<Prev | [Index] | Next>

Date: Wed, 15 May 2019 07:05:05 +0000

[Bruce's Crypto-gram has so many RISKS-worthy items that I am going to
stop trying to pick out a few. Here I picked a few items to list from the
table of contents of his latest issue, and only the first item. I urge
some of you to subscribe. PGN]

Bruce Schneier, CTO, IBM Resilient schneier@schneier.com https://www.schneier.com

A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit Crypto-Gram's web page https://www.schneier.com/crypto-gram.html

Read this issue on the web https://www.schneier.com/crypto-gram/archives/2019/0515.html

** *** ***** ******* *********** *************

** IN THIS ISSUE: [PGN-excerpted just a few items]

* China Spying on Undersea Internet Cables
* Vulnerabilities in the WPA3 Wi-Fi Security Protocol
* More on the Triton Malware
* New DNS Hijacking Attacks
* Iranian Cyberespionage Tools Leaked Online
* Excellent Analysis of the Boeing 737 Max Software Problems
* Vulnerability in French Government Tchap Chat App
* Fooling Automated Surveillance Cameras with Patchwork Color Printout
* Stealing Ethereum by Guessing Weak Private Keys
* Why Isn't GDPR Being Enforced?
* Malicious MS Office Macro Creator
* Leaked NSA Hacking Tools
* Amazon Is Losing the War on Fraudulent Sellers
* Another NSA Leaker Identified and Charged
* Cryptanalyzing a Pair of Russian Encryption Algorithms
* Reverse Engineering a Chinese Surveillance App
* Cryptanalysis of SIMON-32/64



Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables. https://www.bloomberg.com/opinion/articles/2019-04-09/china-spying-the-internet-s-underwater-cables-are-next

But now the Chinese conglomerate Huawei Technologies, the leading firm working to deliver 5G telephony networks globally, has gone to sea. Under its Huawei Marine Networks component, it is constructing or improving nearly
100 submarine cables around the world. Last year it completed a cable stretching nearly 4,000 miles from Brazil to Cameroon. (The cable is partly owned by China Unicom, a state-controlled telecom operator.) Rivals claim that Chinese firms are able to lowball the bidding because they receive subsidies from Beijing.

Just as the experts are justifiably concerned about the inclusion of espionage "back doors" in Huawei's 5G technology, Western intelligence professionals oppose the company's engagement in the undersea version, which provides a much bigger bang for the buck because so much data rides on so few cables.

This shouldn't surprise anyone. For years, the US and the Five Eyes have had a monopoly on spying on the Internet around the globe. Other countries want in.

As I have repeatedly said, we need to decide if we are going to build our future Internet systems for security or surveillance. Either everyone gets to spy, or no one gets to spy. And I believe we must choose security over surveillance, and implement a defense-dominant strategy.

<Prev | [Index] | Next>