back to article Your two-minute infosec roundup: Drone arrests, Alexa bot hack, Windows zero-day, and more

If you're reading this while on-call for IT support, network security, or what have you, then we salute you. If you're reading this to avoid Christmas present wrapping or hobnobbing with awkward relatives, or similar, then, well, let us shake your hand. For you, here's a rapid-fire roundup of infosec-related news to close out …

  1. IceC0ld Bronze badge

    Roundup

    great thread, lots of details in an easy to read package, but this ..........

    In short, use a unique password for your IoT gear, and activate two-step authentication where possible.

    should be the mantra for the madern world, I know it isn't perfect, but it IS SO much better than the usual melange of reused passwords and nothing else, read about the FORTNITE hackers making money from stealing accounts, and even they were saying that 2FA would give them grief.

    1. Jeffrey Nonken Silver badge

      Re: Roundup

      Use a password manager and generate a unique password for each site. Use a strong passphrase to access the password manager. Never let your browser's password manager keep your financial account login credentials, use a third-party manager.

      1. Timmy B Silver badge

        Re: Roundup

        I have three things with passwords I commit to memory. 1. The login for my password manager, and 2. Any banking credentials. 2FA on anything I can use it on and unique passwords for everything. What I do wish is that sites always asked you for the special numbers on the back of your cards before making any sales (Amazon....). Other than memorising every single set of credentials I don't know what else I could do.

      2. Anonymous Coward
        Anonymous Coward

        When we're told to use a password manager

        What's so wrong with using what's built in to the browser?

        1. EJ

          Re: When we're told to use a password manager

          As long as your browser's password manager has a password assigned to it as well (last I knew, Firefox does, Chrome recently added it, and IE still doesn't, as well as IE's not being sync'd between machines), I'd say you're good.

        2. JCitizen
          FAIL

          Re: When we're told to use a password manager

          I'm not convinced that any browser actually keeps the password safe from prying malware. If they would at least encrypt it, that would help, but I've never read that has been improved upon. Better to use a free password manager with a good reputation.

    2. dogcatcher

      Re: Roundup

      Think of us old farts with dementia who can't even remember their own phone numbers. What's wrong with using my name backwards, at least I can remember that. Password managers need passwords to start and then they disappear when most needed and when the browser and password manager both offer different passwords for a site I despair. Commercial sites that demand weird passwords should remember that I am the customer and if I choose 123 as my password, then the customer is always right.

  2. redpawn Silver badge

    "It is confirmed to be a legit exploit"

    Does that make use of the exploit legit also?

  3. Anonymous South African Coward Silver badge

    Drone arrests

    Good to hear.

    Going to be interesting if more people's involved in this epic brainfart.

    And why they did it, should be interesting as well.

    "But your Honour, I just wanted to take a couple of videos of Gatwick with aeroplanes departing and landing...." yeah right.

    1. Mycho Silver badge

      Re: Drone arrests

      Why they did it ... right before parliament votes on tightening up drone laws.

      Hmm...

      Though they'll probably spin it as a green protest.

    2. Anonymous Coward
      Anonymous Coward

      Re: Drone arrests

      "And why they did it, should be interesting as well."

      Given the current arrests are likely to be husband/wife or partners (my speculation) I suspect either one was a disgruntled ex-Gatwick employee or they've had problems with airport authorities around drones in the past. Going from "unknown suspect" two days ago to arrests so quickly (within two days) suggests there was some awareness of who they might be rather than requiring a drawn out investigation lasting weeks.

      1. Teiwaz Silver badge

        Re: Drone arrests

        Going from "unknown suspect" two days ago to arrests so quickly (within two days) suggests there was some awareness of who they might be rather than requiring a drawn out investigation lasting weeks.

        Or they only recently got a list of known drone owners locally....you'd think if there was some suspicion, that would be followed up much earlier, or were all the police needed to 'watch the skies'???

        Not a good time to have Gatwick, airports and drone searches in your browser history....

        1. Destroy All Monsters Silver badge

          Re: Drone arrests

          Not a good time to have Gatwick, airports and drone searches in your browser history....

          We are now the Soviet Union, just with more computers and blonde fat-lipped talking heads on TV.

        2. Dan 55 Silver badge

          Re: Drone arrests

          ... and it seems all they were guilty of was having a photo of a model helicopter posted on Facebook, so they've been released without charge.

