FOXTROT/ALFA: Dell Sells RSA, Unsecure Oil Rigs, Microsoft’s ElectionGuard

Welcome to issue 81 of FOXTROT/ALFA, your daily tech and policy newsletter. Today is Tuesday, 18 February 2020.

Before we get into summarising the tech news, allow me a selfish plug – hey, it’s for free content, OK? I’ve just released episode 3 of my privacy-focused podcast The Private Citizen. It deals with the US government buying aggregated cell phone app location data to track people, in this case illegal immigrants. Have a listen, you might enjoy it.

Anyway, back to the newsletter…

Dell is Selling RSA

Computer maker Dell is selling its infosec arm RSA for $2 billion.

The sale, rubber stamped today, was made to a consortium led by STG Partners, a private equity investor that specialises in tech; Ontario Teachers' Pension Plan Board; and Dutch private equity group, AlpInvest Partners.

RSA helps companies confirm user IDs and manage other digital security risks. It serves 30,000 customers ranging from banks to consumer-goods makers. It also runs security conferences, including one scheduled for this month in San Francisco that IBM dropped out of recently.

The left-of-field move comes at a time when infosec businesses have become increasingly desirable to companies as they to keep pace with the rapidly evolving digital threat sector. And last year, Broadcom bought Symantec’s enterprise business for $10.7bn. Intel-owned McAfee has considered an IPO and a tie-up with NortonLifeLock, Symantec’s consumer business leftover from the Broadcom deal.

Dell is trying to pay down $49bn in long-term debt, mostly amassed from the EMC buy. To this end, the company returned to public markets in 2018, opting for a complex $24bn cash-and-equity deal rather than a traditional IPO.

RSA had its share of controversies over the years, including collusion with the NSA to intentionally weaken crypto implementations.

RSA was reported to have accepted $10 million from the NSA in 2004 in a deal to use the NSA-designed Dual EC DRBG random number generator in their BSAFE library, despite many indications that Dual_EC_DRBG was both of poor quality and possibly backdoored.

Wikipedia has a handy list of RSA’s troubles with the infosec community.

Unsecure Oil Rigs and Ships

Some offshore oil platforms and container ships are pretty unsecure, it seems. The Register reports:

Pen Test Partners (PTP), an infosec consulting outfit that specialises in doing what its name says, reckoned that on the whole, not many maritime companies understand the importance of good security practices at sea.

The most eye-catching finding from PTP’s year of maritime pentesting was that its researchers could have gained a “full compromise” of a deep sea drilling rig, as used for oil exploration.

PTP’s Ken Munro explained, when The Register asked the obvious question, that this meant “stop engine, fire up thrusters (dynamic positioning system), change rudder position, mess around with navigation, brick systems, switch them off, you name it.”

Among other failings, sailors set up jury-rigged vulnerable WiFi networks and remote access software on ships because they didn’t want to walk all the way back to the stern of big boats.

Apple Takes a Coronavirus Hit to the Revenue

Like many other tech companies, Apple is also warning its investors of a possible revenue hit due to CORONAVIRUS!

Apple said the COVID-19 epidemic in China has disrupted iPhone production to the point that it will lead to global shortages of the handset – and likely miss already widened revenue forecasts it set in January.

Although Cupertino’s contract manufacturers' fabs are located outside of Wuhan – the city where the bio nasty is believed to have started and which remains on lock down – and the wider Hubei province, these factories belatedly re-opened after the Chinese New year.

Microsoft’s ElectionGuard

Microsoft is trying to save the US elections from being hacked (probably by Russians).

Microsoft is in Fulton, Wisconsin, today to try its ElectionGuard electronic vote system in the primary election for the US state’s Supreme Court candidates.

The electronic vote system was demonstrated at the Aspen Security Forum back in July 2019 and is aimed at enabling an end-to-end verification of the voting process. The code and development kit were tossed onto GitHub the following September to allow voting machine manufacturers to build kit based on the system, and security researchers to poke at the code. Up to $15,000 is up for grabs for anyone who finds a way for miscreants to work their vote-rigging magic.

Of course, all of this is bullshit. The only way to have accurate and secure votes is to use paper ballots. Wanna know more? Listen to this podcast episode.

Ads in iOS

People are really getting annoyed with Apple’s ads in iOS:

Apple has resorted to insidious tactics to get those people: ads. Lots and lots of ads, on devices that you pay for. iOS 13 has an abundance of ads from Apple marketing Apple services, from the moment you set it up and all throughout the experience. These ads cannot be hidden through the iOS content blocker extension system. Some can be dismissed or hidden, but most cannot, and are purposefully designed into core apps like Music and the App Store. There’s a term to describe software that has lots of unremovable ads: adware, which what iOS has sadly become.

The PlayStation Forums Are Dying

Sony is shutting down the PlayStation forums.

Beginning 27th February, the forums will no longer be available.

Apparently nobody had been using these anymore. People report these forums had “turned into a ghost town” some time ago. To be fair, they were kind of hard to use from a PlayStation anyway.

Get in Touch, Will Ya?

Have I missed anything important (or funny) today? If you think so, reply to this mail and tell me. You can also just tell me that you enjoy the newsletter, if you want. Or you can yell at me. Totally up to you.

Also Noteworthy

Here are some other stories I came across in my travels across the wide oceans of the cyber webs. Some of them might be worth your time:

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.