Archive for February, 2015

And I thought a single highly disturbing security story was enough for one day. I’m not even all the way through reading the article from The Intercept about how GCHQ and NSA have the keys to decrypt a huge swath of the world’s mobile phone communications and I have the urge to throw away all my computers and hide under a rock.

The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle

Normally I’m not prone to hyperbolic statements like “There is nowhere to hide” but for people who use any communication technology it’s more and more true. You are being monitored and archived. Maybe you are boring and uninteresting to government spooks. At the moment. Maybe forever. But how does it make you feel knowing that could, by deliberate action or entirely by accident, change at any time? It certainly doesn’t make me happy.

I woke up this morning to see that an actual computer hardware manufacturer has shipped machines with actual deliberately included “To improve customer experience” adware that compromises SSL for the user. Because capitalism, I presume.

Even with my non-expert understanding of digital security, reading this researcher’s discoveries was terrifying. And the manufacturer is claiming the impact is minimal because “Superfish was preloaded on to a select number of consumer models only.”

So far I haven’t seen cries of “just re-install the operating system from a trusted source.” Perhaps they are out there and I’m (thankfully) missing those kinds of people from my social media sphere. These are low-end machines intended for average users. And while I can’t comment on how it is in PC-Land, certainly for OS X users the process of re-installing a clean operating system has been made absurdly difficult. I don’t even always do it these days. But this surely points out that I should.