privacy   208007

« earlier    

Brass Horn Comms Onion3g
Tor embedded in a SIM card? So I guess using a private APN to funnel tor traffic to their tor relay network gateways/bridges?
Tor  union  routing  SIM  data  card  hardware  electronics  devices  security  privacy  3G 
49 minutes ago by asteroza
Another Bloomberg Story about Supply-Chain Hardware Attacks from China - Schneier on Security
Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I linked to other commentary and analysis here.)
Again, I have no idea what's true. The story is plausible. The denials are about what you'd expect. My lone hesitation to believing this is not seeing a photo of the hardware implant. If these things were in servers all over the US, you'd think someone would have come up with a photograph by now.
EDITED TO ADD (10/12): Three more links worth reading.
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
1 hour ago by rgl7194
TaoSecurity: Network Security Monitoring vs Supply Chain Backdoors
On October 4, 2018, Bloomberg published a story titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” with a subtitle “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.” From the article:
Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.
Companies mentioned in the story deny the details, so this post does not debate the merit of the Bloomberg reporters’ claims. Rather, I prefer to discuss how a computer incident response team (CIRT) and a chief information security officer (CISO) should handle such a possibility. What should be done when hardware-level attacks enabling remote access via the network are possible?
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
1 hour ago by rgl7194
More commentary on China, Apple, and supply-chain hacking | Mac Virus
Following up the previous story Supply chain hacking: bull in a China shop? [updated]…
[Additional: Motherboard – The Cybersecurity World Is Debating WTF Is Going on With Bloomberg’s Chinese Microchip Stories]
Paul Ducklin for Sophos: Apple and Amazon hacked by China? Here’s what to do (even if it’s not true) – more useful than most of the commentary I’ve seen!
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
1 hour ago by rgl7194
Government Perspective on Supply Chain Security - Schneier on Security
This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now.
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
1 hour ago by rgl7194
Bloomberg blunder highlights supply chain risks - Malwarebytes Labs | Malwarebytes Labs
Ooh boy! Talk about a back-and-forth, he said, she said story!
No, we’re not talking about that Supreme Court nomination. Rather, we’re talking about Supermicro. Supermicro manufacturers the type of computer hardware that is used by technology behemoths like Amazon and Apple, as well as government operations such as the Department of Defense and CIA facilities. And it was recently reported by Bloomberg that Chinese spies were able to infiltrate nearly 30 US companies by compromising Supermicro—and therefore our country’s technology supply chain.
If you’ve been trying to follow the story, it may feel a bit like this...
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
1 hour ago by rgl7194
Daring Fireball: 'Your Move, Bloomberg'
Washington Post media critic Erik Wemple:
Sources tell the Erik Wemple Blog that the New York Times, the Wall Street Journal and The Post have each sunk resources into confirming the story, only to come up empty-handed. […]
The best journalism lends itself to reverse engineering. Though no news organization may ever match the recent New York Times investigation of Trump family finances, for instance, the newspaper published documents, cited sources and described entities with a public footprint. “Fear,” the recent book on the dysfunction of the Trump White House, starts with the story of a top official removing a trade document from the president’s desk, an account supported by an image of the purloined paper.
Bloomberg, on the other hand, gives readers virtually no road map for reproducing its scoop, which helps to explain why competitors have whiffed in their efforts to corroborate it. The relentlessness of the denials and doubts from companies and government officials obligate Bloomberg to add the sort of proof that will make believers of its skeptics. Assign more reporters to the story, re-interview sources, ask for photos and emails. Should it fail in this effort, it’ll need to retract the entire thing.
amazon  apple  china  chip  hack  privacy  security  server  supply_chain  daring_fireball 
1 hour ago by rgl7194
Should Bloomberg retract? | Mac Virus
John Gruber cites Amazon Web Services CEO Andy Jassy’s tweet while considering Bloomberg’s decreasingly convincing insistence on the Apple/Amazon/etc. supply chain story: AWS CEO ANDY JASSY: ‘BLOOMBERG SHOULD RETRACT’
I have to agree: Bloomberg’s position is not looking very tenable.
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
1 hour ago by rgl7194
Daring Fireball: AWS CEO Andy Jassy: 'Bloomberg Should Retract'
Amazon Web Services CEO Andy Jassy on Twitter:
@tim_cook is right. Bloomberg story is wrong about Amazon, too. They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories. Reporters got played or took liberties. Bloomberg should retract.
If you want a taste of Bloomberg’s attitude toward Apple’s and Amazon’s protestations, check out this video from Bloomberg TV from the day after the story was originally published. Jordan Robertson, co-author of the story, says this:
In addition, there is no consumer data that is alleged to have been stolen. This attack was about long term access to sensitive networks. So by that logic, companies are not required to disclose this information, so there’s no advantage for these companies in confirming this reporting.
This shows their dismissive attitude toward Amazon’s and Apple’s strenuous, unambiguous denials. Rather than give them pause, they blew it off.
I would argue that Amazon and Apple have a tremendous amount to lose — their credibility. If they wanted to hide something, whether for publicity or national security reasons (or both), the way to do it without risking their credibility is not to comment at all. Both Amazon and Apple have instead vigorously denied the veracity of this story.
amazon  apple  china  chip  hack  privacy  security  server  supply_chain  daring_fireball 
1 hour ago by rgl7194
Students swap data for coffee at cashless cafe – Naked Security
In this US-based cashless cafe, university students hand over personal data in exchange for a dose of caffeine and sponsorship propaganda.
3 hours ago by jellis
'Not good enough': Toronto privacy expert resigns from Sidewalk Labs over data concerns | CBC News
"A privacy expert who resigned this week from her role as an advisor to Sidewalk Labs, the Google sister company set to build a "smart" neighbourhood on Toronto's waterfront, is concerned that the "treasure trove" of data collected there will be vulnerable to attacks."
google  sidewalklabs  alphabet  toronto  privacy 
5 hours ago by danhon

