Best Practice: Travel Light To China 334
Hugh Pickens writes "What may once have sounded like the behavior of a raving paranoid is now considered standard operating procedure for officials at American government agencies, research groups and companies as the NY Times reports how businesses sending representatives to China give them a loaner laptop and cellphone that they wipe clean before they leave and wipe again when they return. 'If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,' says Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence. The scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010 when the chamber learned that servers in China were stealing information from four of its Asia policy experts who frequently visited China. After their trips, even the office printer and a thermostat in one of the chamber's corporate offices were communicating with an internet address in China. The chamber did not disclose how hackers had infiltrated its systems, but its first step after the attack was to bar employees from taking devices with them 'to certain countries,' notably China. 'Everybody knows that if you are doing business in China, in the 21st century, you don't bring anything with you,' says Jacob Olcott, a cybersecurity expert at Good Harbor Consulting. 'That's "Business 101" — at least it should be.'"
Pot calling kettle. (Score:2, Insightful)
Read the subject line.
Re: (Score:2, Funny)
Re: (Score:2, Interesting)
No, it's more the whole "err teh us is evler thn evrybdy else!!!!" drivel. Nobody does espionage like the Chinese, and you know it. Hell, it was a joke at an old job, go into china, turn your phone on, and watch it light up for a good 20 minutes while they downloaded the entire contents of your phone. Oddly enough, I've never seen that happen when I re-enter the US. The US isn't sneaky about it, they just confiscate what they want.
Throw in stuff like how hwawei equipment is banned for deployment in the
Re:Pot calling kettle. (Score:5, Funny)
pot calling kettle
My cooking pots are stainless steel. My kettle is likewise stainless steel. Nether can talk and as far as I'm aware nether has racist tendencies.
It's time that whole pot/kettle thing was just forgotten about.
Re: (Score:2, Informative)
My cooking pots are stainless steel. My kettle is likewise stainless steel. Nether can talk and as far as I'm aware nether has racist tendencies.
Racist? The phrase has nothing to do with racism. A cooking pot or kettle, when used over an open fire, get sooty (i.e. black).
(Or, alternatively, the kettle is clean and shiny, as it's not put on an open fire. Then the pot's accusation is based on its own reflection in the kettle.)
Re:Pot calling kettle. (Score:5, Insightful)
Exactly.
I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us, etc., etc., etc.
I'm sure if you were a major stakeholder in a company with valuable IP, that had business with China you would have a different attitude. The reason you don't need to worry about either is because you don't have any IP of worth that the Chinese want and you are not doing anything illegal. I'm not saying either is OK, just that jet fuel is expensive and following your every move is not worth their time, and how exactly can a drone invade your privacy any more then a manned plane?
Re: (Score:3, Insightful)
Exactly.
I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us, etc., etc., etc.
I'm sure if you were a major stakeholder in a company with valuable IP, that had business with China you would have a different attitude. The reason you don't need to worry about either is because you don't have any IP of worth that the Chinese want and you are not doing anything illegal. I'm not saying either is OK, just that jet fuel is expensive and following your every move is not worth their time, and hquipow exactly can a drone invade your privacy any more then a manned plane?
Saying you don't have to worry about surveillance because you're not doing anything illegal is something like saying you don't have to worry about being shot because one of your legs is artificial. There are so many problems with being able to be put under surveillance by anyone who can flash a badge, or can fake it sufficiently to get away worn it, that concealing potentially illegal activity is almost trivial.
We Americans need to stop this live affair we are having with arbitrary privacy invasion, both
Re: (Score:3, Insightful)
I am worried about the drones, yes.
I am vastly more worried about China if I travel there for work.
I am a not major stakeholder for a company that they would really like some intel on. We have the clean laptop, clean phone policy.
Earlier in the thread someone said pot/kettle, but seriously I don't think that's the case. The US does it's fair share of snooping, yes, but I do not think it is directed at corporate espionage, at least not at the insane level that you see in China.
Does this absolve the US of i
Re:Pot calling kettle. (Score:5, Insightful)
how exactly can a drone invade your privacy any more then a manned plane?
Lower cost. Virtually all of your privacy(especially if you are just Joe Sixpack) isn't protected by some fancy set of 'rights' or a 'judicial system', it's protected by the fact that watching you is too expensive to be worth the likely results.
The cheaper surveillance gets, the further down the food chain you can expect it to go, and the more frequent(and effective, unlike the grainy camera at EZ-mart that has been recording over the same grungy VHS tape since 1997...)
Unless surveillance has some atypically wonky demand curve, which doesn't seem to be the case, lowering the price will increase the amount done.
Re: (Score:3)
how exactly can a drone invade your privacy any more then a manned plane?
