The US’s suspicion of Huawei should have been good news for its biggest telecom competitors, Nokia and Ericsson. In reality: More complicated than that. https://www.wsj.com/articles/huawei-rivals-nokia-and-ericsson-struggle-to-capitalize-on-u-s-scrutiny-11546252247
“What’s gone from the internet, after all, isn’t ‘truth,’ but trust: the sense that the people and things we encounter are what they represent themselves to be.” [Max Read] http://nymag.com/intelligencer/2018/12/how-much-of-the-internet-is-fake.html
“Expediting changes” means “shutting down faster.” “Sunsetting” means “shutting down.” Corporatespeak is a means of evading accountability.
I like Google+ but I’m glad to see it shutting down sooner. Dragging it out just makes it more irritating.
Bruce Schneier is skeptical of the Bloomberg supply-chain attack on Apple and Amazon servers, among others. He said if it was true, we’d have seen a photo of the chip by now.
That raises a good thumb rule for judging the veracity of any explosive investigative report. Particularly high-profile sexual harassment charges, like Bill Cosby and Harvey Weinstein. Corroborating reports start to come out after the initial expose.
Starbucks is succumbing to pressure and putting porn filters on its public WiFi. An organization called Enough is Enough has been giving Starbucks grief for failing to protect its customers from porn. Enough is Enough says that public WiFi networks “are attracting pedophiles and sex offenders” and put children at risk. This sounds like bullshit to me from people looking to enrich themselves by scaring parents.
Juniper Pushes Security Into Network Interior
The networking vendor extends its security platform to go beyond guarding the network edge to automate enforcing policies at the switch level. (Me, Light Reading)
Kim Zetter, Wired:
In the past two years a group of researchers in Israel has become highly adept at stealing data from air-gapped computers—those machines prized by hackers that, for security reasons, are never connected to the internet or connected to other machines that are connected to the internet, making it difficult to extract data from them.
Mordechai Guri, manager of research and development at the Cyber Security Research Center at Ben-Gurion University, and colleagues at the lab, have previously designed three attacks that use various methods for extracting data from air-gapped machines—methods involving radio waves, electromagnetic waves and the GSM network, and even the heat emitted by computers.
Now the lab’s team has found yet another way to undermine air-gapped systems using little more than the sound emitted by the cooling fans inside computers. Although the technique can only be used to steal a limited amount of data, it’s sufficient to siphon encryption keys and lists of usernames and passwords, as well as small amounts of keylogging histories and documents, from more than two dozen feet away. The researchers, who have described the technical details of the attack in a paper (.pdf), have so far been able to siphon encryption keys and passwords at a rate of 15 to 20 bits per minute—more than 1,200 bits per hour—but are working on methods to accelerate the data extraction.
The attacker installs malware on a target machine to modify the fans’ speed to change audio output and transmit information to nearby microphones. Diabolical!
Find a good password management app and let it worry about picking good passwords and remembering them. Schneier recommends Password Safe for Windows, but says he can’t vouch for Password Safe on other platforms because he has not evaluated them. I like 1Password, which supports Mac and iOS, which I am familiar with, and Windows and Android, which I’m not.
Jenna Johnson, The Washington Post:
At a rally in Portland, Maine, on Thursday afternoon, Trump provided a lengthy explanation of why he thinks the United States needs to be skeptical of immigrants from many countries, even if they follow the legal process.
He has a point. If there had been better immigration controls 100 years ago when Trump’s grandparents came to the US, we wouldn’t be stuck with the Orange Man-Baby now.
John Robb says attackers would just need to use robodialers to phone in terrorism threats to heavily partisan electoral districts. The candidate for the other side wins the White House in a landslide. The losing candidate’s supporters take to the streets. Rioting, bloodshed, dogs and cats living together.
Possible because the direct marketing and debt collections industry has made sure the phone system is easy to hack.
I can post links from my iPhone but not from my Mac or Buffer.
Weird, huh?
Phoenix airport threatens to kick out TSA, hire private (unaccountable) contractors – Cory Doctorow, Boing Boing
I’m very much looking forward to this on iOS 8. Logins are an area where mobile falls down in comparison to desktop — it’s much easier for me to log in to things on my Mac than on my iPhone, iPad, or Nexus 7.
The video embedded here is only 34 seconds long and worth watching.
Worst phishing attempt ever.
The problem with the normals and tech is the same as the problem with the normals and politics, or society in general. People believe they are powerless and alone, but the only thing that keeps people powerless and alone is that same belief. People, working together, are immensely and terrifyingly powerful.
The National Strategy for Trusted Identies in Cyberspace starts testing in government agencies in two US states. “Calling this move ill-timed would be the most gracious way of putting it,” says Techdirt’s Tim Cushing. (US Government Beings Rollout Of Its ‘Driver’s License For the Internet’)
[A]t a time when the public’s trust in government is ant an all-time low, the National Institute of Standards and Technology (NIST – itself still reeling a bit from NSA-related blowback) is testing the program in Michigan and Pennsylvania. The first tests appear to be exclusively aimed at accessing public programs, like government assistance. The government believes this ID system will help reduce fraud and overhead, by eliminating duplicated ID efforts across multiple agencies.
But the program isn’t strictly limited to government use. The ultimate goal is a replacement of many logins and passwords people maintain to access content and participate in comment threads and forums. This “solution,” while somewhat practical, also raises considerable privacy concerns.
The keepers of the identity credentials wouldn’t be the government, but rather a third party. Banks, technology compaies, and cellphone service providers were suggested as keepers when the program was introduced in 2011. “[S]o theoretically Google or Verizon could have access to a comprehensive profile of who you are that’s shared with every site you visit, as mandated by the government.”
The proposal also raises security concerns, creating a central store of identitiy information susceptible to hacking. And with the government behind the proposal, citizens may not have the option of opting out.
Here’s the original statement on Whitehouse.gov: “President Obama Releases the National Strategy for Trusted Identities in Cyberspace.” It cites banking and online health records as example applications.