Slashdot Mirror
'US Intelligence Agencies Should Put Up Or Shut Up With Kaspersky Rumors' (csoonline.com)
itwbennett writes: As previously reported on Slashdot, U.S. intelligence agencies have warned against using Kaspersky software amid swirling rumors of ties between Kaspersky Lab executives and the Russian government. White House cybersecurity coordinator Rob Joyce this week advised against consumer use of Kaspersky software. This may be good politics, but CSOonline's Fahmida Rashid warns that it's bad infosec. 'If the government has any evidence -- or even compelling reasons for being suspicious -- it should be sharing that, because many companies and consumers rely on Kaspersky Lab products. The fact that the government hasn't done so makes it likely this is all just geo politics,' writes Rashid. 'There is enough FUD in the market without throwing in politics into decision-making. Organizations should focus on deploying the technology which best addresses their needs.'
Not an outright lie, more like some ignorant interpretation of the facts. A straw man to distract people from the Illegal hacking that our own government does to 'protect' us.
This time is no different. There is tons of smoke, and a despot with his hand near the wheel. Regardless of whether or not there is currently corruption, there is nothing stopping it from happening undetected in the future. We have been debating this situation here, at the executive level for over a year. I have been steadfastly against making a change (We use Kaspersky), but at a certain point it comes down to putting your name on the line certifying Kaspersky as safe. Are you comfortable with that? I'm not. So I had to give in. I'm not going to put my job on the line for a commodity security software.
You don't have to prove that Kaspersky is in bed with Russian intelligence to not want to use it for government computers.
Merely suspecting it might be is enough reason not to use it.
"That's the way to do it" - Punch
Look to the right of the headline. They made this change a while back. Yes, it's stupid.
No need to worry. Most Americans don't take anything the White House has to say seriously, anyway.
if you install Kaspersky you are a sucker, like Moscow Donald's supporters
The correct term is 'useful idiot', get it right next time.
IN ALL SERIOUSNESS: I agree with TFA; if there is actual, independently verifiable PROOF that it's compromised by design, then the Feds should release that information. Alternately there are plenty of 'IT security researchers', and 'white hats' and plain old 'hackers' in this country (U.S.) that are more than capable of verifying whether it's spyware or not, with or without government help; where the hell are they with their reports on this?
I got bad news for you, AC: YOU ARE VIOLENTLY STUPID AND UNINFORMED. Otherwise legit software and websites can be compromised into being malware. Even I once went to download drivers for a piece of hardware from the manufacturers own website and antivirus flagged the download as containing a trojan; or are you going to say that a well-known manufacturer of computer hardware was complicit? Antivirus/antimalware is like carrying a parachute with you on a small airplane; you're not planning on jumping out and letting the plane crash, but if things go terribly wrong it's good to know you're not going to DIE in a plane crash. Also, you're a smug bastard who needs his shit slapped. I'll bet if we pulled the HDD's out of your computers and scanned them, they'd probably be LOUSY with malware you aren't even aware of because you have no antivirus/antimalware to catch it.
BTW, this line was used by Obama administration as well, when they were talking about Russian involvement in last year's elections.
How it makes sense, I cannot figure out.
I recall that. If one wants the gov to 'put up or shut up' regarding evidence for Kapersky, they should want the same regarding evidence regarding Trump and Russia, but the media seems to be fine with insinuations, a lot more to assume that way.
For me it is the software that I DID write myself that I don't trust.
Don't fight for your country, if your country does not fight for you.
How are you going to verify if it's spyware or not?
Most likely the software is programmed to download automatic updates. This means that it could go from being benign to being a trojan overnight -- for whichever subset of IP addresses the people running the update servers want.
It's impossible to audit the security of autoupdating code; you're at the mercy of whoever controls the updates.
I believe there is an investigation right now into whether there is evidence of collusion between Trump and Russia.
I believe there is an investigation right now into whether there is evidence of collusion between Trump and Russia.
You are being entirely too sensible - knock it off.
#DeleteChrome
The last thing that the intelligence world wants to do is tell every tom, dick, and harry out here how it spies on other nations and how it catches ppl/organizations.
I am amazed at all of the idiots calling for NSA to out themselves for what they do LEGALLY.
Even now, look at what is going on with trump investiation. Trump/family/admin continue to make a statement that is a lie. So, NSA will release a peice of evidence that refutes those lies, along with offers up another clue. Now, why do they not simply dump all of their data on ppl like Trump, Pence, Bannon, etc for their treason? Because to do so, would allow Russia and China to figure out how we spy on their spies and then get around us. That would be a disaster. The best thing that happens is when these top nations have inside information about POLICY/WHY, but not about the HOW. This has prevented a number of wars. But, once a nation like China get the HOW, then it will lead from this China's cold war with the west, to a full blown hot war, which could lead to nukes.
REAL BAD IDEA.
I prefer the "u" in honour as it seems to be missing these days.
Running Linux alone does not suffice. You also need to avoid the installation of Flash, to avoid javascript, and a few other choices...like not installing applications you don't need. Even that isn't 100% protection, but that's not available anywhere on the planet, probably anywhere in the universe.
If you want to be even more secure (this thing is layered) run some version of BSD with the same restrictions. And then you run the applications that you need to run in a virtualized environment. And that's not the end. You could air-gap all your systems, and remove all wi-fi capabilities. You could run your systems inside a Faraday cage. You could run your power through an AC->DC->AC converter to keep signals from escaping through the power grid.
For my purposes Linux appears safe enough...if I don't trust foreign software, and do reasonable backups. And don't enable known-dangerous extensions. I'm really dubious about HTML5. It looks like it comes with embedded vulnerabilities, as opposed to earlier HTML dialects where the vulnerabilities were part of common extensions that you could remove.
I think we've pushed this "anyone can grow up to be president" thing too far.
You can only sue the US government (in a US court) if you first get their permission.
I think we've pushed this "anyone can grow up to be president" thing too far.
You misunderstand.
If they don't give *ME* evidence, why should *I* trust them. They don't have a very good track record for trustworthiness.
When a liar tells you something, it might be true. But since you know he's a liar you shouldn't readily believe him without evidence.
I think we've pushed this "anyone can grow up to be president" thing too far.
Back during the Cuban Missile Crisis President Kennedy put forward the U-2 photos showing the missile sites. He didn't hide behind the whole sources and methods thing.
If someone's not willing to present their evidence, then you probably shouldn't trust them unless they have demonstrated they can be trusted. The three letter agencies have all demonstrated they cannot be trusted.