« earlier    

related tags

2018  2fhg  3g  3rdparty  actuarial-statistics  adressbuch  ai  alexa  algorithms  alphabet  alternatives  amazon  analytics  android  anonymity  app  apple  application  article  asia  automation  beware  biometrics  block  blocking  branding  breach  browser  browsers  business  camera  capitalism  card  cash  cbcnews  cctv  china  chip  chrome  cia  city  cloud  concern  corporatism  credit  crime  critique  crypto  cryptocurrency  cryptography  culture  cyberculture  cyberpunk  cybersecurity  cypherpunk  daring_fireball  data  datadecisions  datamining  detection  development  devices  devmachine  diy  dna  donotcall  dsgvo  dystopia-is-you-know-just-normal  economics  education  electronics  email  embedded  encryption  espionage  ethics  europe  exchange  export  facebook  facial_recognition  facialrecognition  fail  fbi  film  finance  firefox  firewall  foaa  fork  fraud  free  gafa  gene  general_motors  genetic  genetics  globeandmail  google  gov2.0  governance  government  grsecurity  hack  hackaday  hacker  hardware  health  hide  highered  hollie_russon_gilman  home  homeautomation  https  humber  identification  identity  im  image  inbox  innovation  insurance  internet  ios  iot  ip  iphone  its  javascript  kontakte  language  laser  law  layer  linux  listening  lobby  mac  macapp  macos  marketing  masking  microphones  microsoft  mobile  monero  motion  ncix  netflix  netpolicynotes  network  newletter  of  office365  open  opensores  opensource  outlines  over  own  palantir  pax  performance  phone  pi  platform  politics  presentation  protection  quirk  radio  radlib  raspberrypi  raspi  read2of  readinglist  recommendation  registry  regulations  responsabile  retail  review  robocall  root  routing  rtsp  saudi-arabia  scary  science-fiction  seattle  secure  security  server  set  shared  sicherheit  sidewalklabs  sim  social_media  society  software  source  spam  spies  spy  ssl  statistics  stats  strategy  studentdata  supply_chain  surveillance  surveillancecapitalism  sync  taking  tech  technology  tecnologia  telemarketing  telephone  tim_cook  tls  tool  tor  toronto  tracking  transport  travel  twitter  union  upgrade  vibration  vpn  weekly  wired 

Copy this bookmark: