Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government Security Cloud Communications Databases Google Media Microsoft Network Networking Privacy The Internet Windows Wireless Networking Apple Technology Your Rights Online

Apple Worries Spy Technology Has Been Secretly Added To Computer Servers It Buys (businessinsider.com) 251

An anonymous reader writes: According to Business Insider, "[Apple] worries that some of the equipment and cloud services it buys has been compromised by vendors who have agreed to put "back door" technology for government spying, according to a report from The Information's Amir Efrati and Steve Nellis." With many of its cloud-based services like iTunes, the App Store, and iCloud requiring enormous data center to operate, Apple hasn't been able to build all the data centers it needs, and has instead been using services from its rivals, namely Amazon Web Services and Microsoft. Google recently landed Apple as a customer for the Google Cloud Platform. "Meanwhile, [Apple] has embarked on yet another attempt to build more of its own data centers to handle all of that, called Project McQueen, reports Jordan Novet at VentureBeat, and the project is having a rough go of it, reports The Information." Apple suspects that backdoors have been added to many of the servers it has been ordering from others. "At one point, the company even had people taking photographs of the motherboards in the computer servers it was using, then mark down exactly what each chip was, to make sure everything was fully understood."
This discussion has been archived. No new comments can be posted.

Apple Worries Spy Technology Has Been Secretly Added To Computer Servers It Buys

Comments Filter:
  • by R3d M3rcury ( 871886 ) on Wednesday March 23, 2016 @06:54PM (#51765641) Journal

    I know it's a crazy idea, but maybe if Apple built their own servers [wikipedia.org], they wouldn't have to worry about that. Maybe they could even sell a few of them to other companies.

    Nah. Crazy idea. Forget I mentioned it.

    • by sg_oneill ( 159032 ) on Wednesday March 23, 2016 @06:59PM (#51765673)

      Those things where great little units. Expensive, but really well built. We had a couple of them back in the day and they had to be some of the most elegantly designed rack fodder I've come across.

    • Apple execs: "If only we knew someone who could build the servers we need..." [looking around hopelessly]

    • by Space cowboy ( 13680 ) on Wednesday March 23, 2016 @07:01PM (#51765689) Journal

      Anyone who read the article would realise that they were planning on doing exactly that. There is, in fact, a 6-prong plan to make Apple entirely independent of third parties. Part of this involves designing and building their own servers.

      Personally I'd be interested in knowing if they're going to use ARM processors... Those A9X are pretty darn good in terms of computing power per watt.

      • by 93 Escort Wagon ( 326346 ) on Wednesday March 23, 2016 @07:17PM (#51765791)

        Anyone who read the article would realise that they were planning on doing exactly that.

        Assuming what you say plays out - and I read it exactly the same way you did - it will be interesting to see if, at some point, Apple decides to re-enter the server market. I mean, if they're going to be building their own servers anyway, why not see if you can sell a few? There might be people willing to spend the necessary bucks for an Apple-built server, given their stance on privacy and the current lack of trust many techies have for the US government (or most other governments, for that matter).

        • Re: (Score:3, Insightful)

          If you care about security, don't have your headquarters or manufacturing in the USA. Don't buy American anything, and build everything yourself, using your own designs.
          • Re: (Score:3, Insightful)

            So you can buy Chinese components and be hacked by the PRC.

            Unless you're fabricating everything, and writing you're own microcode, there's always a chance someone is going to slip a backdoor in somewhere.

            • by lgw ( 121541 ) on Wednesday March 23, 2016 @09:03PM (#51766353) Journal

              So you can buy Chinese components and be hacked by the PRC.

              Or go to any Five-Eyes nation, and get the same experience. Ditto Russia. Anywhere else, bribery is all the NSA needs.

              Unless you're fabricating everything, and writing you're own microcode, there's always a chance someone is going to slip a backdoor in somewhere.

              That won't help. One of your key employees works for the NSA. It's practical to introduce a change to a mask (after all reviews etc) that subverts the on-chip random number generator, which is all the NSA really needs. There's real worry this has already happened at Intel (I can't remember whether the Snowden revelations included this, or it just seemed logical to crypto geeks).

