Schneier on Security's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, October 4th, 2018

    Time Event
    12:34p
    Helen Nissenbaum on Data Privacy and Consent

    This is a fantastic Q&A with Cornell Tech Professor Helen Nissenbaum on data privacy and why it's wrong to focus on consent.

    I'm not going to pull a quote, because you should read the whole thing.

    5:30p
    Chinese Supply Chain Hardware Attack

    Bloomberg is reporting about a Chinese espionage operating involving inserting a tiny chip into computer products made in China.

    I've written about (alternate link) this threat more generally. Supply-chain security is an insurmountably hard problem. Our IT industry is inexorably international, and anyone involved in the process can subvert the security of the end product. No one wants to even think about a US-only anything; prices would multiply many times over.

    We cannot trust anyone, yet we have no choice but to trust everyone. No one is ready for the costs that solving this would entail.

    EDITED TO ADD: Apple, Amazon, and others are denying that this attack is real. Stay tuned for more information.

    EDITED TO ADD (9/6): TheGrugq comments. Bottom line is that we still don't know. I think that precisely exemplifies the greater problem.

    EDITED TO ADD (10/7): Both the US Department of Homeland Security and the UK National Cyber Security Centre claim to believe the tech companies. Bloomberg is standing by its story. Nicholas Weaver writes that the story is plausible.

    9:00p
    Conspiracy Theories around the "Presidential Alert"

    Noted conspiracy theorist John McAfee tweeted:

    The "Presidential alerts": they are capable of accessing the E911 chip in your phones -- giving them full access to your location, microphone, camera and every function of your phone. This not a rant, this is from me, still one of the leading cybersecurity experts. Wake up people!

    This is, of course, ridiculous. I don't even know what an "E911 chip" is. And -- honestly -- if the NSA wanted in your phone, they would be a lot more subtle than this.

    RT has picked up the story, though.

    (If they just called it a "FEMA Alert," there would be a lot less stress about the whole thing.)

    << Previous Day 2018/10/04
    [Calendar]     		Next Day >>

Schneier on Security   About LJ.Rossia.org