Lower cost. Virtually all of your privacy(especially if you are just Joe Sixpack) isn't protected by some fancy set of 'rights' or a 'judicial system', it's protected by the fact that watching you is too expensive to be worth the likely results. The cheaper surveillance gets, the further down the food chain you can expect it to go, and the more frequent(and effective, unlike the grainy camera at EZ-mart that has been recording over the same grungy VHS tape since 1997...) Unless surveillance has some atypically wonky demand curve, which doesn't seem to be the case, lowering the price will increase the amount done.
You failed to answer the question if a drone flies over your house and records you mowing your lawn how is that any different then a manned plane, if either is trampling your rights, then what does frequency have to do with it? My point is if it's perfectly acceptable for DEA agents to fly over corn fields to look for marijuana then how is a drone doing the exact same thing different. There is no distinction between manned and unmanned recording of private property from a plane, they are both in plain sig
Re:Pot calling kettle. (Score:4, Insightful)
Because once the cost is driven down so much by the commoditization of the hardware that it becomes ubiquitous, they will not stop at looking for marijuana crops.
The argument is called a slippery slope and perfectly valid. For popular media references see everything from The Simpsons [simpsonswiki.net] to the Clint Eastwood classic Magnum Force [wikipedia.org].
The distinction isn't manned or unmanned surveillance, it is the frequency and pervasiveness.
[Note: The Magnum Force reference is to the slippery slope argument in general, not necessarily total surveillance in specific.]
Re:Pot calling kettle. (Score:4, Informative)
Your question has been answered. There is no difference, there's just more of it.
I can't make a solid legal argument because it has not been tested. SCOTUS refused to rule on whether GPS tracking, as ean example of constant monitoring, is an invasion of privacy, solely because trespass was involved on placing it there. So the question of whether it is legal to record someone's movements constantly is an unresolved legal question.
It is not a foregone conclusion, as you seem to believe, that non-stop monitoring is perfectly legal. It will be done until it is challenged. Tracking software on top of automated drones makes it possible to track individuals going about their daily lives in fairly good detail at this point, were it allowed to continue. That level of detail is excessive compared to what law enforcement needs to do its job.
I happen to believe that the Constitution and Bill of Rights make it clear that as long as you're not bothering anyone, you're free to act unimpeded. When you start setting off enough flags that someone thinks you're doing something illegal, law enforcement will put together a warrant request and then are allowed to investigate. Constant monitoring, license plate tracking, internet interception, and all of the modern surveillance techniques are so far removed from what the Founding Fathers even considered that there is no way you can just assert it's fine without a court test.
In other words, the question is to you, to argue that this is not an invasion of privacy. Until it is answered by the courts, who have already trampled on just about everything else using a combination of terrorism and commerce clause to steamroll whatever we have left. One side pushes for more surveillance, the other pushes back, and then it gets resolved in a court. Until then you're going to have to bring more to the table than this as a defense.
Re:Pot calling kettle. (Score:4, Insightful)
Historical legal norms, governing what is/isn't protected, what does/doesn't require special permission, etc. are crafted in response to the situations that the lawmakers have to confront, either hypothetically, when crafting legislation, or in actuality, when a case comes before a court. In no small part, those actual and hypothetical situations are influenced by technology, what it costs and what it can do. If something is impossible or economically prohibitive in virtually all cases, there isn't any impetus for legal norms or institutional protections to grow up and prevent it.
Consider, for example, the notion that things done in public spaces are fair game without any sort of warrant. Historically, that seems plausible enough: cops are a limited resource, and people have lousy memories, so everybody who is acting normally enough to be forgotten quickly, and isn't interesting enough to justify the expense of having one or more agents tailing them with a notebook is safe. Thus, in practice the historical standard was not'anything is fair game in public', it was 'anything notable enough for Joe Citizen to remember it later, and anyone worth the expense of tailing manually is fair game'. If, through some innovation in cameras and machine vision, say, it becomes technologically and economically viable to track everybody all the time, the formal 'in public, no problem' standard hasn't been violated; but the previous actual 'only stuff of note, and people suspected enough to spend real money on for some reason' standard is overwhelmingly weakened.
Overflights would be a similar thing: as long as aircraft time costs some hundreds of dollars or more an hour(depending somewhat on your chosen craft and method of cost accounting), the de-facto standard for aerial observation is actually fairly high. It doesn't demand a warrant; but it demands some internal explanation good enough to move those resources. If flyovers cost $10/hour or $1/hour, that de-facto standard would vastly weaken.
That's the real core of the argument: outside of specific, dramatic, cases(like getting evidence stricken from a trial because it was illegally obtained, where your protections are essentially purely legal, since the practical side has already happened and gone against you), the real standards that governed relations between people and the state(or one another) have always been governed to a great degree by logistics, with law stepping in in situations where logistics seemed to be providing a bad result. If you merely examine those accumulated legal fixes, without reference to the logistical situation under which they were enacted, you grossly distort the actual protection(or lack thereof, as in the stereotypical gossipy small town where everybody knows everybody) which a given legal standard implied in practice. Technological change tends not to attack specific, legally formulated, protections/nonprotections very much, it just massively changes their operational significance.
