security paranoia, 1 part healthy 4 parts dangerous

Holy crap! Chinese [coughmay becough] able to backdoor routers created over there and shipped to the US!

While I understand contemplating such an attack has some minor value, this is not a slippery slope anyone in security should spend too much time sliding down. You can literally grind your company to a halt by going down this road too loudly. Besides, it’s one of the fundamental limitations of security: you have to trust a lot of things transitively in the world. We like to think of our networks as castles with a nice perimeter, and logically that can still hold up, but when you get deep enough, the materials to build those castles still come from elsewhere.

Do you know where:

…your napkins are created? What if they’re laced with anthrax!?
…your keyboards are created? What if they have hardware keyloggers?!
…your cell phones are created? What if they have GPS trackers and can record/transmit your calls?!
…your softwares are created? What if they have backdoors?!
…your cigars are creased? What if they have calf blood in them?!
…your contractors come from? What if they are ninjas bent on haxing your systems and stealing your company?!
…your air comes from? What if they pump toxins into the air as it prevails over the Pacific to us?!
…your cars from from? What if they are set to explode on Oct 23, 2009?!
…the rocks in your garden come from? What if they are alien invaders disguised as rocks?!
…your best friend is right now? What if he is a shape-shifting self-preserving freak from Antarctica posing as your friend?!

Someone needs to make a security lolcat. “Im in ur paranoya, makin’ u crazee!”

3 thoughts on “security paranoia, 1 part healthy 4 parts dangerous

  1. Oh, you are SO right on here. I just got an email from an acquaintance, warning me not to answer my cell phone while it’s recharging because it could explode. I think this whole society has become neurotic from not having any REAL problems.

  2. Why then does the USAF ban the use of any Lenovo products (they previously used IBM up until the purchase by Lenovo)? Maybe has something to do with the classified technical investigation (which is not available via any FOI request) that was performed by the AF confirming certain suspicions?

  3. I will certainly accept that some groups should be worried about these things. But for most of us in the real world, these are well above and beyond our day-to-day concerns.
    Unless of course something happens, in which case then we can react to it. But I don’t find much value in pre-emptively worrying about such extremes. It’s like taking every Hollywood movie plot and making sure that won’t happen to us.

Comments are closed.