          Still, at least the police can be thankful social media as it allows them to make quick arrests on the flimsiest of excuses which appear in the press and on TV, which is what people will remember.

          1. Teiwaz Silver badge

            Re: Drone arrests

            and it seems all they were guilty of was having a photo of a model helicopter posted on Facebook

            Cardinal Richelieu would be proud of the British Constabulary.

            Fred Colon detective work at it's finest.

    3. Pascal Monett Silver badge
      Flame

      Re: Drone arrests

      I just hope that they are the right ones, and that they catch holy hell for having been such unsufferable gobshites.

      1. Christoph Silver badge

        Re: Drone arrests

        "they catch holy hell"

        The authorities are going to throw everything they can think of at them. They will ask for the maximum sentences possible, pour encourager les autres. They do not want this to become a regular occurrence every time some gang wants to blackmail airports.

        1. Anonymous Coward
          Anonymous Coward

          State Actors

          What's the betting those arrested are out-of-work Vicars who have a sideline on walk-on-parts brandishing Weapons of Mass Distraction ?

        2. Jason Bloomberg Silver badge
          Black Helicopters

          Re: Drone arrests

          The authorities are going to throw everything they can think of at them.

          Or will just let them go without even an apology in a day or two.

          The authorities needed an arrest so they can claim the costly and embarrassing situation has been resolved, that it's safe for planes to take off and land. It's the familiar MO of reassuring the public no matter the cost, regardless of if they've nicked the wrong people.

          If they are innocent; let's hope this couple fare better than the Birmingham Six, Barry George, al-Megrahi, and many others fitted-up by the police and authorities.

    4. brucedenney

      Re: Drone arrests

      I suspect the extinction rebellion, but the government will not want the to have the publicity so perhaps they will gag the press or put out a fake story, either way, we will probably not know.

    5. Danny 2 Silver badge
      Black Helicopters

      Re: Drone arrests

      Bear in mind Paul Gait and Elaine Kirk haven't been charged so far and this is sub judice, despite them already being vilified by tabloids and on twitter. Frankly they don't strike me as credible suspects. He's got a job, she's no interest in drones, they have a son. It could be they are just locals who are known to have drones so an easy arrest to relieve media criticism of the police while they pursue actual culprits.

      I also don't believe it is an environmental protest as more disruption would have ensued by swapping to Heathrow once all the police attention was on Gatwick. That said, the culprits may not be that rational. I still feel it's more likely to be a protest against over-flights by a disgruntled local.

      1. Anonymous Coward
        Black Helicopters

        Re: Drone arrests

        As I said in the big thread here on El Reg. If I were a known or suspected dissident anywhere in the Gatwick area, I'd be worrying about a knock on the door.

        What do we know about the current suspects?

        1. Danny 2 Silver badge

          Re: Drone arrests

          "What do we know about the current suspects?"

          The arrestees are a middle aged couple with a child. He works in a window company. His employer says he got the suspect into drone flights, and that the suspect was working during the crimes. The boss also said the suspects wife, also a suspect, had no interest in drones.

          The suspects facebook account has various photos of RC aircraft he built and a couple of small drones he bought.

          The police were being mocked and demeaned on social media for not catching the perpetrator. The couple have been arrested but not charged.

          1. Mark 85 Silver badge

            Re: Drone arrests

            So, unless the real miscreants decide to launch again, this couple is going down for the crime. Or they're red herrings and the cops are hoping the pride of the real bad guys will be slapped and they'll do it again.

            1. Danny 2 Silver badge

              Re: Drone arrests

              You are arrested, and then you are charged, and then you face trial, and perhaps then you are found guilty. The tabloids and twitter have just jumped straight from A to D.

              I'm not even sure I should have named them here, even though their names are published, but I did so because I'm not the least convinced.

              I've been questioned a lot, arrested a lot, charged fewer times, found guilty twice on relatively minor charges (breach of the peace, speeding) that I admitted to. The sort of nonsense I was questioned about ranged from terrorism to fascist propaganda to "suspicion of conspiracy to commit criminal damage" when I'd locked on to a police van at a peace protest. That time The Guardian called me "an ingenious young man", which shows how mucked up the press are since they weren't there, I wasn't young and it was more than a bit daft. I even broke into an airport once, responsibly, and the police let me off.

              No activist group would do this stunt, even the most extreme of them, at least not this way. And this couple aren't activists. They could be lone nutters, but they really don't check that box either; jobs, house and kid.