Re: (Score:3)
I wonder... (Score:5, Insightful)
...if people traveling from Russia or China to here are told the same thing?
Re: (Score:2)
these days we are all frienemies
Re: (Score:3, Interesting)
...if people traveling from Russia or China to here are told the same thing?
1) Our security forces focus exclusively on taking peoples shoes off, punishing them for traveling by irradiating travelers, and molest traveling women and children. Definitely the laughingstock of the world's security and customs personnel.
2) Russia occasionally innovates something worth stealing (occasionally...) but China never innovates. Individual Chinese visit the US to go to research colleges etc and innovate, but nothing comes out of China worth stealing. Other than plots to put melamine in baby
Re: (Score:2, Interesting)
1) Our security forces focus exclusively on taking peoples shoes off, punishing them for traveling by irradiating travelers, and molest traveling women and children. Definitely the laughingstock of the world's security and customs personnel.
Commiting minor sexual assult as a matter of routine isn't considered a laughing matter in most countries, it's considered sick.
2) ...China never innovates...
That's the pro-US point of view is it? Who do you think has been supporting the mighty US empire with loans for the last few decades? Who does the US now owe more to than it could ever hope to pay back?
Off the top of my head china invented gunpower and fireworks, paper money, the use of iron, and china ( The stuff cups are made out of ).
Re: (Score:3)
Who do you think has been supporting the mighty US empire with loans for the last few decades? Who does the US now owe more to than it could ever hope to pay back?
First order answer is nothing stops the mint from printing a single $100T bill, and declaring it paid off.
Second order answer is that messes up oil import costs. Once the M.E. is drained dry, or Iran closes the straits, or "whatever", then there is no further point in maintaining the charade. China gets a couple more years of interest payments, then they get something about as valuable as a box of confederate money.
Third order answer is we simply tell them "no". They can't even invade Taiwan... what are
Re:I wonder... (Score:5, Informative)
Keep in mind that China has a recorded history of what, something between 11,000 and 17,000 years?
Say what ? The Qin Shi Huang Emperor "buried the scholars and burned the books" in 213 BCE so the history of anything much before his reign is exceedingly fragmentary. The oldest extant Chinese writings are the Oracle "bones" [wikipedia.org], which date from no earlier than 1500 BCE. Even Sima Qian started his history with the Yellow Emperor (~ 2600 BC), the first ruler he considered as probably historical.
So, two thousand years ? Yes. Three, four thousand ? Maybe. Ten thousand ? No way.
Re:I wonder... (Score:5, Insightful)
I deal with Chinese companies on a regular basis, and can assure you that they are innovating like mad. China is following the same classic development arc, which goes something like copy, steal, make, innovate, that the Japanese did ~ 50 years ago.
Re:I wonder... (Score:4, Insightful)
And USA did right after gaining independence.
Re: (Score:2)
As much as I like my woodblock printing set, there's only so much goodwill such inventions get before I get pissy about my Ray Ban Wayfarers being Chinese fakes.
Re: (Score:3, Interesting)
True, but they do rip off an inordinate amount of IP too.
That's only because western cultures (specifically the handful of rich "content owners") defined IP in such a way that what China and most normal people do these days counts as a violation/infringement. They defined it as such to justify their pricing and distribution schemes (which they're free to do), and to justify government intervention and regulation (which is stupid for all but the few rich/powerful people at the top)
By getting government involved, most of these content owners have become sluggish an
Re: (Score:3)
Fine.
Add "Since the Maoist revolution," to the statement and then dispute. I'm a huge fan of tea, monks who can whoop some arse, and even some of the old music... but I'm not a fan of their current operating procedure.
Re:I wonder... (Score:4, Interesting)
Good point, let's make that more accurate by saying that they haven't innovated since the 15th Century. That definitely changes everything.
I mean, really, what *have* they innovated since then? And no, it's not meant to cut them down. Bear in mind, this is the *reason* that one of the most populous countries in the world, with one of the oldest civilizations could turn into a second rate country in the first place. Do you think the British and Germans and Russians and Japanese could have done squat to China if they had innovated in the last 500 years? No way.
China is doing what the US did in the 19th Century... rip off everything they didn't invent themselves. Although, I will say that even when the US was ripping stuff off, they were actually inventing things too. China still isn't inventing anything other than better ways to censor their Internet.
