Monday, January 25, 2010


"Beware! We know what you're doing," it seems to say.

Another look through the Paller-Scope, developed in Annex C of the All-Seeing Eye Lab.

To top security officers inside big companies, “the story wasn’t about Google and China”, said Alan Paller, director of research at the nonprofit Sans institute for training in cyber security. “The story is about: ‘Oh shoot, they are already inside’. The attacks are one level too sophisticated for the current tools.

Mr. Paller said the Chinese government backs commercial spy operations because it gives the country an advantage in negotiating with western companies.
-- The Financial Times

Alan Paller, director of research at the SANS Institute, says the [Google/China] attacks confirm the threat of pervasive and sophisticated espionage attacks on all organisations. -- Computer Weekly

[Alan Paller] said his research supports the conclusion that every foreign firm operating in China has likely been penetrated and has software on it that enables outsiders to access it at will. And while attribution of attacks is difficult to prove outright, the string of similar attacks on U.S. government and military installations dating back years shows a pattern of behavior that points directly back to Beijing. -- The Cable, Foreign Policy blog

Some sense of humor required. Here.

Air Force Compromised

"The problem with [Security Theatre Expert's] is, everybody wants to be heard and everyone wants to make a name." Here.

The Paller-Scope -- previously.


Blogger João o Ião said...

This comes on the same line of this article at el Reg

So let me get this straight.
The NSA has been actively spying EU industry and governments actions for ages and now the US is shouting foul because the Chinese is doing the same to is industry?

It sucks doesn't it, to be on the wrong end of the stick... or as we say around here "If live in a glass house don't..."

4:30 PM  
Blogger George Smith said...

Hmmm, doesn't really explain how the so-called invisible malware can't eventually be detected by anti-virus companies if it's submitted to them. Or why a program looking at changes to start-up or outbound calls from new guests wouldn't catch it.

There's always some truth in these things. The only problem is figuring out which part is, and what's the frank exaggeration.

Too much officials said this and company men said that and lawmen said this and the only people actually named being vendors. Who always see all and know all.

4:42 PM  
Blogger George Smith said...

It's also worth noting the Christian Science Monitor -- which is what the link references -- used to be a real newspaper until it quit a couple years ago and fired everyone because -- nobody read it. Does that lend itself to big improvements and solid reporting?

It's a web operation only, a mere shadow of its former self.

5:06 PM  

Post a Comment

<< Home