We have a great show today, mostly about what NOT to do! There are several manufacturers and providers, and HUNDREDS of products, that you need to avoid, including some big names like Intel, Adobe, Kaspersky and maybe Huawei. We don’t make these recommendations lightly because we know that if all of our listeners stop buying these products, it will hurt the business of legitimate companies. However, the nature and the scale of the vulnerabilities in these particular products leave no room for doubt – for now. Hopefully, more information comes to light in the future that can resurrect some of these products (except Adobe Flash, which should be removed from every computer everywhere, ASAP).
Raffael Marty is VP of security analytics at Sophos, and is responsible for all strategic efforts around security analytics for the company and its products. He is based in San Francisco, California. Marty is one of the world’s most recognized authorities on security data analytics, big data and visualization. His team at Sophos spans these domains to help build products that provide Internet security solutions to Sophos’ vast global customer base. Previously, Marty launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. With a track record at companies including IBM Research, ArcSight, and Splunk, he is thoroughly familiar with established practices and emerging trends in the big data and security analytics space. Marty is the author of Applied Security Visualization and a frequent speaker at academic and industry events. Zen meditation has become an important part of Raffy’s life, sometimes leading to insights not in data but in life.
Hair of fire: 5 of 5
Like I said in our last few episodes – if you are buying a new computer for yourself or your company, STOP. Strongly recommend that you do not buy any computer with an Intel chip. I don’t make that recommendation lightly.
List of vulerable computers:
Hair on fire= 1 of 5….make your own decision.
FBI, FBI, CIA and NSA say American citizens shouldn’t use Huawei phones. Investigating both on the commercial level (telecom equipment) since 2011
No actual exploits found; thin argument:
The U.S. government has been after Huawei and ZTE since 2011, when the House Intelligence Committee began an investigation of these two firms as telecommunications equipment suppliers. It ultimately found their cooperation with the Chinese authorities suspicious, though no specific backdoors in the equipment were discovered. Since the damaging report came out, however, Lenovo, a Chinese firm, acquired Chicago-based Motorola Mobility from Google — and, despite periodic noises from the Pentagon as well as U.S. and allied intelligence agencies that Lenovo devices pose a security risk, there is no visible pressure on carriers to stop selling Lenovo and Motorola phones.
Hair on fire= 5 out of 5
Time to kill all of your flash plugins. Why?
Don’t need flash on Firefox with any windows device. (HBO on Firefos still seems to be an issue, so use another browser)
Hilarious Note: The certificate on the mac page is not good!
Chromebooks: (These instructions apply to Google Chrome on Windows, Mac, Linux, and Chrome OS.)
Or Google the search terms: “Uninstall Flash”
Hair on fire up to 3 of 5 – this is important
Still no hard evidence, but:
Be aware, stay informed, and avoid the traps on the internet – listen to DIY Cyber Guy every week.
Raffy’s Blog: https://raffy.ch/blog