Re: (Score:3)
This is a patently obvious security thing to do. It has nothing to do with rampant paranoia as the summary suggests. Security on phones is next to non-existent, WiFi is swiftly crackable, and most users do not follow necessary security procedures because security and convenience do not co-exist. Modern office workers have essentially been trained to be lax with security because ignoring security is more productive.
We get away with it for the most part because the domestic dangers tend to be trivial (viru
A good start (Score:5, Insightful)
"Little bit ?" (Score:4, Informative)
China is 1.5 billion people. all of anglosphere and europe AND russia combined, cannot match that market. and its a growing market. not a saturated one.
Lacks disposable income (Score:3)
China is 1.5 billion people. all of anglosphere and europe AND russia combined, cannot match that market. and its a growing market. not a saturated one.
China as a nation has a big GDP yes, but the per capita GDP is right down there with the Dominican Republic. There are a lot of people in China, but as a market western companies can only target the relatively small subset with relatively large disposable incomes. All of the migrant workers etc need their money to eat and clothe themselves and don't have much left over. Also you need to bear in mind that the rules aren't the same across China, some businesses are only possible in the Special Economic Zon
Re:Lacks disposable income (Score:5, Interesting)
The Chinese "middle class" surpassed the population of the entire United States or Europe several years ago. Sure, that still leaves roughly a billion poor people, but with nearly a half-billion doing well, they have some serious internal market power. This also bodes well for political change within China.... a half-billion people with iPhones (or clones) and cars are going to start asking why they don't have more control over their lives at some point.
Of course, with twice as many people stuck in rural poverty while seeing a growing bourgeoisie, there's another potential road to political change....
Re: (Score:2)
Ummm ... So what.
That market is tainted. And everyone knows it.
Quite right, it is. But then so is every other market with government protectionism and the various taxes made up to prevent free trade.
Using less electricity is a great idea and LED lighting is a great way to do that. Have you looked at why LED lighting is so expensive? So called anti-dumping tariffs stranging free trade, that's why.
Re: (Score:2)
from another poster :
The Chinese "middle class" surpassed the population of the entire United States or Europe several years ago. Sure, that still leaves roughly a billion poor people, but with nearly a half-billion doing well, they have some serious internal market power. This also bodes well for political change within China.... a half-billion people with iPhones (or clones) and cars are going to start asking why they don't have more control over their lives at some point.
..........
long story short : dont talk on things you dont know shit about. ..........
in addition are you aware that what selling pathetically low profit margin products to 1 billion people means ? china did the same to entire world - sold everything, even complex products with shitty profit margins. however, entire manufacturing of the planet is in china now.
Re: (Score:3)
Actually, the US is still the largest manufacturing country in the world, although China is catching up.
Re: (Score:2)
Why not an article "Travel Light to US"? (Score:5, Insightful)
Since your laptop can be confiscated legally at the border.
They Do Catch Criminals That Way (Score:5, Insightful)
Since your laptop can be confiscated legally at the border.
I'm not saying it's right for them to be able to do that but they do catch individuals engaged with corporate and even economic espionage [slashdot.org] that way. The key difference here is that it's intended to be an open action against you by US Customs whereas in China the intent is for you to never know anything happened and the key logger or stolen information being covertly used without your knowledge of who did it or even what's going on. I think one is much worse than the other but I guess that's just my opinion.
Re: (Score:3, Insightful)
How do you know that USA does not do similar "covert" operations"?
Echelon is just one example of a covert industrial espionage mechanism established and run by Americans. I would not think US does not do the same things as China, Russia, France or other countries. China is just so convenient to be a scapegoat. If you believe this is just to "catch criminals", you've been convinced by the dark side ;-)
In any case this article is a valuable reminder that nothing is "private" these days, that every electronic
Re: (Score:3)
I'm not saying it's right for them to be able to do that but they do catch individuals engaged with corporate and even economic espionage that way.
Bullshit. Why would anyone try to smuggle data physically through the border instead of sending it on wire?
Re:They Do Catch Criminals That Way (Score:4, Insightful)
Re:Why not an article "Travel Light to US"? (Score:5, Insightful)
Re:Why not an article "Travel Light to US"? (Score:5, Interesting)
General rule of thumb when traveling is to always travel light and poor. The more valuable things you bring with you the more liability that you are lugging around, which may be stolen, confiscated, or make you prime bate to be kidnapped.
Sure you may be street smart enough in your area to see the difference between a criminal and an honest folk, but in a different culture you are green all over again, and prime bate. Even if you are going across the US. In the country and need assistance often you can get help from those guys walking down the street with large riffles in hand (as they are probably just hunting) for those who live in the country these people are not threatening they are just out having a good time. In the City you should avoid the guy walking down the street with a riffle.