              There were long discussions on Bruce Schneier's blog about how building a hardware RNG from discrete components you soldered together yourself was the only way to be sure (resistor thermal noise is a pretty good hardware entropy source).

              • by Lennie ( 16154 )

                If I remember correctly:

                The design by Intel was supposed to be something at least Intel could check if Intel built the CPU's correctly, so they could have an extra layer of certainty.

                But a white hack hacker came up with a way to produce the RNG/CPU in such a way to fool the inspection methods.

                Thus Intel can't as easily check if what they are producing is actually correct.

        • It will be interesting to see if they do but given the previous sales numbers I don't find it likely. With the x-server you could buy more for less in the PC space and that will likely remain true.

          • There wasn't a lot of point to having full-blown OS X on a server - the GUI is mostly useless for real admin needs. But they could do their own hardware, but put one of the BSDs on it (or Linux, or even the Unix underpinnings of OS X) and still have an offering they can vet from end to end.

            I don't think they'd ever be a major player in the server space, still. But the world has changed somewhat since they last sold the XServe; plus there wouldn't be a lot of additional cost involved with selling a piece of

            • by KGIII ( 973947 )

              I dunno... With everything virtualized, in a docker, a container, a jail, a VM, running on VMWare, or ESX, or whatever - does the bare metal really matter all that much any more?

              That is actually a real question. I don't really know. I haven't done much at all (outside of for my own use where I use VMWare religiously and have been for years) in a server room. When I was last doing it because we still didn't have enough people we were doing things like clustering, blades where getting popular, distributed com

        • by Lennie ( 16154 )

          I doubt it.

          Google, Microsoft and Facebook also built their own servers, they aren't selling them.

          These are servers built for specific (set of) tasks.

          I would rather see them join the open compute project (where you already have some of the designs from companies like Facebook and Microsoft):
          http://www.opencompute.org/ [opencompute.org]

          Obviously, they could do both. But selling open source hardware that would be weird for Apple, I think ?

          Anyway, other companies do sell hardware from opencompute designs.

      • Part of this involves designing and building their own servers.

        Others do [wired.com]. Not so much for security, I think, as for cost management and optimizing data center operations.

      • So, correct me if I'm wrong, but doesn't this mean that the servers will be built in China just like the servers they're currently buying? I mean, mightn't it be something as simple as changing the sign at the Foxconn assembly line to read "Apple" instead of some other vendor?

        Mind you, I used to do admin on those (noisy!) Apple 1U servers way back when, and they didn't suck. But I don't think there's a chance in hell of Apple building servers in the US. At least on the long term. So although I commisera

        • Not necessarily. Mac Pros are built in Texas. For high value / low quantity items such as servers, they can make those in Texas too.

      • There is, in fact, a 6-prong plan to make Apple entirely independent of third parties.

        Does that plan include in-house fab and foundry? If not, then they can never be truly sure of the "loyalty" of their servers.

    • by ArchieBunker ( 132337 ) on Wednesday March 23, 2016 @07:13PM (#51765769)

      Guess you didn't read about the NSA program where they intercept hardware during shipping and install backdoors or othewise cause tampering.

      • If I was the US my primary target would be Intel. Easy to strong-arm them or simply pay them off. They have their own fab facilities which are currently leading the world. They produce the most used processors, chipsets, and network interfaces in PC servers. Easy enough to get them to produce drop in replacement spy chips. They could even get them to copy other manufacturers chips and clone them. Network chips are DMA devices so have access to all computer memory. Easy enough to swap out in all sorts of de

        • Undoubtedly Russia and China would understand all the above so I would image they would have canary protocols in place with false security information that wold alert them to these technologies if the US acted on the info. Things such as credentials to get to other secure computers all of which are honeypots.

    • Here's a crazier idea. All data uploaded to cloud servers is encrypted so that it is unreadable by servers. Backdoors should be irrelevant.
      • by msauve ( 701917 )
        So the servers which can't interpret this encrypted data process it how, exactly?
        • So the servers which can't interpret this encrypted data process it how, exactly?

