FOXTROT/ALFA: Fix for Citrix Vulnerability Arrives, Google Changes its Search Display, Another Boeing 737 MAX Software Issue

Hello and welcome to issue 66 of FOXTROT/ALFA and a fresh week of tech news. Today is Monday, 20 January 2020 and there’s certainly a lot to talk about, ranging from Google messing with its search display to more trouble for Boeing’s 737 MAX.

Shitrix Alert: Patch Your Citrix Systems ASAP

There are now patches available for that devastating Citrix vulnerability CVE-2019-19781. The Register has the details:

Citrix has rushed out official fixes for the well-publicised vuln in some of its server products after miscreants were seen deploying their own custom patches that left a backdoor open for later exploitation. As previously reported, vulnerabilities in Citrix Application Delivery Encoder and Citrix Gateway could allow remote attackers to carry out unauthenticated code execution. In other words, baddies not on your network could get into it and start running all kinds of malicious software.

Now patches are available for some of the affected products – and sysadmins ought to be installing them pronto.

Some versions of Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, and “certain deployments of two older versions of our Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3” are affected by the vulns, according to Citrix. The patches are said to be good for virtual instances of Citrix Gateway 11.1 and 12 as well as Citrix ADC 11.1 and 12.0.

Problems at LastPass

Popular password manager LastPass has been experiencing significant service disruptions.

Password manager LastPass appears to have had a big night out on Friday, to the point where the service needed a lengthy lie down over the weekend. In fact, for some users it is still horizontal. Social media is awash with customers unable to connect to the service either via the company’s website or through its various apps. For some, the problem has been going on for days.

LastPass has made contact to say: “After a thorough investigation, we have determined it was the result of a bug in a recent release and was limited to a very small set of users (a fraction of a percent of our user base). This has been resolved and all services are now functional. There is no user action needed.”

It’s Not You: Google Messed with its Search Display

Google has implemented a change in how it displays search results on the desktop that it already introduced for smartphones last year.

Google added tiny favicon icons to its search results this week for some reason, creating more clutter in what used to be a clean interface, and seemingly without actually improving the results or the user experience.

What seems a minimal change on a phone display is a lot more jarring when using a desktop browser. All the additional spacing makes it look like there’s actually less preview text for the page, which definitely irked me all day today. That will probably go away when I get used to the new look, but I’m kinda with The Verge here: Why?

The company says it’s part of a plan to make clearer where information is coming from, but how?

In my Chrome desktop browser, it feels like an aggravating, unnecessary change that doesn’t actually help the user determine how good, bad, or reputable an actual search result might be. Yes, ads are still clearly marked with the word “ad,” which is a good thing. But do I need to see Best Buy’s logo or AT&T’s blue circle when I search for “Samsung Fold” to know they’re trying to sell me something?

Disney Removes All Mention of “Fox” from Its Brands

Yeah, you read that right. 20th Century Fox will henceforth be called 20th Century Studios, Fox Searchlight Pictures will be renamed to Searchlight Pictures. The BBC opines:

Disney executives have cut the word “Fox” from their 20th Century Fox film studio in an apparent bid to distance it from operations of the previous owner, Rupert Murdoch. US media suggests Disney does not want to be associated with the media mogul’s highly partisan, right-wing Fox News network.

However, Disney has not clarified its reasons. It bought the studio, with other media operations, in a $71bn deal last March.

Variety magazine, which broke the news about the name change, said it had spoken to an unnamed Disney source, who said: “I think the Fox name means Murdoch, and that is toxic.” Hollywood is known for being liberal, unlike the Australian tycoon.

Which is hilarious, as Walt Disney was famously a racist, misogynist asshole. Of course, the company has worked for decades and decades to erase these facts about their founder with relentless propaganda and it’s worked as far as the general public is concerned. This move seems to be more of the same.

Buzz Turns 90 Today

Happy birthday, Buzz Aldrin! What a hero. My favourite anecdote about Buzz is when he punched a guy who doubted he’d ever been on the moon. He was 72 at the time.

The GDPR Nets EU Regulators €114 Million

The EU privacy legislation GDPR seems to be good business for regulators.

EU regulators have slapped businesses with an estimated €114m (£97.29m) in fines for data leakage or crappy practices since GDPR was introduced in May 2018, although bigger numbers are expected in future penalties.

Regulators in France, Germany, and Austria reported the biggest fines so far, according to a report by law firm DLA Piper. More than 160,000 breaches have been reported across EU member states plus Norway, Iceland and Liechtenstein. The latter three are all members of the European Economic Area but not full EU members.

France was responsible for the heftiest financial penalty, hitting Google with a €50m bill for infringement of the transparency principle and lack of valid consent. The Netherlands reported the largest number of offenders, with 40,647 breaches notified to regulators. Germany came in second with 37,636 notifications, and Britain came in third with 22,181.

Apple CEO: The GDPR is “Extremely Good”

Speaking of the GDPR, Apple CEO Tim Cook apparently thinks the law is a terrific idea:

The Apple chief executive also said that more regulation was needed in the area of privacy and must go further than the 2018 European General Data Protection Regulation (GDPR) privacy laws that handed regulators there significantly more powers.

“I think more regulation is needed in this area, it is probably strange for a business person to be talking about regulation but it has become apparent that companies will not self-police in this area,” he said. “We were one of the first to endorse GDPR, we think it is overall extremely good, not only for Europe. We think it’s necessary but not sufficient. You have to go further and that further is required to get privacy back to where it should be.”

Funny, as he’s running a company that’s based in the US which has much less stricter laws in this regard. Sure, they need to comply with the GDPR for their customers from Europe, but shouldn’t he tell his buddy Trump directly that the US needs similar legislation? Let’s see how he likes it if his whole company has comply with these laws for everything they do. Talk is cheap, Tim.

ANOTHER Software Issue on the Boeing 737 MAX???

I’m not making this up, I swear! There’s a further software issue with the Boeing 737 MAX that will probably further delay its return to active flight duty and spells even more trouble for the US airframe maker.

Boeing decided to not just rewrite the software for the MCAS flight control system, which is believed to have contributed to both MAX crashes, but the entire flight computer software.

The new software intends to have the 737 Max’s two separate flight computers communicate with each other for the first time. In the past, one of the 737’s flight computers would operate independently and switch to the other during the next flight. During the audit last weekend, they found that the two flight computers were not talking to each other at start-up.

Boeing didn’t change the whole infrastructure out of the goodness of their heart, by the way. They were pressured into doing this by the FAA because it has long been standard on competing planes from Airbus.

Also Noteworthy

Several other potentially interesting stories I’ve come across:

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.