Hardware Security

Hardware security risks happen obviously. But we all trust our phones, tablets, PCs and laptops to be fundamentally secure. Built that way. Right?

Well maybe mainly hardware is secure but some recent news does beg the question as to whether we are right to assume all is well. Perhaps we are reaching the point where we need some mechanism to check and warrant and continually prove that we are secure and not open to unexpected risk. Recently we have had 2 big cases where fears have been raised but there is precious little fact to go on.

Huawei

The first is the Huawei issue. Essentially, cutting through the technobabble, this boils down to political risk. If the Chinese Government put pressure on the company would they and could they use their power as a supplier to do something we would not want. All this is masked in “are there backdoors” or exploits they could use. These are technical questions but largely irrelevant. The products could be squeaky clean today and tomorrow a new driver update might change all that. So the fundamental question is do we trust the company and can we prove nothing underhand has been done?

Some countries are blocking the use of telecoms network equipment from the Chinese firm.

Intel

The second recent issue is the Intel VISA bug. This is nothing to do with a well know credit card company by the way! The key facts here are that Intel buried a little monitoring and debugging tool into their chips so they could run internal tests. Unfortunately whether by accident or design they left it turned on in production systems. The result is that someone could plug a USB stick into many current PCs servers and laptops and gain access to just about everything. It wouldn’t be simple but it would be possible. Interestingly it is quite a hard problem to fix because, well, it is in the hardware! The only saving grace for this fiasco is that physical access is required to exploit the bug. As far as we know any way!

Can We Trust Manufacturers?

What both these cases have in common is that we live in a very complicated technical world. The average user cannot be expected to even understand the hardware security risks let alone mitigate them. So we have to rely on trust. Trust that we are safe. But trust is built on the premise that someone is checking to make sure that no-one is trying to be naughty. And that someone can put it right if abuse is found.

But is anyone actually looking?  Well, Intel  have a department whose only job is to deal with this stuff. Not sure they are sufficient protection for us given that the VISA bug slipped out. Huawei offer all the assurances in the world but Mr Trump is not falling for that one (allegedly). A cynic might suggest that this is more to do with trade wars with China than any technical concern!

But surely any manufacturer supplying the military or 5G infrastructure or your phone is just as much of a risk? Do we trust Cisco or any of the other big players? Just because the political risk is this side of the fence does that make it less risky? Just because AMD hasn’t fallen victim yet does that mean a bug isn’t there latent in the hardware.

Is there anything to be done. Well yes, its not actually that complicated to solve hardware security risks but it does require political will, technical knowledge and worldwide agreement. Does that seem likely in these fractured political times? In a word, No! So it’s time to keep your fingers crossed, backup like mad and make sure you encrypt everything that leaves your sight. Right? Ok, but then there’s the Whatsapp bug. Even encryption isn’t perfect!

Might be the right time to find a nice warm sandy beach and dig a head shaped hole and pretend nothing is wrong for a year or two! If that’s you and you need someone to keep an eye on your IT security the do contact LIS. It’s what we do!

 

Article 13 – Brave New World?

This could change the Internet forever… What you need to know about Article 13 (“the meme ban”), the new copyright directive and Article 11 (“the link tax”).

MEPs approved Article 13 in a vote in the European Parliament. This went unnoticed by many camouflaged by the Brexit excitement. However this is no minor issue, it is going to be a sea change for the Internet. Now the vote has been passed, the next step is for the laws of individual European countries to be changed to enact the new rules. Countries are free to interpret it and legislate as they see fit. So the only certainty right now is that there is going to be a lot of heat generated. Small businesses, bloggers and all users of the web are likely to be caught in the fall out one way or the other. You do need to be aware if you publish or link to content online. Who doesn’t?

If your business is going to be affected start planning now and contact LIS to assist.

#copyright #internet #business #brexit #memeban #linktax #article13 #article11

What is Article 13? The EU's divisive new copyright plan explained 

Article 13 of the EU’s new copyright directive has sparked huge controversy online, with YouTube campaigning strongly against the proposal. We explain why

 

Password Security

3 in 4 staff would fail a simple password check

You want your staff to watch this video because their weak password security puts your business at risk.

3 in 4 people use passwords so weak, they are very easily hacked. We’re talking:

• 123456
• Pet names, children’ names, spouse’s names
• Football teams, favourite player, etc

Here at LIS almost every day we see the consequences of local businesses being hacked, due to weak passwords.

We’ve got a brand new educational video on password security. Watch it now. If you want to lock things down or need to talk through the problem then contact LIS.