          They don't. The point of a cloud server is to store user data, not Apple's data. User's word processing documents, spreadsheets, slideshows, photoshop documents, photos, etc. Whatever they stored to iCloud rather than the local HD.

          • by msauve ( 701917 )
            So, how do they authorize/authenticate these users, if they only have encrypted usernames/password hashes which they can't decrypt? Do you understand how a server works?
            • So, how do they authorize/authenticate these users, if they only have encrypted usernames/password hashes which they can't decrypt?

              Users authenticate on their Mac/iPhone/iPad to an AppleID that is optionally configured for iCloud. The AppleID authentication is something separate from iCloud. Once authenticated to an iCloud enabled AppleID their iCloud storage appears as just another storage device. Files saved to iCloud can be encrypted locally before upload. "Keychains" with the necessary keys are shared between Mac/iPhone/iPad.

            • Do you understand how a server works?

              Maybe does. I am however certain you dont understand cryptography.

              Almost no online service saves passwords. They save a one way hash of the password. When the user puts their own password in, if the hashes match then authentication happens. For basic cloud data theres no need to have any way at all for the *server* to decrypt it.

              It gets a bit more complicated when the data needs to be complicated, invoving row level encryption and all sorts of drama around how that stuff

              • Do you understand how a server works?

                Maybe does. I am however certain you dont understand cryptography.

                Almost no online service saves passwords. They save a one way hash of the password. When the user puts their own password in, if the hashes match then authentication happens. For basic cloud data theres no need to have any way at all for the *server* to decrypt it.

                It gets a bit more complicated when the data needs to be complicated, invoving row level encryption and all sorts of drama around how that stuff interacts, but its entirely possible.

                Ah, but there's your problem - to compare a hash, you need the hash the user provides. But, you can't single out the file from the disk - a (fully) encrypted disk doesn't allow you to know where files start or end. So, your solution would be to unencrypt it with the key - but then you start processing the data unencrypted! Ultimately, having a separate service might work, but that would still require you to leave the filesystem itself unencrypted, if you never want to process the data. That would thus leave

                • Ah, but there's your problem - to compare a hash, you need the hash the user provides. But, you can't single out the file from the disk - a (fully) encrypted disk doesn't allow you to know where files start or end.

                  Let's ignore the detail that Apple is not going to store the "hash" to an AppleID on a 3rd party server where the 3rd party can read it and just go with the above for the sake of argument. One solution is to store the "hash" outside the encrypted drive. Which is what happens on the iPhone itself. The decryption keys are stored outside of the user's storage.

                  Now lets consider that the user needs no encrypted 3rd party disk on the cloud. The Mac/iPhone/iPad encrypts each file saved on the cloud before uploa

                  • Ah, but there's your problem - to compare a hash, you need the hash the user provides. But, you can't single out the file from the disk - a (fully) encrypted disk doesn't allow you to know where files start or end.

                    Let's ignore the detail that Apple is not going to store the "hash" to an AppleID on a 3rd party server where the 3rd party can read it and just go with the above for the sake of argument. One solution is to store the "hash" outside the encrypted drive. Which is what happens on the iPhone itself. The decryption keys are stored outside of the user's storage. Now lets consider that the user needs no encrypted 3rd party disk on the cloud. The Mac/iPhone/iPad encrypts each file saved on the cloud before uploading it. Decrypts it after downloading it. There is no need for a 3rd party to ever see plaintext user files, they need only upload/download cyphertext. Similarly anyone intercepting the network traffic only sees cyphertext.

                    That's one way of handling it, and I suppose it keeps the data itself secure from the processor, so I was wrong there. However, you still run into the problem of the metadata being available to the processor. I may not know the contents, but if I see Mr. Somebody is reading a file 3.6MB large that was created yesterday and has the name "SELFIE230316", it's not hard to deduce what it is. You can hash the name, but all of this done solely on the client side will slow down operations a lot, and might not be p

                  • by AmiMoJo ( 196126 )

                    The Mac/iPhone/iPad encrypts each file saved on the cloud before uploading it. Decrypts it after downloading it. There is no need for a 3rd party to ever see plaintext user files, they need only upload/download cyphertext. Similarly anyone intercepting the network traffic only sees cyphertext.

