[154071] in North American Network Operators' Group
RE: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sat Jun 23 21:15:30 2012
Date: Sat, 23 Jun 2012 19:14:31 -0600
In-Reply-To: <20120621125606.GA3760@gsp.org>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "Rich Kulawiec" <rsk@gsp.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> 2. Pre-compromised-at-the-factory smartphones and similar. There's
> no reason why these can't be preloaded with spyware similar to CarrierIQ
> and directed to upload all newly-created private keys to a central
> collection point. This can be done, therefore it will be done, and when
> some security researcher discovers it, the usual excuses and justificatio=
ns
> will be made by the designated spokesliars for the companies involved...
> which will of course keep right on doing it, albeit perhaps with more
> subterfuge.
> Problem #2 is newer, but I'm willing to bet that it will also last
> at least a decade and that it will get worse, since there are
> substantial economic incentives to make it so.
This doesn't only apply to "SmartPhones". The most widely used Operating S=
ystem (by this I mean Windows) has been issued pre-compromised and has "int=
entionally implanted compromise via Vendor Update" for many years. It is o=
nly unethical when a non-American does it. The excuses and justifications =
are no different.
---
() ascii ribbon campaign against html e-mail
/\ www.asciiribbon.org
