Last Active
  • Apple 'poisoned the well' for client-side CSAM scanning, says former Facebook security chi...

    lkrupp said:
    Remember, people, this is the former 'Facebook security chief’. Facebook and security are mutually exclusionary terms. It’s like trying to put a square peg into a round hole. It ain’t happening.
    Stamos is *highly* respected in the information security community. Speaking as someone who's job title includes the words chief, information, security, and officer, when he says something I almost always find it worth considering and never dismiss it outright based on where he's worked. For what it's worth, by all account his time at Facebook wasn't a harmonious one. 

    He's guest hosted the Risky Business security podcast numerous times. If you want to get a sense of the guy, I recommend listening to those episodes. 
  • New 2021 12.9-inch iPad Pro can't use previous Magic Keyboard

    I just taped a piece of cardboard to the front of my iPad and tried to close the MagicKeyboard... and it closed just fine. I suspect that this is a nonissue that's on its way to becoming the next something-gate. 
  • Zoom 5.0 update bolsters encryption, adds meeting security features

    anome said:
    Upping the security isn't that much of an improvement if it isn't end-to-end. The whole architecture of Zoom is basically a man-in-the-middle vulnerability.
    I keep seeing people decry its lack of end-to-end encryption. Their initial instance that they provide it was stupid, as was how long they held on to that claim before eventually dropping it, but beyond that I do not understand the shortcoming. There is no video conference service that offers end-to-end encryption at scale for large, multipoint sessions. How could that possibly work? That's a genuine question, not rhetorical. I cannot fathom how multiple video sessions could be combined into a single session without a central server that decrypts the individual sessions, combines them, and then sends the combined stream to each percipient. The alternative would be fully meshed connections of each endpoint to all the others but that can't scale out. 
  • U.S. Senate, Google ban Zoom days after its launch of 'security council'

    dysamoria said:
    Can anyone explain to me how this previously utterly-unknown-to-me Zoom suddenly became the video conference product of choice before the current round of realizations about how shitty it is?
    They've been making waves for the past year or two. Other issues notwithstanding, the quality of the service, its ease of use, and its scalability are all well beyond what most competitors seem to be able to manage. I'm not endorsing them or defending them here, but that's really why they became the go to choice for so many in recent weeks.  
  • U.S. Senate, Google ban Zoom days after its launch of 'security council'

    cgWerks said:
    apple_badger said:
    Alex Stamos is very well regarded in the ITSec community. He left Facebook because he couldn't get them to take security seriously enough; his association with Zoom (or it's dissolution) is a good indicator about whether or not they're doing the right things as far as privacy and security.  
    One can hope, I suppose. But, Zoom's track record seems more in line with Facebook than a company that actually wants to do things the right way. They've got a lot of proving to do before they should be trusted.
    I am, indeed, hoping. We've opted to use Zoom in a limited way: the risk, benefit, consequence calculation falls in favour of Zoom at the moment. 

    apple_badger said:
    Western, or at least North American society generally does not reward honesty and straightforwardness about mistakes. Pivoting in the face of new evidence is often characterized as pejoratively flip flopping and something as simple as a genuine apology is seen as an opening to litigation. 
    I get the litigation aspect, but the rest of the world values these things more? What societies are you thinking of?
    As a resident of North America (Canada, but we're amazingly similar to the US in a lot of ways and I'm comfortable lumping us together for this), I'm speaking about my views about my own society. My exclusion of other places is not intended to imply that they're better, only that I don't have enough experience to make any comment about them with respect to this topic :)