Or up in the Northeast, People usually go straight to business with less pleasantries, down south there is more talk and gentlemen behavior. For a Northern folk if someone comes up to you and starts talking all friendly like, you get warning bells that this guys is trying to distract you. If down south someone gets straight to business this guy is just being rude and hiding information so you shouldn't trust him.
Re:Why not an article "Travel Light to US"? (Score:5, Interesting)
If down south someone gets straight to business this guy is just being rude and hiding information so you shouldn't trust him.
I spent a year in the south in the 90s and the reason is people see themselves as instruments of tradition. Historically mobility was low in the south, so a simple business transaction well become a lifetime economic marriage, so there's lots of courting going on. Your GGGgrandpa and his GGGgrandpa probably served in the same civil war regiment, and in fact there probably is a distant genealogically tenuous connection between you two assuming you're genuine southern natives. If nothing bad happens, your kids might very well be expected to continue the business transaction. Also there exists a massive gossip network such that you can assume everyone is all into your business, so if they truly don't know you, they will be mystified as to what you're up to simply due to curiosity. I heard some hilarious jokes that probably only make sense in the rural south about old forgetful people simply relying on their gossip hound neighbors to remind them of stuff, like a human peer to peer network. In the go go go north economic transactions are more of a one night stand or fling at most, so no one cares what church if any you attend, or what military unit you or your GGGgreatgrandpa served in. Its an article of faith amongst the southerners I knew that tradition and reputation (both individual and familial) are extremely valuable, they believe in that about as much as their church, more or less.
Northern business transactions are like a single hand of poker. Southern business transactions are like a multigenerational game of chess or Go. Before you freak out, obviously these stereotypes are only about 75% accurate.
Re: (Score:2)
In the country and need assistance often you can get help from those guys walking down the street with large riffles in hand (as they are probably just hunting)
Yep. I'm Canadian - I still remember being lost while driving in rural Colorado (pre-GPS days) so I asked some guys who happened to have a bunch of guns for directions. They were very friendly and helpful
Re:Why not an article "Travel Light to US"? (Score:5, Interesting)
Yep this is a point on which it is fair to say that America is no better.
The only safe way to take devices there is to wipe your devices clean (an uncertain and damaging act on flash storage) and carry a hard drive with a deniable hidden encrypted partition (including duress key to unlock a decoy partition) containing backups of the devices. Or store the backup online (connecting with an anti-MITM system and using proper encryption of course, that means ONLY YOU have the key and there is no "recovery" option) if you have a shit-ton of bandwidth and time.
Even then they may take your hardware and do who-knows-what to it, as happened to Moxie Marlinspike's phone. Or you may just not get it back at all.
Re:Why not an article "Travel Light to US"? (Score:5, Interesting)
Yep this is a point on which it is fair to say that America is no better.
I'm not sure I'd agree with that. /. readers).
This is a case of them planting trojans on your equipment in China, then exercising that, when you get back to the US.
In the US, this can be (and I'm sure, is) done by folk like the CIA and NSA. However, folks like me don't do it. Foreigners can come to my office, exchange files and information, use my network, and even use my USB fobs with no worries that I'll plant spyware on their machines (I am quite capable of doing so, as, I'm sure, are a significant number of
To have it so prevalent in a nation is a serious, serious indictment. The NSA does not come to my office and demand that I arbitrarily plant trojans on our partners' and customers' machines. If they did, I would fight them fang, tooth and claw.
What is happening in China is very dangerous. Not just for us, but also for the Chinese. They may think they have this tiger by the tail, but they will really be shocked when it turns around and bites them.
Re: (Score:3, Interesting)
The NSA does not come to my office and demand that I arbitrarily plant trojans on our partners' and customers' machines. If they did, I would fight them fang, tooth and claw.
Consider the AT&T interception room, the people working there weren't as upstanding as you. I know it's server-side spying rather than client-side but it's not much better.
Also consider the laws that allow the US government unfettered access to Gmail, Blackberry comms., cellular data...is that so different from the Chinese government asking Chinese companies to spy for them?
And if the Chinese citizens think their government isn't a danger to them, they're morons. They were a danger to their own citizens
Re: (Score:2)
Re:Why not an article "Travel Light to US"? (Score:5, Insightful)
Since your laptop can be confiscated legally at the border.
Yes, but you know it's happened. They scan your laptop for CP and bomb plans, then hand it back. In China, your privacy is raided without you ever knowing. This is the crucial difference.
Kind of dumb... (Score:2)
Travel with a "travel phone" it's a basic phone that does not contain anything important.... EVER.. and yes, wipe it a lot, but a wipe will not help if they flashed a new firmware with spy additions in it.
I would never even think of bringing my daily phone overseas. Bring a disposable that you dont care about.
