@micahflee Bloomberg's story is complete bullshit. The fact that you lead with it makes it impossible for me to read the rest of the article.

@micahflee Because it destroys your credibility to lead with an article that has been so thoroughly debunked by the Infosec crowd.

@freakazoid @micahflee I don't think it has been thoroughly debunked by the InfoSec crowd, or any other crowd for that matter.

The talk on supply chain attacks and hardware implants concluded that it's possible, just on a different step then Bloomberg suggested. I can totally see Bloomberg messing up which step it implantation happened, but the story still being mostly true.

Also, nobody sued Bloomberg over it. Which would be surprising if the story was completely false.

@rysiek @micahflee I'm aware of that talk. The problem is, the talk doesn't actually present any further evidence that it happened, just that it's possible.

This is the same problem as with UFO sightings: multiple pieces of flawed evidence combined with experts saying it's possible don't add to up to proof.

Until Bloomberg comes up with real evidence, I think their story should be ignored.

@rysiek @micahflee Libel is *extremely* difficult to prove in the United States.

I'm probably overstating things to say it's been "debunked". But here's the problem: their only source is someone who stands to make a lot of money from people being worried about supply chain attacks, because that's his company's product. Their other source has expressed doubts about the claimed attack.

Yes, it's possible. But Bloomberg's reporting is super sloppy, and lots of people have called buillshit on it.

@freakazoid @micahflee now you're moving the goalposts. Instead of "complete bullshit" we're at "possible but sloppy reporting".

Perhaps instead of focusing on that, read The Intercept story and judge it on its own merits?

@rysiek Actually I should have read past the link and realized that @micahflee straight up says the story might be wrong.

My apologies.

"The Intellipedia page also stated that, beginning in 2002, France’s intelligence agency, #DGSE, “delivered #computers and #fax equipment to #Senegal’s security services and by 2004 could access all the information processed by these systems, according to a cooperative source with indirect access.”"

theintercept.com/2019/01/24/co

@micahflee "supply chain attacks are a well-established, if underappreciated, method of surveillance — and much work remains to be done to secure computing devices from this type of compromise."

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!