              Supposedly some guy was seen over two drones on a bicycle, but this couple have vehicles.

              This arrest requires extraordinary evidence that perhaps the police do have, but if they don't then this couple will be rich by the time they sue everyone and every publication that has smeared them.

              1. Nick Kew Silver badge

                Re: Drone arrests

                Supposedly some guy was seen over two drones on a bicycle, but this couple have vehicles.

                Any more reason to credit the bike story than the arrests? I don't see how I'd transport a drone in my panniers without the high likelihood of damaging it!

                This arrest requires extraordinary evidence that perhaps the police do have, but if they don't then this couple will be rich by the time they sue everyone and every publication that has smeared them.

                Unlikely. You have to be seriously rich to play that game (though it can be satisfying when someone does). I'd expect to want a warchest of tens of millions to go into it with the reasonably confident expectation of reaching an outcome before going bust. When ordinary people take on the system and win, they have the backing of someone deep-pocketed.

              2. Mycho Silver badge

                Re: Drone arrests

                I just saw the news saying they got released without charge and the reward for turning in the real twat has gone up to 50K.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Drone arrests

                  I'm hoping that the real perps are somewhere near Hounslow, charging their kit up and preparing to give us all (well, most of us) an entertaining Christmas eve.

                2. Jason Bloomberg Silver badge
                  Big Brother

                  Re: Drone arrests

                  I just saw the news saying they got released without charge

                  So who's going to be the first to note that means they were flying planes in and out of Gatwick while there was still a risk from the drone?

                  I still believe, as posted earlier, that this was an arrest of convenience simply to get the backlog cleared by pretending the threat had been removed.

                  Oh look; the police now claim to have found a broken drone, so it must have been safe to fly after all. Obviously that crashed rather than being planted. Silly me; imagining all sorts of conspiracy and false flag theories.

                  The truth is whatever they tell you it is.

                  1. Danny 2 Silver badge

                    Look! A squirrel drone!

                    Asked about speculation there was never such a drone flown over the airport, Detective Chief Superintendent Jason Tingley told the BBC: "Of course, that's a possibility. We are working with human beings saying they have seen something. Until we've got more clarity around what they've said, the detail - the time, place, direction of travel, all those types of things - and that's a big task."

                    https://www.standard.co.uk/news/uk/gatwick-drone-latest-police-say-it-is-a-possibility-there-was-never-a-drone-a4024626.html

                    "We are working with human beings"? Maybe CS Tingley should start working with tiny aliens in tiny spaceships because this nonsense begs for conspiracy theories.

                  2. Mycho Silver badge

                    Re: Drone arrests

                    Now the news is buzzing with someone admitting that there may never have been a drone after all.

                    This is why I left that vaunted isle.

                    Edit: Hah! Jinx!

                  3. Adrian 4 Silver badge

                    Re: Drone arrests

                    Glad to hear they've released the non-perpetrators. I hope they get decent compensation for the Daily Wail's doxing and what must have been a pretty unpleasant episode. I wonder why the police jumped on them in the first place ?

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: Drone arrests

                      I think the "miscommunication within the police" excuse for saying there were no drones then backtracking is interesting. If you stare hard enough looking for something small in visually noisy surrounding you will start to see it whether it's there or not.Think looking for a man overboard in the sea from a plane, trying to find that screw from your glasses you dropped on the carpet or looking for a drone speck in the sky.

                      If you repeatedly closed a major airport causing huge losses for the airlines and your shareholders and royally pissing off thousands of travelers then called the cops who prolonged the closure because they thought they saw something that may or may not have been a drone, nobody is going to admit there probably wasn't anything there because of the commercial and public heat they're going to catch. It's far better for your career prospects to stick with your story, catch someone, release them as innocent then say the real perps got away but you protected the public by closing than to say it was all for nothing. You'll probably get extra security budget to "stop it happening again."

  4. macjules Silver badge
    Terminator

    "kill your foster parents"

    Any opportunity to use the icon ->

  5. Walter Bishop Silver badge
    Big Brother

    What Dan Coats said ..

    Ron Wyden: “Can the government use FISA Act Section 702 to collect communications it knows are entirely domestic?

    Dan Coats: “■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■” ref

  6. Mike 16 Silver badge

    Russian vote-hacking, and 2FA

    So, the Russians had nothing to do with dodgy "signature fails", false announcement of polling places moving, real moving or closing of polling places with little or no notice, "harvesting" of absentee ballots... Good to know American Ingenuity is still a thing, without help from furriners..

