FOD Fireball’s Observations of the Day June 20 through 25, 2017

Friends of FOD

A bit delayed on this edition.  I’ve been moving the last few days.  It’s a pain in the butt.  And it doesn’t get easier with age or with the number of moves made in my lifetime.  Suffice it to say I’ve traded a great lake view for a great mountain view.   So things have gotten a bit behind.  Plus I had to wait until today to get my internet installed.  I know – excuses will be listened to, but not tolerated!

 

US Companies Providing Russians with Security Source Code

We have known for quite some time the Russians are employing every possible cyber tactic to undermine US computer systems, establish hacker networks and steal millions of dollars on a recurring basis.  So where are they getting some of the most critical product security secrets you might ask?  From the very companies developing the software.  Cisco, IBM and SAP have all acknowledged and acceded to the demands by Russia to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting these products to be imported to and sold in Russia.  This, according to Reuters, has been going on for quite some time and those requests have increased since 2014.  Supposedly these requests are done to ensure foreign spy agencies have not hidden and “backdoors” that would allow them to borrow into Russian computer systems.  But in doing so Russian inspectors have the opportunity to find vulnerabilities in products’ source code and instructions that control both basic and advanced operations of computer equipment.  While a number of U.S. firms say they are playing ball to preserve their entree to Russia’s huge tech market, at least one U.S. firm, Symantec, told Reuters it has stopped cooperating with the source code reviews over security concerns. That halt has not been previously reported.  Symantec said one of the labs inspecting its products was not independent enough from the Russian government.  U.S. officials say they have warned firms about the risks of allowing the Russians to review their products’ source code, because of fears it could be used in cyber attacks. But they say they have no legal authority to stop the practice unless the technology has restricted military applications or violates U.S. sanctions.  (photo above left is the Russian Security Service Building).  From their side, companies say they are under pressure to acquiesce to the demands from Russian regulators or risk being shut out of a lucrative market. The companies say they only allow Russia to review their source code in secure facilities that prevent code from being copied or altered.  I wish I were making this up.  My recommendation – don’t sell them anything – let ’em rot.

Continue reading “FOD Fireball’s Observations of the Day June 20 through 25, 2017”