The coming holiday is cutting my publishing schedule short, but I didn’t want to leave too many interesting stories on the cutting room floor. Hence the weekend read comes early this week, and contains a lot more stuff to keep you busy for those couple of extra days. For the long weekend, I have five on security and one on culture. Enjoy!
This first read is about the US government’s collection and maintenance of security vulnerabilities. This is always a tricky topic; if a government knows about security vulnerabilities, there is at least some chance some “bad actor” will, as well. While the government might want to hoard such knowledge, in order to be more effective at breaking into systems, there is at least some possibility that refusing to release information about the vulnerabilities could lead to them not being fixed, and therefore to various systems being comrpomised, resulting in damage to real lives. The US government appears to be rethinking their use and disclosure of vulnerabilities
There can be no doubt that America faces significant risk to our national security and public safety from cyber threats. During the past 25 years, we have moved much of what we value to a digital format and stored it in Internet-connected devices that are vulnerable to exploitation. This risk is increasing as our dependence on technology and the data we store continues to grow such that technology now connects nearly every facet of our society and the critical services that sustain our way of life. This fact is not lost on criminal actors and adversarial nation states who discover and exploit existing flaws in software, hardware, and the actions of legitimate users to steal, disrupt, and destroy data and services critical to our way of life. — The White House
A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a U.S. Department of Homeland Security (DHS) official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. — Calvin Biesecker @ Aviation Today
For years, I researched and wrote about the State Longitudinal Database Systems (SLDS) here in Oklahoma and across the nation (here, here and here), warning that these ill-advised legislative efforts to codify “transparency and accountability” in public schools would end up creating what could only be considered a national database. — Jenni White @ The Federalist
When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company’s futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone’s face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible. — Andy Greenberg @ Wired
Jake Williams awoke last April in an Orlando, Fla., hotel where he was leading a training session. Checking Twitter, Mr. Williams, a cybersecurity expert, was dismayed to discover that he had been thrust into the middle of one of the worst security debacles ever to befall American intelligence. Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. — NY Times
In the wake of the 2015 San Bernardino massacre, the FBI, having failed to open the suspect’s iPhone, turned to Apple, demanding that it break the device’s encryption. Much posturing ensued, in the media, in Congress, and in the Court. During his Congressional testimony, FBI director James Comey (remember him?) was especially aggressive in his misrepresentations: “This will be a one-time-only break-in, we’re not interested in a master key that will unlock Apple’s encryption. — Jean-Louis Gassée @ Monday Note