Tag Archives: Zte

News Bites For June 22, 2018

Latest Cost Estimates For Equifax Breach is $439 Million

According to recent (March) tax filings, costs related to their breach are now $439 million, making the Equifax breach the costliest in US history.  Assuming insurance does pay, it would cover, at most, $125 million, leaving Equifax to write a check for $300  million plus.  Given that none of the lawsuits have been settled yet, that $439 million number is sure to grow.  While Equifax’s investors can write that check, I am sure that none of them are happy about doing so.  (Source: Computing.co)

Apple, Others Allows Russians to Look for Vulnerabilities in Software Used by the Pentagon and FBI

After all, what could go wrong?

U.S. tech companies have given in to Russian, Chinese and other country’s demands to review the source code for their products.  Not only does this expose vulnerabilities (which they likely will NOT point out to the U.S. company), but it also gives away U.S. intellectual property, all in a never ending quest to increase sales and profit.

A bill currently in Congress would force companies who do business with the government to disclose any source code review done by military adversaries.  Forcing companies to disclose will keep the pressure on to stop doing that.

The limited leaks that we have already seen have caused companies to do a quick dance to try and mitigate the PR damage.

The companies say that the reviews are done in company controlled facilities.  I am sure that they use one of those memory wipers from the Men In Black movies on the reviewers before they leave the room.

The knowledge that the Russians and Chinese get is, of course, used against everyday companies as well as the government and is used to build competing products that they sell against ours.

The article has a graphic with examples of software reviewed and who uses it.  (Source: Reuters)

Senate Votes 85 to 10 to Continue ZTE Ban

ZTE, the Chinese electronics maker said to be a national security threat to America, was banned last month, from buying parts and selling products in the U.S. by the Commerce Department.  President Trump tried to overturn the ban, which basically shut the company down, by asking the company to pay a billion dollar fine and saying that would make it a non-threat.  The Senate attached a bill to the Defense Authorization Bill outlawing ZTE, nullifying Trumps gimicky non-solution.  Trump could risk shutting down the Armed Forces by vetoing the bill, but even if he did, which would be an incredibly risky political move given his base, at 85 to 10, any veto would be quickly overridden. (Source: Politico)

macOS Quicklook Feature Exposes Data on Encrypted Volumes

Let’s assume that you have some sensitive pictures and you store them on an encrypted volume on your mac.  MacOS conveniently creates thumbnails of those pictures to show you and stores them unencrypted, so while the full resolution picture is encrypted, the thumbmail is not.  Apple says this is a feature and is not going to fix it.

This problem also exists on Windows.  If you store a Word or Excel document, for example, on an encrypted volume, the temp file that those programs use will be on an unencrypted system volume.  The only way to “fix” this is to encrypt the system volume. (Source: Ars Technica)

Software Supply Chain is a Critical Issue

Recently there have been a number of reports of cities having credit card breaches.  It turns out that it all ties back to the same vendor that those cities all use called Superion.  At least 10 cities have reported being breached and there are probably more.  Superion has finally admitted that the breach was due to a WebLogic (Oracle) bug  that had not been patched.  The cities counted on Superion to keep them safe.  Superion is blaming Oracle.  Ultimately, it is the cities and taxpayers who will foot the bill for this mess – a mess caused by not managing the entire software supply chain from end to end.  Likely those cities were not even aware that they were running Oracle software.  Who’s fault is that?  (Source: Dark Reading)

Facebooktwitterredditlinkedinmailby feather

Washington Can’t Quite Figure Out Cybersecurity

In what is likely no surprise to anyone who watches Washington and especially this administration, there seems to be a bit of confusion regarding cyber security policy.  Is it any wonder, given that, that U.S. businesses are equally confused?

Case in point – ZTE.

ZTE is a Chinese electronics manufacturer with “close ties” to the communist Chinese government.  We should assume that is a covert way of saying that the government controls them.