Re: (Score:2)
Re: (Score:3)
Re:Kind of dumb... (Score:4, Funny)
His phone probably doesn't accept cookies. ;-)
Re: (Score:2)
Why do you think companies hate user's devices? (Score:5, Insightful)
When there are risks of company devices being hacked and used to spy on corporate data, is it any wonder that many companies still refuse to allow personal devices to be connected to the company networks?
Still, you have to wonder how much of these issues are due to poor maintenance and management of the corporate infrastructure enabling the penetrations and attacks.
I've heard of ONE incident where a penetration was actually a zero-day exploit and did not happen because someone didn't upgrade a server or change passwords after employees left the company. 25 years. A quarter century. And only ONE incident that wasn't someone's failure to perform due diligence of maintenance?
That doesn't say much for North America's corporate security policies, does it?
Good practice anywhere (Score:5, Insightful)
Re: (Score:3)
This has been standard practice in many places for years. And not just when travelling to China. Even if you're not working with high value information, there's usually not any justification for taking equipment full of company information abroad.
Wiping your HD after a trip to remove almost all types of malware so you don't bring anything back to the company is new, using a throw away phone so your phone can't be compromised is something new, having a thumb-drive with all your passwords on it so a key logger can't get them is something new. Not taking sensitive data overseas has been a policy for a long time but these new measures are something totally different. This is just the next evolutionary step in the battle to steal IP vs protect IP.
Hang on,,. (Score:5, Funny)
My T510 Came from china in the first place...
A thermostat? (Score:2)
I can see how compromising a printer could be useful if you sent back documents of everything sent to it. But a thermostat? Unless the thermostat was also bugged, I don't see what good infiltrating a thermostat would do. Or why a thermostat would be Internet accessible.
Re:A thermostat? (Score:4, Insightful)
i.e. the Chinese aren't after the thermostat, it was just part of a system which got compromised.
Re: (Score:3)
Not only just another windows box, but a windows box that cannot be upgraded without violating the extremely expensive software support contract. ... the stereotype is if there is an expensive support contract, that machine is gonna get owned.
Seen this happen with numerically controlled machine tools, PBXs, some internet accessible "software as a service" type of apps, some weird embedded stuff I don't think I can talk about
Re: (Score:3)
Re: (Score:2)
Or why a thermostat would be Internet accessible.
Want to know why a thermostat would be Internet accessible? see here [nest.com]
Want to know why a garage door opener would be Internet accessible? see here [sears.com]
More and more things are becoming that way. like it or not.
Done all over the place (Score:2, Interesting)
This is done in every totalitarian country. For example, when David Smick [amazon.com] was in Singapore, he called home and made a comment about being dissatisfied with the hotel room provided to him. When he was picked up the next day, the person "escorting" him apologized for his hotel room not being good.
Here in the States, we're monitored under the auspices of the "War on Drugs" or Terrorism or Child Porn or what have you. When folks say we live in a free country, I have to ask, "Is being monitored being Free?" The
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If you think needing to show an ID is bad, you still live in one of the lucky states for pseudoephedrine. In Oregon and Mississippi [wikipedia.org], you need a prescription to buy it.
Chromium OS (Score:4, Insightful)
Re:Chromium OS (Score:5, Insightful)
Re: (Score:2)
And all your network traffic is compromised via a Man-in-the-Middle attack.
Why do you think Certificate Authorities keep getting compromised?
this is old news (Score:5, Interesting)
If you travel to China, this is old news.
Yes, some businesses are beginning to require wiped travel laptops for entering the US. I have to say that I do not know anyone personally who has had laptop issues at the US border (although I know that there are some people who are on some sort of list and have them frequently). The assumption is, if you go to China, you will probably be hacked, and it's not going to happen at Customs.
By the way, in my experience Chinese firms are incredibly paranoid about this, much more so than US firms. I suspect that paranoia has some justification.
sign (Score:5, Insightful)
Cue all the "BUT THE US IS WORSE THAN CHINA!" posts. You should log off WoW and read a little on Amnesty International about China. Could the USA do much better? Absofreakinglutely - But I can tell you as a Canadian business traveller that the USA is orders of magnitude less intrusive when it comes to visitors to their country. The next time you're in China go try to surf Tibet videos on Youtube and let me know how that goes for you.
Re: (Score:2)
But I can tell you as a Canadian business traveller that the USA is orders of magnitude less intrusive when it comes to visitors to their country. The next time you're in China go try to surf Tibet videos on Youtube and let me know how that goes for you.
I can tell you that Chinese did not require my fingerprints and were very polite to me. Guess who was exactly the opposite?
I also don't care about watching Tibet videos on YouTube when visiting China, I don't watch them at home either.
Have fun watching Al Qaeda videos while killing time in your US hotel.
Re: (Score:3)
I can tell you that Chinese did not require my fingerprints and were very polite to me. Guess who was exactly the opposite?
