT/s). That’s almost double what you’d expect from a current-generation DDR4 stick – although there are niche (and expensive) DDR4 products that come close, such as Crucial’s Ballistix Max 5100, which can hit 5,100 MT/s.

McAfee Indicted

The bastards arrested John McAfee!

Noted cybersecurity eccentric John McAfee is under arrest in Spain awaiting extradition to the United States after being indicted on federal tax evasion charges. The Department of Justice unsealed the indictment yesterday following McAfee’s arrest by Spanish authorities at Barcelona’s airport over the weekend. The filing alleges that McAfee deliberately not only avoided paying federal taxes from tax years 2014 through 2018 but also tried to hide considerable assets from the IRS. He allegedly hid those assets – including a yacht, a vehicle, real estate, bank accounts, and cryptocurrency – by purchasing and titling them under “the name of a nominee.”

McAffee in the past has effectively dared the IRS to come get him. In 2019, he went on a Twitter screed calling taxes “illegal” and claiming he had not filed a federal tax return in eight years. “I am a prime target for the IRS,” he concluded. “Here I am.” Neither the DOJ’s press release nor the indictment specify how much McAfee made or owed, saying only he “earned millions” from “promoting cryptocurrencies, consulting work, speaking engagements, and selling the rights to his life story for a documentary.” Another regulator, however, alleges that at least $23 million of that income came from committing fraud.

The US Securities and Exchange Commission filed a lawsuit against McAfee on Monday, alleging that he fraudulently promoted multiple initial coin offerings. According to the SEC, McAfee and his bodyguard, Jimmy Watson Jr., promoted ICOs on Twitter “pretending to be impartial and independent even though he was paid more than $23 million in digital assets” to make those promotions. The complaint claims that Watson helped McAfee negotiate the payments, inflate the value of the ICOs, and cash out the payments so that McAfee profited while “investors were left holding digital assets that are now essentially worthless.” The SEC also alleges that when investors asked outright if McAfee was paid to promote those ICOs that he lied and said no, as well as making other false and misleading statements about his promotions.

If he is found guilty of the tax charges, McAfee could face up to five years in prison and a fine of $250,000 on each of the five counts of tax evasion and up to one year in prison and a fine of up to $100,000 on each of the five counts of willful failure to file a tax return, the DOJ said. The SEC suit seeks injunctive relief – i.e., a ruling banning McAfee from participating in cryptocurrency – as well as the “return of allegedly ill-gotten gains” and payment of fines.

Apple Sues Recycling Company Because They Didn’t Destroy Working Devices

This story is great. How dare they not actually throw things away, that people can still use!

Apple in January sued the Canadian arm of Global Electric Electronic Processing (GEEP) for allegedly reselling roughly 100,000 iPhones, iPads, and Apple Watches that were supposed to be broken up and recycled.

The lawsuit, first reported last week by The Logic, a paywalled Canadian tech publication, reportedly prompted a countersuit from GEEP Canada in July in which the recycler claimed the gadgets were resold by three rogue employees and that their little side hustle was not official policy.

According to The Logic, Apple claimed the iPhone maker sent GEEP more than half a million devices to be recycled between January 2015 and December 2017. When Apple audited the facility, it supposedly found lapses in on-site security, and then reviewed the serial numbers of the devices it had shipped.

Apple is said to have discovered that almost 20 per cent, or about 100,000, of the devices associated with those serial numbers were still active on mobile carrier networks. As a result, the iGiant is seeking $31m CAD ($23m) in damages plus any profit GEEP made on the resale.

Apple. So amazingly green. Saving the planet. Every single day.

Only a Quarter of Companies Fully Complies with the Payment Card Industry Data Security Standard

As The Register rightly says: “Gives you confidence in an era where nobody accepts cash any more…”

A little more than a quarter of companies worldwide are fully compliant with the exacting PCI DSS online payment security standard, according to US telco Verizon. The company’s 2020 Payment Security Report found that only 27 per cent of organisations worldwide were in line with the full ambit of the PCI DSS (Payment Card Industry Data Security Standard) for handling payment card data in online purchases.

“Unfortunately we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. This is unacceptable,” said Sampath Sowmyanarayan, president, Global Enterprise, Verizon Business. “Payment security has to be seen as an ongoing business priority by all companies that handle any payment data, they have a fundamental responsibility to their customers, suppliers and consumers.”

Compounding that, Verizon also said that PCI DSS compliance has fallen by 27 percentage points since 2016, with 2017’s report seeing 55 per cent of orgs passing the “interim assessment” stage.

UK Fucks Up COVID Case Reporting Due to Excel Shambles

In a few years, this will be an IT joke classic: Why did the UK underreport its COVID cases? Because the Excel import failed.