                    The problem with that method is that it leaks a lot of metadata. File sizes, file IDs, frequency of access etc. You can mitigate it somewhat by archiving files in batches and compressing them before uploading them.

                    Otherwise it becomes possible to do things like track the spread of a particular photo as users send it to each other, even if the photo itself is encrypted (with different keys) any time it is on the network/server.

              • by msauve ( 701917 )
                I understand cryptography much better than you can read. I specifically mentioned hashes. How does a cloud server compare a stored hash which has been encrypted (the GP said encrypt all data kept in the cloud) to the hash generated from a user provided password when it can't decrypt the stored hash?
          • by Sique ( 173459 )
            Cloud services do much more than just store user data. Most cloud offerings include a whole stack of processing facilities. Basicly, cloud computing is distributed computer processing done in a standardized environment with dynamic resource allocation. Offsite storage is just the cheapest way to make use of cloud services in most cases.
        • by kav2k ( 1545689 )

          By using homomorphic encryption [wikipedia.org], of course!

        • by hey! ( 33014 )

          Well, I suppose that the poster is envisioning something like an encrypted filesystem, where your machine, which you trust, encrypts filesystem blocks and stores them out on the cloud, which it doesn't trust.

          This solves the trust problem, but not necessarily the infrastructure problems they have. If they had oodles of server bandwidth to spare in their own data centers but not enough storage, that'd be the way to go. But if they can't process the data in their own data centers, it doesn't help.

    • by JoeyRox ( 2711699 ) on Wednesday March 23, 2016 @07:33PM (#51765887)
      Apple could start rebuilding its own Xservers but it wouldn't be able to afford the purchase price :)
    • by __aaclcg7560 ( 824291 ) on Wednesday March 23, 2016 @08:01PM (#51766061)

      I know it's a crazy idea, but maybe if Apple built their own servers, they wouldn't have to worry about that.

      Or they can buy a rack-mountable chassis for Mac Minis and Mac Pros from Other World Computing.

      http://eshop.macsales.com/search/mac+rack [macsales.com]

    • I know it's a crazy idea, but maybe if Apple built their own servers [wikipedia.org], they wouldn't have to worry about that. Maybe they could even sell a few of them to other companies.

      Nah. Crazy idea. Forget I mentioned it.

      First I was nodding my head, yeah that's a good idea. But wait... does Apple build any of their own hardware?

      • by dbIII ( 701233 )
        That reminds me. Dell didn't build much and they got blindsided when ASUS who did build a lot of their stuff got their own distribution channel.
        I wonder when we can get the Foxcon mini?
    • but you have to have been in this racket at least 10 years to remember Apple Servers.

    • There are some absolutely necessary and needed components: audit, router and firewall tech.
      To some degree this is a different class of tech than most consider as needed for a server farm.

      In a capability based deployment design some of the risks and attacks can
      be compartmentalized and squashed. A single level breach would be limited
      and with good design manageable and near worthless.

      I wondered why Facebook went public on their rack level router project.
      https://code.facebook.com/post... [facebook.com]
      Such projects do no

    • They still need to buy components and these components could be security compromised.
    • by jandrese ( 485 )
      Wow, I didn't know they built those all the way up to 2010. I thought they died out way earlier. I do like the idea of some 1RU box stuffed with A9X chips and drives. Or maybe some A9X variant that ditches the GPU part, Apple is certainly big enough to make something like that work. I wonder if they would sell them or keep them for internal use only.
    • What is the legality of putting spyware into Apple servers? I believe this would qualify as a search, and therefore require a warrant.
  • by Cederic ( 9623 ) on Wednesday March 23, 2016 @06:56PM (#51765651) Journal

    Assume your cloud service provider isn't secure.

    Fuck backdoors, you can't vet their security or admin staff, you can't adequately audit their processes, you can't believe the marketing bullshit they produce.

    So assume they're not secure.

    How you deal with it isn't paranoia. Don't be bloody stupid.

