Informations about SSL certificates and networks security
Auto Added by WPeMatico
I’ve blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don’t know if the story is true, although I am increasingly skeptical because of the lack of corroborating evidence to emerge. We don’t know anything more, but this is the most comprehensive rebuttal of the story … Read More “More on the Supermicro Spying Story” »
This is a long — and somewhat technical — paper by Chris C. Demchak and Yuval Shavitt about China’s repeated hacking of the Internet Border Gateway Protocol (BGP): “China’s Maxim Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking.” BGP hacking is how large intelligence agencies manipulate Internet routing to … Read More “China’s Hacking of the Border Gateway Protocol” »
Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I linked to other commentary and analysis here.) Again, I … Read More “Another Bloomberg Story about Supply-Chain Hardware Attacks from China” »
I’ve previously written about people cheating in marathon racing by driving — or otherwise getting near the end of the race by faster means than running. In China, two people were convicted of cheating in a pigeon race: The essence of the plan involved training the pigeons to believe they had two homes. The birds … Read More “Cheating in Bird Racing” »
Interesting story of a CIA intelligence network in China that was exposed partly because of a computer security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were … Read More “CIA Network Exposed through Insecure Communications System” »
The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years. The always interesting gruqq has some interesting commentary on the group and its tactics. Lots of detailed information in the report, but I admit that I have never heard of ProtectWise or its research team 401TRG. … Read More “New Report on Chinese Intelligence Cyber-Operations” »
Fake kidnapping fraud: “Most commonly we have unsolicited calls to potential victims in Australia, purporting to represent the people in authority in China and suggesting to intending victims here they have been involved in some sort of offence in China or elsewhere, for which they’re being held responsible,” Commander McLean said. The scammers threaten the … Read More “Kidnapping Fraud” »
Earlier this month, the Pentagon stopped selling phones made by the Chinese companies ZTE and Huawei on military bases because they might be used to spy on their users. It’s a legitimate fear, and perhaps a prudent action. But it’s just one instance of the much larger issue of securing our supply chains. All of … Read More “Supply-Chain Security” »
Apple is bowing to pressure from the Chinese government and storing encryption keys in China. While I would prefer it if it would take a stand against China, I really can’t blame it for putting its business model ahead of its desires for customer privacy. Two more articles. Powered by WPeMatico
Interesting article by Major General Hao Yeli, Chinese People’s Liberation Army (ret.), a senior advisor at the China International Institute for Strategic Society, Vice President of China Institute for Innovation and Development Strategy, and the Chair of the Guanchao Cyber Forum. Against the background of globalization and the internet era, the emerging cyber sovereignty concept … Read More “Article from a Former Chinese PLA General on Cyber Sovereignty” »