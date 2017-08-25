'US Intelligence Agencies Should Put Up Or Shut Up With Kaspersky Rumors' (csoonline.com) 39
itwbennett writes: As previously reported on Slashdot, U.S. intelligence agencies have warned against using Kaspersky software amid swirling rumors of ties between Kaspersky Lab executives and the Russian government. White House cybersecurity coordinator Rob Joyce this week advised against consumer use of Kaspersky software. This may be good politics, but CSOonline's Fahmida Rashid warns that it's bad infosec. 'If the government has any evidence -- or even compelling reasons for being suspicious -- it should be sharing that, because many companies and consumers rely on Kaspersky Lab products. The fact that the government hasn't done so makes it likely this is all just geo politics,' writes Rashid. 'There is enough FUD in the market without throwing in politics into decision-making. Organizations should focus on deploying the technology which best addresses their needs.'
I'm thinking its just like the FCC DDOS (Score:3)
Not an outright lie, more like some ignorant interpretation of the facts. A straw man to distract people from the Illegal hacking that our own government does to 'protect' us.
Re: (Score:2)
Re: I'm thinking its just like the FCC DDOS (Score:1)
NBD (Score:1)
"Just" geopolitics. I like that.
It's merely two countries with vast nuclear arsenals and unstable leaders trying to destabilize each other. What could go wrong?
Story link not included in summary (Score:2)
http://www.csoonline.com/artic... [csoonline.com]
Re: (Score:3)
Look to the right of the headline. They made this change a while back. Yes, it's stupid.
Kaspersky = KGB (Score:1)
You might as well email all of your files to Vladimir Putin, and send the KGB credentials for a root account on your computer.
Donald Trump gets paid for acting like Russia's puppet. When you join the KGB botnet by installing Kaspersky, you don't get paid a dime.
Donald Trump is a traitor, and if you install Kaspersky you are a sucker, like Moscow Donald's supporters.
Re: (Score:2)
if you install Kaspersky you are a sucker, like Moscow Donald's supporters
The correct term is 'useful idiot', get it right next time.
IN ALL SERIOUSNESS: I agree with TFA; if there is actual, independently verifiable PROOF that it's compromised by design, then the Feds should release that information. Alternately there are plenty of 'IT security researchers', and 'white hats' and plain old 'hackers' in this country (U.S.) that are more than capable of verifying whether it's spyware or not, with or without government help; where the hell are they with their reports on this?
The government will use a well known line... (Score:2)
'If the government has any evidence -- or even compelling reasons for being suspicious -- it should be sharing that, because many companies and consumers rely on Kaspersky Lab products.
While I wholeheartedly agree with this statement, I will not be surprised if this administration uses the line, "Sharing more of what we already have divulged, will be tantamount to giving up our sources and methods.
BTW, this line was used by Obama administration as well, when they were talking about Russian involvement in last year's elections.
How it makes sense, I cannot figure out.
Re: (Score:2)
Re: (Score:2)
BTW, this line was used by Obama administration as well, when they were talking about Russian involvement in last year's elections.
How it makes sense, I cannot figure out.
I recall that. If one wants the gov to 'put up or shut up' regarding evidence for Kapersky, they should want the same regarding evidence regarding Trump and Russia, but the media seems to be fine with insinuations, a lot more to assume that way.
Rarely do we get all the info we need (Score:2)
This time is no different. There is tons of smoke, and a despot with his hand near the wheel. Regardless of whether or not there is currently corruption, there is nothing stopping it from happening undetected in the future. We have been debating this situation here, at the executive level for over a year. I have been steadfastly against making a change (We use Kaspersky), but at a certain point it comes down to putting your name on the line certifying Kaspersky as safe. Are you comfortable with that? I'm no
It's about risk (Score:3)
You don't have to prove that Kaspersky is in bed with Russian intelligence to not want to use it for government computers.
Merely suspecting it might be is enough reason not to use it.
Re: (Score:1)
Companies like IBM have system boards photographed at the production facilities and then upon delivery, open them up and check them against the photographs because US spy agencies intercept deliveries and modify the hardware. Despite the 24/7 propaganda, Russia hasn't demonstrated itself to be an enemy of the US anymore than say... Israel (which the US has caught on multiple occasions spying on the US), yet Israeli tech is OK?
Proof or GTFO.
Re: (Score:2)
They want you to use the software that they have infiltrated and not that Ruski stuff where they have no access to.
We already know why Kaspersky is untrustworthy (Score:1)
I have the info on why nobody should be using Kaspersky's software, and I don't have any classified intell. I'm about to tell you something that you've probably already known for 20 years:
Virus scanners are bullshit. If your security relies on executing totally untrusted code but hoping to have checked it against a blacklist first, then you have already lost. Your solution is stupid and you're a stupid person for thinking it might have worked.
The way to protect against viruses is to not run any code that
Re: (Score:2)
The way to protect against viruses is to not run any code that you have no reason to trust.
The problem with that is that it means that you can't use any software that you didn't write yourself, wasn't written by a person you know and trust, or that you didn't carefully examine the source to.
Re: (Score:2)
For me it is the software that I DID write myself that I don't trust.
Re: (Score:2)
Re: (Score:2)
The way to protect against viruses is to not run any code that you have no reason to trust. If you are having unprotected sex with a dozen strangers per day, you are going to get an STD even if you ask each stranger "hey, have you been checked out lately?" before each encounter.
Hey look, another Linux user that thinks s/he's totally safe from viruses because he somehow knows better.*
If we're going to talk about cybersecurity like we're really talking about sex, with terms like 'monogamy' and 'condoms', then the closest correct analogy I can give you is that your workplace is your home, every single co-worker is your wife, and the servers are your bed.
Your wife is generally pretty honest but sometimes she hears the call of the void and sleeps around, just this one time because you
What about Chinese hardware? (Score:2)
Why can't they sue for slander/libel? (Score:1)
Decision in the Face of Uncertainty (Score:2)
No need to worry (Score:2)
No need to worry. Most Americans don't take anything the White House has to say seriously, anyway.
They already did.... (Score:2)
They put up. They said that they don't trust them, and that's all they need do. They'd do the same for any other anti-virus product that they didn't trust.
End of Report, end of discussion.
Worry about competing with Russian - NOT (Score:2)
Keeping Exploits Secret (Score:2)