The U.S. intelligence community, which this administration seems to ignore when convenient, has been saying that there is significant risk in using ZTE phones and electronics.  In fact, the head of the FBI told Americans when testifying before Congress earlier this year to steer clear of ZTE devices because of the risk.

Last month the DoD stopped selling ZTE phones at military base exchanges.

The FCC has taken steps to ban the use of federal funds to buy ZTE equipment.

And most recently, the Commerce Department banned U.S. companies from exporting chips to ZTE.

Not surprisingly, ZTE is, fundamentally, out of business.

In a slightly surprising move, especially in light of President Trump’s rhetoric about protecting American jobs and American technology, the President Tweeted on Sunday that he wants the Commerce Department to relax the ban on a company that steals U.S. technology, likely spies on Americans, kills U.S. jobs and violates the embargo on sales to North Korea.  Trump’s reasoning?

President Xi of China, and I, are working together to give massive Chinese phone company, ZTE, a way to get back into business, fast. Too many jobs in China lost. Commerce Department has been instructed to get it done!

Other than that, Mrs. Lincoln, how was the play?

Republican Senator Rubio from Florida Tweeted:

Problem with ZTE isn’t jobs & trade, it’s national security & espionage. Any telecomm firm in can be forced to act as tool of Chinese espionage without any court order or any other review process. We are crazy to allow them to operate in U.S. without tighter restrictions 

He was far from alone.

What will ultimately happen is unknown, but it seems like it will be very favorable to the Chinese and a really bad deal for the U.S.  Similar to the President’s complaint about the Iran deal.  But, when it comes to politics, the rules are very strange.

The Washington swamp is at it’s normal configuration.

OK, given this, what should you do?

My recommendation is that even though ZTE devices are cheap (because the Communist Chinese government subsidizes them), stay away from them.  There are plenty of lower priced devices from other countries that function quite well.  Probably not as cheap as ZTE, but if you are concerned about American jobs, American technology and American information, don’t do it.  Do not reward the Communist Chinese government.

In fact, the smart money would say to avoid all Communist Chinese electronics – there is just no way of knowing if those devices are spying on you and the evidence is that they are.

But, you say, what do I have that they might want?  The answer to that is that, like the NSA, they never vacuumed up any data that they didn’t like.  Whether it is to look for patterns, to gain intelligence to use against you later or for other reasons unknown, they just do it.  The difference is that the NSA is most likely working for our side.

Information for this post came from The Washington Post.

 

Facebooktwitterredditlinkedinmailby feather

FBI, NSA, CIA Say Don’t Use Huawei, ZTE Phones

The heads of the intelligence community – NSA, CIA, FBI and the Defense Intelligence Agency, appearing in front of the Senate Intelligence Committee, said that Chinese smartphones posed a threat to national security.

Exactly why they singled out those two Chinese phones, compared to the iPhone, which is likely made in the same factory, is not clear.  It would seem that two phones, made in the same factory by the same people would have a similar security risk, but apparently not.

FBI Director Chris Wray said that it was because Huawei and ZTE are beholden to the Chinese government.  I would think that Foxconn, who, for example, makes TVs for Sony and others, Cisco networking gear, HP and Dell computers and Nintendo games would also be beholden to the Chinese government in a very big way.

I suspect there is classified intelligence that they are not sharing that explains why these two companies are being singled out.

The concern, they say, is that these devices could steal information or conduct undetectable surveillance using the phone’s user.

AT&T was going to going to sell Huawei phones but magically decided not to last month.  No doubt these same agencies explained to AT&T why that was not a good plan.

Ultimately, everyone has to make their own decisions, but there are plenty of phones made in Korea, which seems to be a more friendly locale.  There are no phones made in the United States.

Apple and others do buy some parts in the US, like glass from Corning,  but those parts are then shipped to China to be assembled.  Apple is looking at assembling some phones in the US, likely for the PR value, but doesn’t actually do that.  Even if they do, since iPhones represent less than 15% of smartphone sales, that will still mean that 80% to 90% of smartphones are manufactured in other countries.

Information for this post came from CNN.

Facebooktwitterredditlinkedinmailby feather