    Encrypt your data at rest. Control the keys yourself.
    Encrypt your data in transit. Control the keys yourself.
    Encrypt your keys. Fuck it, go whole hog if you're that worried about it.

    But Apple aren't in any different position to anybody else, and photographing motherboards? Fuck me, get a life.

    • rack your own server in the DC then and you have full control over the software running on it.

      • rack your own server in the DC then and you have full control over the software running on it.

        Rack your own server in your office if security is actually important to you. At least, if you're capable of maintaining it.

      • by Kjella ( 173770 )

        rack your own server in the DC then and you have full control over the software running on it.

        Long story short, if the military wouldn't put Top Secret information on it you probably don't have "full control". I'm sure Apple is fending off many casual hackers, but if you have to start worrying about hardware backdoors, targeted zero-day exploits, tampering during transport or in the data center, covert surveillance equipment, inside jobs and so on it takes an awful lot more than a dedicated server in a DC.

    • by raymorris ( 2726007 ) on Wednesday March 23, 2016 @07:39PM (#51765921) Journal

      While encryption in transit is good, unfortunately encryption on the server is typically more theatre/ marketing than it is useful security. There are only two things you can do with properly encrypted data - decrypt it or send it to someone who can decrypt it. If the server can decrypt it, and the concern is that the server may be compromised, there's little point in encrypting it.

      As a random example, let's consider the data of which users have purchased which songs on itunes. Apple uses that to know which songs you're allowed to stream. If it's encrypted, their server-side software can't do the lookup , so that can't be encrypted (or the server has to have the key, which amounts to the same thing).

      Essentially the only data that can be usefully encrypted is files sent from a customer's device which Apple doesn't want to read or understand, they just want to send back the exact same binary blob that they received. That CAN be encrypted before it's sent to Apple. But any data that Apple needs to query, change, record, or de-duplicate can't really be usefully encrypted, in general.

      It's an annoying problem, and a hard problem. There was a theory about encrypting data in such a way that you could do some very limited statistical processing on it without being able to actually read the data, but it's pretty limited so approximately nobody uses it. The one major use for data "encrypted" on the server is passwords, where you store a hash and can compare whether the password the person entered is the same as the stored hash. Though that's an important use case, it's only one use case. There aren't too many use cases for storing data you can't retrieve.

      • by Cederic ( 9623 )

        I know, it's a stupid facet of cloud services. Protect your data, but then you can't actually use it on the cloud service.

        Bumping into that one daily :(

      • Out af an academic interest, blind computation (remote execution of an encrypted client's program on encrypted client's data) is possible in theory, but it's very far from being todays' technology. It's possible both classically (with computational complexity assumptions), and quantum [arxiv.org] (unconditionally secure in theory).
    • by Anonymous Coward on Wednesday March 23, 2016 @07:41PM (#51765941)

      Once I worked for an industrial supplier. An international transport company was stealing our chips and inserting their own low-lifespan knockoffs. We would have never known if our customers didn't tell us. They found out by base-lining machines and realizing that some of the new chips coming in had markings that were in a different font.

      If they didn't take pictures of their known-good equipment to compare against, no one would have known and we would have taken the fall for selling bad equipment.

    • You don't need to alter the hardware to backdoor a modern server, you compromise the firmware on the motherboard. No hardware evidence, impossible to detect from software.
    • by Etcetera ( 14711 )

      Better Idea: Don't upload shit to the cloud in the first place.

      PlainTalk speech recognition worked fine on a Power Mac 5200 20 years ago, but Apple forced dictation to go through the cloud until 10.9. The Newton MessagePad 2000 had decent handwriting recognition (finally) and workable natural language analysis.

      All of these things can be performed locally using the crap-ton of processing power and RAM that today's devices have, but "Siri" sends it all to the cloud.

      Want location guessing? Store it locally. Do

    • yep the paranoia from them sounds like they seriously don't understand security. They should ALWAYS be assuming others have access and that some of them may be people you don't want to have access. The way to correctly respond to that is by managing your security, keys, encryption and data correctly then what they have access to in equipment you don't control doesn't actually mater so much.
  • What a shame (Score:2, Insightful)

    by ShaunC ( 203807 )

    It's quite sad that in the United States of America, of all places, this is now a legitimate and very real concern. What in the hell happened to this country?

