Tuesday, May 20, 2014

The desperation of the "Armageddon"-mongers

The President Barack Obama administration said Monday that the signals intelligence unit of the Chinese military scored private secrets from Alcoa,

Westinghouse, United States Steel, Allegheny Technologies, and a steelworker union among others. If there was any top-secret, Chinese military hacking exploits used, the indictment [PDF] doesn't say. Instead, it appears that old-school trickery was employed to gain all kinds of secrets, including the designs to a nuclear power plant and access to executives' e-mail.

from How China’s army hacked America

Actually, what's really disappointing ("surprising" depends on your level of cynicism) is that the vast majority of this isn't taken care of automatically. Just with existing, unrefined technology (S/MIME, PKI, and hardware tokens) it would be relatively trivial to make forging of email require a physical attack, not merely a remote one. The government and major companies, at least for certain levels of email addresses, all internal email, etc., require signing or the email server simply black holes it. The average executive and worker simply shouldn't ever be seeing a lot of this stuff in the first place. There is no reason for them to have "click to install this" even come through.
from comments on How China’s army hacked America

On a related note, Big Mother Michelle Obama has declared war on children stealing sugary cookies from unsecured cookie jars.