Oh, for shit's sake, America was rude to you?! Is everyone from your home country a little pantywaist, or is your dipshittery unique?
I like the implications later on:
I also don't care about watching Tibet videos on YouTube when visiting China, I don't watch them at home either.
IOW, 'fuck Tibet [freetibet.org], but Americans were rude to me, so let me start my Intarweb jihad against them.'
Boy, talk about first world problems.
Here's a better idea- (Score:5, Insightful)
Stop doing businees in and with China, entirely. /radical concept I know.
Bring manufacturing and jobs back to your home country/state and improve your own damn economy.
Re: (Score:3)
Too bad the captains of the industry already decided it cannot work. To paraphrase the best one of them, workers in your home country/state are no longer flexible enough, smart enough and diligent enough to contribute enough to your shareholders' returns.
Also, you're not a common radical, you're a delusional and dangerous communist.
Re: (Score:2)
Too bad the captains of the industry already decided it cannot work. To paraphrase the best one of them, workers in your home country/state are no longer flexible enough, smart enough and diligent enough to contribute enough to your shareholders' returns.
Also, you're not a common radical, you're a delusional and dangerous communist.
Translation: They won't work for something that makes poverty wages look generous and lock themselves into a Company Store setup on top of that...
Re:Here's a better idea- (Score:4, Insightful)
His position is obviously against maximizing corporate profits. As such, it is undeniably dangerous, abhorrent, anti-capitalist and utterly unjustifiable, as I already explained. It is also very bad for you, although you probably cannot realize it now. By supporting this position, it looks like you may benefit, but this is most assuredly a delusion. And here's why.
You are a man who thinks in terms of nations and peoples. There are no nations. There are no peoples. There are no Russians. There are no Arabs. There are no Third Worlds. There is no West. There is only one holistic system of systems. One vast and immane, interwoven, interacting, multi-varied, multi-national dominion of dollars. Petro-dollars, electro-dollars, multi-dollars, reichmarks, rands, rubles, pounds and shekels.
It is the international system of currency which determines the totality of life on this planet. That is the natural order of things today. That is the atomic, and sub-atomic and galactic structure of things today.
You get up here on Slashdot howl about America and democracy. There is no America. There is no democracy. There is only IBM and ITT and AT&T, and DuPont, Dow, Google and Apple. Those are the nations of the world today.
We no longer live in a world of nations and ideologies, Mr AC. The world is a college of corporations, inexorably determined by the immutable bye-laws of of business. The world is a business, Mr AC. It has been since man crawled out of the slime.
And our children will live, Mr AC, to see that perfect world, in which there is no war nor famine, oppression or brutality. One vast and ecumenical holding company for whom all men will work to serve a common profit. In which all men will hold a share of stock.
Re: (Score:2)
Re: (Score:2)
Stop doing businees in and with China, entirely. Bring manufacturing and jobs back to your home country/state and improve your own damn economy. /radical concept I know.
And go out of business because your competitors did not and Labor costs here 20x's higher ($0.60/hr vs $12/hr). It is quite radical and the only way it won't be is if US labor costs go down and tarrifs/Made in the US tax exemptions are used to make the US manufacturing industry globally competitive at least in the US markets.
Re: (Score:2)
The US exports, among other things, BMWs to China.
When Americans choose to compete, they can. Automation is the counter to "Asian hordes of cheap labor", which is why companies like Stihl can produce in the US at close to Chinese costs.
"Buy American and subsidise inefficiency" doesn't help US _GLOBAL_ competitiveness.
Re:Here's a better idea- (Score:4, Interesting)
Stop doing businees in and with China, entirely. Bring manufacturing and jobs back to your home country/state and improve your own damn economy. /radical concept I know.
You do realize many of these business travellers (like the ones from my company) are selling stuff *to* China, right? So we're actually generating jobs here....
Re: (Score:2)
News for you, pal, our standard of living is dropping and now over half of the USA is lower income or in poverty. In the 50s/60s, one man with one job could have the house, car, extra income for vacations. I know, I was there.
Plenty of economists believe real wealth creation, rather than paper pyramid scams, are the key to national prosperity. Just because you choose to believe the ones that shill for the banking cartel and stock/derivatives market doesn't mean the wiser points of view don't exist.
Misinformation (Score:4, Funny)
Re: (Score:2)
So take a laptop filled with misinformation, science fiction, and totally bogus stuff. If enough people do this, your adversary will bankrupt himself trying to figure it all out. Extra points for the size of the server farms you can get trying to decrypt output from /dev/random.
Why encrypt /dev/random, when you can have them working to unencrypt pictures from goatwhatever.com? Or if you don't want to have the goat pictures in the first place, encrypt a bunch of demotivational posters. Or if you want to mess with them, use steganography to embed the goat pictures in the posters.
