Monthly Archives: February 2015

Guys!

How the NSA’s Firmware Hacking Works and Why It’s So Unsettling | WIRED.

Guys, I really don’t want to spend all my time reading and writing about security. Can we just agree that the NSA has pretty much hacked every PC down to the metal? That there are other government and NGEs (non-government entities) that have done, or want to do the same? That it is inevitable that people will discover what was done by all these jokers and all the gaps will be compromised? And, finally, that the NSA is bad for USA businesses, but good for foreign Anti-Spyware companies like Kaspersky? Ok. That’s the current state of non-security.

So can we go back to writing about Mac tips and alien abductions please?

Advertisements

Surprise! Your Yoga has some holes in it.

Researcher Discovers Superfish Spyware Installed on Lenovo PCs – NYTimes.com

Surprise! Your “Yoga”, has some holes in it. Designed to be as attractive and useful as any Apple device (and marketed unconvincingly as a replacement for your MacBook Air), the Yoga unfortunately came (past tense, according to Lenovo) with Superfish Spyware pre-installed. “Adware” and “Bloatware” – collectively known as “crapware” – are de rigueur for Windows purchasers, but Superfish takes this to a new level with an unsigned certificate providing easy access to your data for anyone who knows how to use it.

I met an insider years ago (p.s. – Pre-Snowden), who told me he was convinced Lenovo had code embedded in the computer ROM that allowed Chinese authorities full access to the device. He gave up on trying to expose this security “flaw” after everyone, including the FBI, told him he was paranoid. So, who’s paranoid now?

Tip: Savvy computer buyers shop for those “special” Windows computers without crapware. Or buy Macs.

 

Obama Heads to Tech Security Talks Amid Tensions – NYTimes.com

Obama Heads to Tech Security Talks Amid Tensions – NYTimes.com.

No back doors. Encrypt everything.

If that’s the view of my Silicon Valley business; if that’s what I deem as the best way to protect my customers privacy, and thereby keep the customer satisfied, does that make me an anarchist?  A supporter of organized crime? Or anti-American?

Or let’s say I’m doing business in China, and I want to do business in China, but now the Chinese government wants access to my code, back doors, encryption keys. And for the sake of my customers, and my own integrity, and to protect my business “secrets”, I say, “No.”  Does it mean my company is a monopoly? Does it mean I am anti-Communist? Or anti-Chinese?

Folks, this is getting crazy. Take a step back. From the perspective of national interests the NSA of the USA is supposed to have access to all my private information, conversations, and data? Just in case I might be a criminal or terrorist? And basically, China wants control of the Internet, access to data, pretty much the same thing, “justified” by what the USA and NSA have already done? This is so obviously nuts! Do I really have to explain this?

The NSA and all the many other governement agencies that are on the cyber-security gravy train, funded by our tax dollars, billions of our tax dollars, should get off their asses and help us protect our data. From everyone. Including themselves. Not just lock down the banks, and utilities, and insurance companies, and major corporations. Make sure that individuals have control of their own privacy. No backdoors for anybody. Then law enforcement and homeland security would have to do their investigative work the old-fashioned, pre-Bush Era way, by sticking to Constitutional restraints and using good detective work and communication.

Because if Apple and Google and other companies are encrypting our data so well that even they (much less the FBI) can’t read it without our consent or cooperation, then they’re protecting our privacy, and their business interests, and by extension, our national interests—better than our own government.

Zero Day that.