Early this month, Google’s Project Zero revealed a breathtaking attack on multiple OSes, including Apple’s Ios, in which a website that served Uyghur people was found to be hosting at least five different kinds of Ios malware that exploited previously unknown defects in Apple’s code (the attack is presumed to have been the work of the Chinese state, which has been prosecuting a genocidal campaign against Uyghurs, whose high-tech fillips have seen both cities and apps suborned to aid in the pogrom).
The news prompted an industry-wide reassessment of the way that “zero day” defects are deployed by nation-state hackers: previously, these had been viewed as precious rarities deployed only in the most targeted ways, to preserve their efficacy (once a defect is known, it can be patched, and once the patching begins, fewer and fewer devices are left vulnerable). China’s “watering hole” attack on Uyghurs represented an indiscriminate spraying of these Ios zero-days that had never been seen before.
Last week, Apple fired back at Google, with a bizarre, whiny post attempting to minimize the scale of the attack and questioning Google’s conduct in going public.
Alex Stamos (previously) knows a thing or two about working in companies that get security wrong. He famously resigned as Yahoo’s Chief Security Officer in protest of a plan to install an NSA spying tool to scan Yahoo Mail accounts. Then he quit his job as Facebook’s CSO over the company’s inaction on disinformation campaigns. He’s a human warrant canary, a guy whose reliable ethics mean that whenever he departs a great job, there’s probably some kind of scandal lurking behind the scenes (Alex hates it when I call him this. Sorry, Alex — you’re just too damned reliably ethical).
In a wonderful Twitter thread, Stamos addresses Apple’s special pleading, accusing the company of minimizing the scale of the attacks because “it’s ok, it didn’t hit white people.” As Stamos points out, the fact that the attacks targeted Uyghurs likely means that it led to real-world violence — people compromised by those attacks may have been arrested, tortured, even murdered. Stamos praises Google’s security work here, and closes with a direct appeal to Apple employees: “Dear Apple employees: I have worked for companies that took too long to publicly address their responsibilities. This is not a path you want to take. Apple does some incredible security work, but this kind of legal/comms driven response can undermine that work. Demand better.”
Apple’s response to the worst known iOS attack in history should be graded somewhere between “disappointing” and “disgusting”.
First off, disputing Google’s correct use of “indiscriminate” when describing a watering hole attack smacks of “it’s ok, it didn’t hit white people.” https://t.co/xkrRdTQmSB
— Alex Stamos (@alexstamos) September 6, 2019
Many westerners are familiar with Chinese tech giants like Alibaba and Tencent, but I’d never heard of Pinduoduo before today: it’s gamified, group-purchasing bargain-hunting site founded by an ex-Googler four years ago, with 336m active monthly users and a $40b market-cap (analyst and author Rebecca Fannin calls it “Groupon on steroids”).
Kaiser Kuo (previously) is one of the best-informed, most incisive commentators on China — he’s a Chinese-American (literal) rock star, entrepreneur and writer whose presentations on China I’ve been privileged to attend several times, and each one was insightful, surprising and nuanced.
China’s Hong Kong and Macau Affairs Office hosted a press conference on the ongoing Hong Kong pro-democracy uprising, with spokesman Yang Guang directing every branch and agency of Hong Kong’s government (including airports, universities, and the public transit system) to attack the protests, promising “Especially to those key violent criminals and their backstage masterminds, organisers […]
It’s time to unplug. Wireless charging capability has truly arrived, and if you’re looking to de-clutter your countertop or desk, we can’t think of a better way to start. Here are 10 wireless chargers that will add a little feng shui to your charging routine, no matter what the device. Qi Wireless Fast Charging Duo […]
Ask any camper from the greenest Boy Scout to Bear Grylls: If there’s one thing you need on any survival kit, it’s a trusty knife. Here are six of our current favorites, all of them sale-priced, durable enough for any situation and small enough to carry anywhere. BLITZ Mini Tactical Pocket Knife This stubby, folding […]
Got a favorite podcast? You’re not alone. In fact, you’re in the majority: According to a 2019 CBS poll, most Americans have listened to one, and nearly a quarter of them tune in on a regular basis. That’s a lot of ears, and believe it or not, there’s a lot of niches left to fill. […]