Re: (Score:2)
I propose a new form of encryption called Turtles. Under Turtles when you decrypt an encrypted text, you get another text, that may or may not be the "real" text. You can then decrypt that, and get another text, on and on. The "Key", is knowing when to stop. (Implementation details are left to the reader)
Re: (Score:3)
You should take a look at the pornography laws in China [wikipedia.org] before you do that. That's a good way to land in jail a few years.
portable devices arent so bad (Score:2)
Lets face it. Most companies are ill equipped to defend against compromise and it stems from people treating business computing resources like their personal equipment. Most places find out theyve been compromised by sheer accident. If the Pentagon, NSA, and US military can't keep from being owned* I think there are bigger problems to address.
* http://www.bibliotecapleyades.net/ciencia/secret_projects2/project396.htm [bibliotecapleyades.net]
* http://www.codemysafety.com/?p=1143 [codemysafety.com]
Thermostat?? (Score:2)
OK, I understand the point that any equipment that could have been in Mallory's hands unsupervised needs to be considered compromised, and that it will spread the compromise if you give it a chance. I totally agree.
And I understand that thermostats have IP stacks.
But what attacker then goes and compromises the thermostat? This is the Chamber of Commerce. You're not going to use the last guy turning the heat off in the evening as the time to start your black ops raid. Thermostats don't have microphones (
Re: (Score:2)
Its just a windows box with PLC control software type stuff. IT might not even know about it. It might not be possible to install security patches while maintaining a valid support contract, or maybe fly-by-night-inc.com went out of business and there is no support of any type at all, at which time you pray it never breaks, and never ever touch it or change anything. IT might want you to upgrade from XP, but they're not offering a multi-million dollar capital budget to replace the entire HVAC system, and
Re: (Score:2)
From TFA: "... the Chamber recently discovered a thermostat in a Chamber-owned apartment was communicating ..."
That doesn't sound like a PC-PLC.
Re: (Score:2)
That's a valid point, thanks.
Note. The author is selling something (Score:2)
That said. If you are a CEO of a major corporation, you need to be careful. That is good advice. If I was CEO of Intel, I would be just as careful in the US as in China.
The lesson to take from this (Score:5, Funny)
The lesson to take from this is: don't store valuable information on your thermostat.
Re: (Score:3)
The scene is a dark room with a solitary light bulb suspended by a cord. Two Chinese thugs hold an American businessman hostage.
Thug: Give us the information on the chip fabrication process and we'll let you go. Otherwise, we may have to do something... unpleasant.
Businessman: Do your worst!
Thug: Very well! Turn his home thermostat up... to 71 degrees!
Businessman: N-n-no! You bastards! YOU BASTARDS!
Good to see a sensible attitude (Score:2)
Oh, and about the Slashdot-standard post titled "pot and kettle". Their problems are no concern of us, Ok? We're trying to solve *our* problem here, not theirs.
I personally trust them to be completely up to the task of concealing whatever useful IP they might have when they come here.
Firmware (Score:2)
A noodled firmware would allow the bypassing of any level of HD encryption.
Also assume that the devices are hacked the moment you board the plane. Keep the important bits in your head and don't tell them to the sexy lady who finds you so interesting.
But what of Curiosity? (Score:2)
Any device you bring, and your good buddies then bug, is now a device that you cannot trust; but also a device that can be analyzed for insight into the state of bugging techniques. Turning unknowns into knowns is generally a Good Thing(tm), and ought easily to cover the cost of a bit of burner hardware.
Since you are dealing with threats that
And that doesnt happen in u.s. ? (Score:3)
Nato has been an espionage networ that is called echelon for around 2-3 decades, and its now publicly acknowledged. i have a hard time believing that u.s. did not use the non-military information it intercepted through that or other means, for the benefit of its own corporations - the very corporations which back governments into power there by the way.
Its naive to think that way. abusive parties abuse power, public or private. the only difference in between the chinese and what goes on in the west, is probably chinese do not care much to put a storefront up.
And Now You Know: Don't Trust Symantec (Score:3)
Those who RTTFA (read the third fine article) may have noted the discrepancy between what Mr. Mark Bregman of Symantec does when he travels to China, versus what he sells to the rest of us: he uses a dedicated laptop for China trips, and wipes the device before and after travel. On the other hand, he defends farming out coding to China based on 1) all the big s/w vendors do it, and 2) why worry about malicious code from China, when there have been terrorist attacks on the US committed by US citizens?
Rebuttals, off the cuff:
1) Evidently, capitalists don't just sell the rope that hangs them, they'll also teach you how to tie the noose.
2) Timothy McVeigh and 8 "pro-life" murders over the course of 20 years, vs. opportunity to open back doors into virtually every PC in the United States. I think we need to check whether Mr. Bregman has registered as a lobbyist for the China Central News Agency.