    • Re:What a shame (Score:5, Insightful)

      by Gussington ( 4512999 ) on Wednesday March 23, 2016 @07:03PM (#51765711)

      It's quite sad that in the United States of America, of all places, this is now a legitimate and very real concern. What in the hell happened to this country?

      At what point in your version of history has industrial espionage never been a concern?

      • by cstdenis ( 1118589 ) on Wednesday March 23, 2016 @09:33PM (#51766471)

        Pre-industrial history of course.

        • At what point in your version of history has industrial espionage never been a concern?

          Pre-industrial history of course.

          Oh, please: everyone totally ripped-off the Nez Perce and didn't pay them bead-one.

      • by Jahoda ( 2715225 )
        I am not sure how you get modded "Insightful" for equating the surveillance apparatus of the NSA and the very fact that Apple has these legitimate worries (while at the same time engaged in a show trial over FBI access to the IOS source code) to "industrial espionage". But you're right: OP was wrong to observe that this is a sad state of affairs in this nation, and I'm glad you were here to belittle his/her concerns. Thanks, citizen.
    • Re:What a shame (Score:5, Interesting)

      by Anonymous Coward on Wednesday March 23, 2016 @07:08PM (#51765739)

      The same thing that happens to every country.

      You see, there is a subset of humans that are interested in having power over other humans. That is their primary drive. Over time such people infect all levels of government, law enforcement, and the upper tier of wealthy business controllers. Each and every day, they find ways of using the power they have to gain even more power, and they never get tired of doing this, and they never give up when defeated.

      Your privacy is a degree of personal power that you would like to keep for yourself. Unfortunately, they want it, and you can't both have it. So, they have taken it.

      Everything that you (and the majority of your social class) aren't willing to violently defend will eventually be taken from you.

    • by jc42 ( 318812 )

      It's quite sad that in the United States of America, of all places, this is now a legitimate and very real concern. What in the hell happened to this country?

      Lessee, I seem to remember that there's a name for the logical error of thinking that the first time you notice something was the first time it ever happened. ... Maybe I should try to dig the term out again and post it here ...

      ;-)

  • Some years back, Virgin Airlines accused British Airways of "dirty tricks", which included unauthorised access to the Virgin (rented) space on the BA bookings computer

    British Airways improperly accessed confidential Virgin Atlantic flight information

    http://law.justia.com/cases/fe... [justia.com]

    VIRGIN ATLANTIC AIRWAYS LIMITED, Plaintiff,
    v.
    BRITISH AIRWAYS PLC, Defendant.

    No. 93 Civ. 7270 (MGC).
    United States District Court, S.D. New York.

    December 30, 1994.

  • by 93 Escort Wagon ( 326346 ) on Wednesday March 23, 2016 @07:01PM (#51765691)

    You guys remember when we'd read about some random individual doing paranoid crap like this, and our first response would be to make fun of the wacko?

    Those were the good old days...

    • by cfalcon ( 779563 )

      Not really, no. Because the paranoid guy was correct but we laughed at him. Now that we have real companies that are privacy minded raising this as a concern, we might actually see some action in this direction, and we might even see vendors stop locking free and open source software / firmware out of their chips for exactly this concern.

    • Well, no. I would have requested proof or evidence, or something that could have been checked.

      Any conclusion should be well grounded, and without contrary evidence is a matter of faith or belief.

      Making fun of a whacko presumes the whackiness, unless it is well known or proven. Until then, it is faith vs. faith.

  • by Anonymous Coward

    The iPhones they used to take the photos with had also been tampered with and edited the images

  • ...encrypt data with a distinct key per individual piece of content using a centralized key management system.

  • Wow ... (Score:5, Insightful)

    by gstoddart ( 321705 ) on Wednesday March 23, 2016 @07:11PM (#51765761) Homepage

    "At one point, the company even had people taking photographs of the motherboards in the computer servers it was using, then mark down exactly what each chip was, to make sure everything was fully understood."