Public Health England admitted on Sunday that the agency has under-reported COVID-19 infections by 15,841 cases in recent days due to a “technical issue.” The missing positive tests were conducted between September 25 and October 2 and have since been added to national statistics, the agency said.

In this case, The Guardian understands, one lab had sent its daily test report to PHE in the form of a CSV file – the simplest possible database format, just a list of values separated by commas. That report was then loaded into Microsoft Excel, and the new tests at the bottom were added to the main database.

But while CSV files can be any size, Microsoft Excel files can only be 1,048,576 rows long. When a CSV file longer than that is opened, the bottom rows get cut off and are no longer displayed. That means that, once the lab had performed more than a million tests, it was only a matter of time before its reports failed to be read by PHE.

FACEPALM.

Penis Cage Sex Toy Can Be Locked by Anyone

Story of the day. Probably story of the week. Maybe the month…

A security flaw in an internet-enabled male chastity device allows hackers to remotely control the gadget and permanently lock in wearers, researchers disclosed today. The Cellmate Chastity Cage, built by Chinese firm Qiui, lets users hand over access to their genitals to a partner who can lock and unlock the cage remotely using an app. But multiple flaws in the app’s design mean “anyone could remotely lock all devices and prevent users from releasing themselves,” according to UK security firm Pen Test Partners.

Even worse, as the chastity cage does not come with a manual override or physical key, locked-in users have few options to break out. One is to cut through the cage’s hardened steel shackle, an operation that would require bolt cutters or an angle grinder, and that is made trickier by the fact that the shackle in question is fastened tightly around the wearer’s testicles. The other, discovered by Pen Test Partners, is to overload the circuit board that controls the lock’s motor with three volts of electricity (around two AA batteries’ worth).

In the case of the Cellmate Chastity Cage, the device’s manufacturers seem to have been unusually uncommunicative in responding to the flaw. Researchers at Pen Test Partners say they first disclosed the issue to Qiui in April and received a quick response, but the company didn’t fully solve the vulnerability and has since stopped responding to emails.

The flaws stem from an API used to communicate between the chastity cage and its mobile app. This not only allowed hackers to remotely control the device but also gain access to information, including location data and passwords. Qiui updated the chastity cage’s app in June to fix the flaw, but users who have not updated their app are still vulnerable. As Lomas explains to The Verge, Qiui is in a bit of a bind. If it disables the old API completely, it will fix the security flaw but risk locking in users who haven’t updated the app. But by leaving the original API functional, older versions of the app will continue to work with the security flaw intact. Pen Test Partners says after talking with Qiui for months, it, and other independent researchers who discovered the same issues, has decided to go public to encourage a more complete fix. The company says its write-up of the flaw also obscures its exact nature to discourage hackers looking to take advantage of the problem.

As noted by TechCrunch, though, it seems this particular flaw is the least of the Cellmate’s problems. Reviews of the device’s mobile apps on Apple’s App Store and Google’s Play Store include many complaints from disappointed customers who say the app often stops working at random. “The app stopped working completely after three days and I am stuck!” writes one user. “This is DANGEROUS software, do not lock yourself in!” Another one-star review reads: “App stopped opening after an update. This is terrifying given the amount of trust placed in it, and there’s no explanation on the website.” And a third complains: “My partner is locked up! This is ridiculous as still no idea if being fixed as no new replies from emailing. So dangerous! And scary! Given what the app controls it needs to be reliable.”

Don’t stick your penis in untrustworthy things, people. And, whatever you do, don’t stick it into a smart device! Especially if it’s build by a Chinese company! For fuck’s sake.

Superhabitable Planets

Apparently, there are a lot of “superhabitable” planets out there.

Astrobiologists have found 24 exoplanets that, compared to Earth, may have environments better suited to complex life like that found on our world.

A team led by Dirk Schulze-Makuch, a professor at the planetary habitability and astrobiology at the Technical University Berlin, devised a checklist of requirements that an alien world must meet in order to be classed as a “superhabitable” planet, capable of supporting complex, oxygen-based lifeforms as seen here on Earth. After going through the records on 4,000 exoplanets, the team identified 24 candidates that tick the boxes, though bear in mind all of them are at least 100 light years away.

“It’s sometimes difficult to convey this principle of superhabitable planets because we think we have the best planet. We have a great number of complex and diverse lifeforms, and many that can survive in extreme environments. It is good to have adaptable life, but that doesn’t mean that we have the best of everything.”

“With the next space telescopes coming up, we will get more information, so it is important to select some targets,” said Schulze-Makuch in a statement. “We have to focus on certain planets that have the most promising conditions for complex life. However, we have to be careful to not get stuck looking for a second Earth because there could be planets that might be more suitable for life than ours.”

You know what I think “superhabitable” looks like? Have you played The Outer Worlds? It’s not the best choice, it’s Spacer’s Choice!

Also Noteworthy

Other stories I’ve been reading today:

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.