Stuart Breckenridge

Critical Vulnerabilities Discovered in PGP and S/MIME

eff.org:

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.


Excel Gains JavaScript User Defined Functions

Frederic Lardinois, writing for TechCrunch:

Microsoft is launching a couple of features to Excel today that make the ubiquitous spreadsheet software a bit more powerful. Among the new features is support for Azure Machine Learning and custom JavaScript functions to Excel to extend its capabilities.

[…]

Developers could already write their own complex scripts with Visual Basic for Applications (VBA). There are some advantages to using JavaScript, though, not in the least its popularity and ability to easily connect to third-party services, but also the simple fact that these functions can run on any platform. Microsoft first tested custom functions through the Office Insider Program, and it’s now ready to roll it out to a wider audience.

The instructions seem a little convoluted at this stage 1, but I’m keen to try this out.

  1. It is early access. ↩︎


Github, Twitter Stored Passwords in Clear Text

Github:

During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users’ passwords to our internal logging system […]

Twitter:

Due to a bug, passwords were written to an internal log before completing the hashing process.

It seems that Github and Twitter are using the same underlying technology. Regardless, you should change your password.


Fortnite Platform Restrictions

The geek in me wanted to see how Fortnite played in 4K on the Xbox One X. However, after downloading, I was disappointed to be hit with this error message when the game started:

Your Account can not play on this Platform.

It turns out that because I have a PS4 PSN ID linked to my Epic Games account, I can’t play on Xbox One with an Xbox Gamertag linked to that same Epic Games account. Platform Restrictions kick in and they suck. According to this help article, if you want to play Fortnite on both PS4 and Xbox, you need two Epic Games accounts:

If you receive this error when attempting to launch Fortnite, it means that your account is locked out of playing on Xbox One. In order to play on that platform, you will need to unlink the Xbox Live Gamertag you are attempting to play on from your Epic account, and then re-link it to a new Epic account.

It’s user hostile in the extreme. There must be a better solution1.

  1. Perhaps this one which allowed PS4 and Xbox cross-platform play, accidentally. ↩︎