    You know, 15 years ago, give or take, this would have been considered the most absurd tin-foil hat bullshit imaginable.

    Suddenly, we find ourselves in a world where this makes total sense ... which scares the shit out of me.

    It's like the nasty dystopian future, but without cool skater chicks and designer digital drugs.

    • by swb ( 14022 )

      It may have been a paranoid fantasy 15 years ago, but how do you know it wasn't going on then, too?

      You would think that the idea of infecting computer hardware, firmware or installed software with built in backdoors would have been thought of and tried years ago, especially as multiuser or timesharing systems grew where terminals were distributed into lower security areas or had remote dialup access.

      All of this reminds me of the movie "The Conversation", which is a great study in surveillance paranoia.

    • Re:Wow ... (Score:5, Insightful)

      by Solandri ( 704621 ) on Wednesday March 23, 2016 @07:58PM (#51766035)
      It was absurd paranoia back then because 30 years ago we were in a Cold War against an opponent notorious for limiting its citizens' freedoms and spying on everything they were doing. Our leaders had to constantly portray themselves as the polar opposite of that, or risk being voted out of office. Even after the Cold War ended, that mentality lingered.

      Then 15 years ago, 9/11 happened. And suddenly it became "important" for the government to know everything you were doing and saying in private, because Terrorism! It's pretty sad when you start to think the Cold War days were better.
      • by dryeo ( 100693 )

        During the cold war, spying was done on supposed communists. During the '60's, spying was done on the hippies and socialists, at that spying on people who might be socialist or anarchist goes back to the beginning of the 20th century at least, with the Supreme Court at one point ruling that tapping phones did not violate the 4th as they weren't doing it to your physical possessions. Not long after they instituted prohibition and spied on potential bootleggers, which led to more prohibition and spying on the

      • Well, except for the whole thousands of nuclear warheads aimed at the US and USSR on 30 minutes launch notice and let's hope no one makes a mistake thing.

    • Re:Wow ... (Score:4, Insightful)

      by cfalcon ( 779563 ) on Wednesday March 23, 2016 @09:26PM (#51766449)

      > Suddenly, we find ourselves in a world where this makes total sense ... which scares the shit out of me.

      You've always been in a world where this makes total sense. You just didn't want to believe it until now. That's fair- none of us really did- but it's better to have our eyes open so we can fix the problem than just pretending it's not real.

  • by hguorbray ( 967940 ) on Wednesday March 23, 2016 @07:15PM (#51765775)
    when you outsource everything

    -I'm just sayin'
  • So Apple fears that the servers it relies on for its business are not fully under Apple's control, as one's computers ought to be fully under the control of those who own the computer. The same would be true even if the servers weren't virtual. As I understand it, this is part of the reason why Google is keen to build their own hardware and takes some interest free software to run that hardware. As Edward Snowden pointed out in his recent LibrePlanet talk [libreplanet.org] this is the same reason privacy-minded people can't use Apple's equipment either. Snowden mentioned this in terms of Microsoft ("I did not use Windows machines when I was in my operational phase because I couldn't trust them. Not because I knew there was a particular backdoor or anything like that but because I couldn't be sure." circa 5m54s or 8m33s in the prerelease video [libreplanet.org]) but the same insecurity stemming from a lack of freedom issue applies to all proprietors, not just Microsoft.

    In other words there's quite an irony here: the proprietor is coming to terms with the same lack of freedom it imposes on its customers. Apple's iThings include phones that aren't under the owner's exclusive control allowing someone other than the owner to update software on the device. Some other devices (perhaps Apple's as well) don't allow the computer owner to fully control the cryptographic keys used to sign software installed on the device, so these keys are used to keep the owner locked out of full control (or the proprietor from being fully locked out). The updates can and do come in Apple and non-Apple systems without the owner's consent in the name of "convenience" and "safety" (one must ask whose safety is being assured in this scheme) or (as some proprietor sycophants are sure to point out) keeping non-technical users from messing something up. The technical details of precisely where the non-free software lies (on the main computer, on a modem controller, on some other bit of hardware one uses with the system) are no excuses for not providing documented hardware, a means to install a fully free software system, and thus a means to fully own one's own computer.