    As for 2FA, having it actually work might be nice, but as it is, every time I use one of my alternate computers, or a VPN, or use the (horrendous) gmail web interface _on_ my main computer, I get a panic message from Google about a "new device", even if I had had it for years and used it the day before. It's almost like they will not rest until I give up dealing with their buggy IMAP interface on a non-google device, and just turn on the "snoop everything, all the time" stuff in the webmail and app.

    But that "no password reuse" advice is "table stakes" for security. But also consider "Don't invite a vampire (IoT) into your home"

  7. CrysTalK

    Win10 side effect

    Seems this zero-day bug only affects Win10. All other OS's are immune. NT was released since 1993 and can't be perfected it seems. Oh how about we throw in more featres to make it shinier.

  8. Big Al 23

    No one is holding Assange hostage

    Assange is free to leave the embassy any time he desires. Exiting the UK may be a little problematic since he is a UK fugitive waiting prosecution.

    1. John 104

      Re: No one is holding Assange hostage

      No one is holding Assange hostage

      Assange is free to leave the embassy any time he desires. Brexiting the UK may be a little problematic since he is a UK fugitive waiting prosecution.

      FTFY

  9. John 104

    FIOA and AT&T

    Late to the conversation. Holidays and such.

    So EFF sues the government for docments and finally gets them, the case is dismissed and....? Where are the congressional hearings on abuse of power, violation of the 4th amendment? Judicial overreach? Makes me fucking sick.

  10. arctic_haze Silver badge

    Alexa. lets chat

    Alexa, what was that about foster parents and deeper acts?

  11. RLWatkins

    "No Russian vote hack."

    Of course not. No "hackers", foreign or otherwise, seem to be tampering with US elections. Russia still provides us with myriad examples of what not to do, but we can't blame them for that. It's our own political parties doing it, one mainly although the other doesn't get off the hook entirely.

    I recall some thirteen or fourteen years ago when a memo was leaked from a voting machine company which shall remain nameless. It described in some detail the measures by which said company would "deliver the presidential election to the {insert name of criminal enterprise here} party". And did they deny it? No. They sued the journalist who published it, citing US trade secrets law, claiming he "revealed confidential company information".

    No, I am not joking.

    Agencies outside the US are indeed interfering with our elections, using our now freer-than-ever media to disseminate propaganda, but all the actual, direct election-tampering appears wholly to be Made In the USA.

    We rig our elections better than those damn' foreigners ever could. 'Murica!

  12. RLWatkins

    "Internet" of "things"

    And while I'm thinking with my mouth open, or rather with my hands on the keyboard, there is no "Internet of things".

    An internetwork connects other networks. Your things, if you have any of those, are connected to *your* network.

    It seems almost as if the companies which wish to collect the data which your things record have promulgated that terminology specifically so that people would think, quite without really thinking about it, that it's OK, or even desirable, to connect your network of things to their network using the Internet.

    It almost sounds like a conspiracy theory, only to be a conspiracy it would have to be secret. Said companies are quite open about wanting access to video of your front porch, the things you say at home, details of your finances, a map of your house. They don't make any secret of it.

    There's an amazing level of gall and stupidity at work there. Just amazing.

  13. ThePendragon

    College kids and Indians -- pretty stupid etc...

    Amazon using college kids instead of professionals and the American IT industry outsourcing stuff to Indians -- all pretty stupid stuff. But what ? Ulster Scots rebelled against the British empire and the porrage monkey Scot invented Capitalism to take the place of Aristocracy. The peasants and the merchant classes are on top and the Aristocrats are on bottom : The Scots and the French screwing up the world as usual and the what are we English expected to clean up their mess again (e.g. Hitler waltzing into France etc...?).

    Alan Turing -- w00t AI -etc.. -- oops American idiots trying to combine IoT with AI but wait -- what ?-- what are all those telnet ports on the IoT devices instead of SSH doing there ? Doh !

  14. Michael Wojcik Silver badge

    Feds or paranoia?

    SandboxEscaper's blog posts have all gone missing, and her Twitter account seems to be suspended. Hard to tell how much of that is due to police putting the boot in, and how much to SE's own actions. It's all pretty pointless in terms of improving software security, of course, since you can trivially find details of the ReadFile vulnerability elsewhere; so this looks punitive.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019