Risky Business Feature: Named source in "The Big Hack" has doubts about the story - Risky Business


14 bookmarks. First posted by aupton 9 days ago.


On a scale of one to Michael Jackson, how much popcorn is going on here?
from twitter
7 days ago by starchy
Risky Business Feature: Named source in "The Big Hack" has doubts about the story "Big Hack" technical source Joe Fitzpatrick has concerns about Bloomberg's…
from instapaper
8 days ago by kerim
Hardware security expert Joe Fitzpatrick, a named source in Bloomberg's China spy chip investigation, casts doubt on the story's accuracy
8 days ago by joeo10
via Starred items from BazQux Reader https://ift.tt/1cAKc9M and IFTTT
Starred  items  from  BazQux  Reader 
8 days ago by stinkingpig
via Daring Fireball http://bit.ly/2FJ06sP
STEM 
8 days ago by aebraddy
Named Source in ‘The Big Hack’ Has Doubts About the Story

Hardware security researcher Joe Fitzpatrick was one of the very few named sources in Bloomberg’s blockbuster “The Big Hack” story. He provided only background information on the potential of hardware exploits in general — he claimed no knowledge of this specific case. On Patrick Gray’s Risky Business (great name) podcast, he expresses serious unease with the story Bloomberg published. The whole episode is worth a listen, but here’s partial transcript:

Fitzpatrick: But what really struck me is that like all the details that were even remotely technical, seemed like they had been lifted from from the conversations I had about theoretically how hardware implants work and how the devices I was making to show off at Black Hat two years ago worked.

Gray: So I guess what you are saying here is, the report, I mean all of the technical details of the report, you’d covered that ground with that reporter.

Fitzpatrick: Yeah, I had conversations about all the technical details and various contexts. But there are a lot of filters that happen, you know? When I explain hardware things even to software people, I don’t expect people to get it the first time and I don’t expect people to be able to describe it accurately all the time. So there is definitely a lot of telephone exchange happening

Gray: OK but why did that make you feel uneasy? Could it be the case that you know that the technical things you told him lined up perfectly with the technical things that some of these 17 of the anonymous sources told him?

Fitzpatrick: You know, I’m just Joe. I do this stuff solo. I am building hardware implants for phones to show off at conferences. I’m not a pro at building hardware implants. I don’t work for any nation or any state building and shipping these as products. I feel like I have a good grasp at what’s possible and what’s available and how to do it just from my practice. But it was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100 percent of what I described was confirmed by sources.

Gray: And that’s what he was telling you through this process?

Fitzpatrick: That’s what I read in the article.

Gray: OK, right. You find that a bit strange? That every single thing you seem to tell him, or a large proportion of what you told him, was then confirmed by his other sources.

Fitzpatrick: Yeah, basically. Either I have excellent foresight or something else is going on.

I’m going to go with “something else is going on”.

 ★ 
ifttt  rss 
8 days ago by josephschmitt
Hardware security Joe Fitzpatrick was one of the very few named sources in Bloomberg’s blockbuster “The Big Hack” story. He provided only background information on the potential of hardware exploits in general — he claimed no knowledge of this specific case. On Patrick Gray’s Risky Business (great name) podcast, he expresses serious unease with the story Bloomberg published. The whole episode is worth a listen, but here’s partial transcript:

Fitzpatrick: But what really struck me is that like all the details that were even remotely technical, seemed like they had been lifted from from the conversations I had about theoretically how hardware implants work and how the devices I was making to show off at black hat two years ago worked.

Gray: So I guess what you are saying here is, the report, I mean all of the technical details of the report, you’d covered that ground with that reporter.

Fitzpatrick: Yeah, I had conversations about all the technical details and various contexts. But there are a lot of filters that happen, you know? When I explain hardware things even to software people, I don’t expect people to get it the first time and I don’t expect people to be able to describe it accurately all the time. So there is definitely a lot of telephone exchange happening

Gray: OK but why did that make you feel uneasy? Could it be the case that you know that the technical things you told him lined up perfectly with the technical things that some of these 17 of the anonymous sources told him?

Fitzpatrick: You know, I’m just Joe. I do this stuff solo. I am building hardware implants for phones to show off at conferences. I’m not a pro at building hardware implants. I don’t work for any nation or any state building and shipping these as products. I feel like I have a good grasp at what’s possible and what’s available and how to do it just from my practice. But it was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100 percent of what I described was confirmed by sources.

Gray: And that’s what he was telling you through this process?

Fitzpatrick: That’s what I read in the article.

Gray: OK, right. You find that a bit strange? That every single thing you seem to tell him, or a large proportion of what you told him, was then confirmed by his other sources.

Fitzpatrick: Yeah, basically. Either I have excellent foresight or something else is going on.

I’m going to go with “something else is going on”.

 ★ 
via:daringfireball 
8 days ago by rufous
In this podcast hardware security expert Joe Fitzpatrick, a named source in Bloomberg’s “Big Hack” piece, explains why he felt uncomfortable reading the story when it was published.

He also provided Risky.Biz with emails he sent to Bloomberg, prior to the story’s publication, that said the hardware back-dooring the article described “didn’t make sense”.
ee 
8 days ago by bbishop
RT : This podcast is worth a listen if you're following the Bloomberg "Big Hack" story
from twitter
9 days ago by dunstan
Favorite tweet:

I did a thing on the Bloomberg "Big Hack" story. @securelyfitz, one of the story's only named sources, warned the publication that its central claim "didn't make any sense," prior to publication.https://t.co/giXVXo1tbF pic.twitter.com/6cnwuZGx99

— Patrick Gray (@riskybusiness) October 8, 2018
IFTTT  Twitter 
9 days ago by chetan