  • it's never enough to keep up. Lily Tomlin
  • Once a gov has splitters, weak crypto and friendly staff members at a generational design level in place in the past what can now be fixed?
    Hunt down the gov hardware at the optical level thats still part of ongoing investigations and has to be left in place and will be upgraded for many years?
    Thats under some security letter or a secret court has the color of law paperwork.. who even has the authority mention that within the wider brand?
    Clean room the next crypto with a brand new, more advanced team?
    Re
  • It's already done [arstechnica.com] on Cisco equipment so why not servers?

  • by __aaclcg7560 ( 824291 ) on Wednesday March 23, 2016 @07:39PM (#51765925)
    When I worked at the Google help desk in 2008, the powers to be were talking about moving away from the Lenovo laptops because they suspected that the Chinese government were putting a backdoor into the BIOS. When I did contract work for a Google data center in 2011, the only laptops I saw were MacBook Pros from Apple.
    • When I worked at the Google help desk in 2008, the powers to be were talking about moving away from the Lenovo laptops because they suspected that the Chinese government were putting a backdoor into the BIOS. When I did contract work for a Google data center in 2011, the only laptops I saw were MacBook Pros from Apple.

      Google still uses PC laptops from a couple of vendors, as well as Macbooks and, obviously, Chromebooks. Employees pick which they want. They can pick a PC laptop with Linux or Windows, a Macbook with OS X, or a Chromebook. The most common choice is the Macbook, not due to security concerns, but because people really like Apple hardware. If Linux were offered on Macbooks, there probably wouldn't be any PC laptops around. As it is, those who want to run Windows (rare) or a regular Linux system (not ChromeOS),

      • by rthille ( 8526 )

        A coworker was running Mint on his work MBP, but I think he's running QubesOS now.

        • A coworker was running Mint on his work MBP, but I think he's running QubesOS now.

          I didn't mean to say it's not possible to run Linux on Macbooks, just that it's not allowed/supported at Google.

    • FYI, the Macbooks are made by Quanta, a Taiwanese ODM which uses manufacturing factories in China. Nearly all laptops are made by ODMs [wikipedia.org] - they're like OEMs except they also design the product. Quanta also happens to make most of HP's laptops. The entire industry is very hush hush about this. The reality is the name brand of the laptop doesn't really tell you much except how good the aftermarket service will be.

      The top of the line Sony Vaio laptops (Z series) used to be designed and manufactured in Jap
    • by AmiMoJo ( 196126 )

      Seems odd they would distrust Lenovo but be perfectly happy to buy MacBooks, also made in China. Why would Foxconn be any more trustworthy than Lenovo?

      More likely they just wanted Unix machines without the hassle of re-installing or compatibility issues.

  • by WinstonWolfIT ( 1550079 ) on Wednesday March 23, 2016 @10:05PM (#51766581)

    There's nothing to see in the linked articles. Absolutely no interviews or attempt to verify. Idiotic.

  • Apple should ask the FBI to check them......oh, wait

  • I actually saw by a freak chance an industrial grade eavesdropping equipment. It was still fourteen years ago. It was so incredibly tiny.

    I cannot see why it is not being pre-installed in all electric equipment which we buy: cameras, coffee makers, etc. by several services of several powers independently, and also by private entities. No chance whatsoever to find it.

    I think it is time to accept that every word which we say or write is seen and recorded by several governments and private organizations.
  • Welcome to the club. Here is your tin-foil hat and badge to wear when you attend the meetings.

    This is the reality that greed and power bring about. No matter what we use, we all have to consider the very real possibility that the hardware or software is already compromised. Either by malice or incompetence. That feeling sucks doesn't it ? Makes you rethink about what sorts of information you're willing to entrust to the devices in question or if you're going to trust the devices at all.

    The masses, in ge

Ignorance is bliss. -- Thomas Gray Fortune updates the great quotes, #42: BLISS is ignorance.

Working...