Are you going to rush out this summer and get a new 5g phone?
Poll - Total Votes: 28
Already got one 🙂
Planning to get one soon
No, I'll wait till 5g comes to my area.
Ain't spending the money!
You can only vote on one answer.
This page is a permanent link to the reply below and its nested replies. See all post replies »
This comment is hidden.
Show Comment
This comment is hidden.
Show Comment
This comment is hidden.
Show Comment
This comment is hidden.
Show Comment
Elessar · 31-35, M
@4meAndyou
Anyone who buys Chinese 5G is a security risk.
I'm not sure they need 5G to infiltrate (y)our network infrastructures tbh, probably existing equipment is already Chinese and/or run Chinese firmwares. Keep in mind that you need a single node in a network to be compromised to potentially access more or less big portions of said network.
4meAndyou · F
@Elessar You are correct. Any data on the cloud is hackable by any really good hacker anywhere. BUT..family plans on 5G are a major problem. A government official might have a secure phone, but they might buy 5G Xfinity plans for their spouse and five kids...who record and photograph everything. The phone becomes a doorway. The hackers can listen in, save photos and enhance them...look at documents from across the room...it's not good.
Elessar · 31-35, M
@4meAndyou The risk of having stuff on the cloud compromised doesn't depend much on the security of the network infrastructure, pretty much the totality of those services use strong encryption between their servers and your device. The biggest risk for that would be laws made with the purpose of introducing deliberate weaknesses in encryption standards, and that would de facto force the providers to lower the security measures, such as:
- https://www.eff.org/deeplinks/2020/07/new-earn-it-bill-still-threatens-encryption-and-free-speech.
- https://www.eff.org/deeplinks/2020/06/senates-new-anti-encryption-bill-even-worse-earn-it-and-thats-saying-something
The risk of having the network infrastructure infiltrated is that they can potentially collect *a lot* of information (mostly from metadata, as almost everything going through the Internet gets encrypted these days, at least without those bills above), disrupt services, isolate portions of said network, track specific nodes, etc.
And technically any device can act as a doorway, even if not built by Chinese. Be it a TV, a phone (either vulnerable because outdated, or affected by a vulnerability found by / known only to them), a router, a wifi extender, an IP camera, an infected laptop.. even Apple devices that theoretically should boot only signed code can practically be infected ("jailbreaking" is essentially invalidating the signature verification process and running unauthorized code in order to gain full root access to the system, and as far as I know pretty much every version of iOS has got jailbroken so far).
- https://www.eff.org/deeplinks/2020/07/new-earn-it-bill-still-threatens-encryption-and-free-speech.
- https://www.eff.org/deeplinks/2020/06/senates-new-anti-encryption-bill-even-worse-earn-it-and-thats-saying-something
The risk of having the network infrastructure infiltrated is that they can potentially collect *a lot* of information (mostly from metadata, as almost everything going through the Internet gets encrypted these days, at least without those bills above), disrupt services, isolate portions of said network, track specific nodes, etc.
And technically any device can act as a doorway, even if not built by Chinese. Be it a TV, a phone (either vulnerable because outdated, or affected by a vulnerability found by / known only to them), a router, a wifi extender, an IP camera, an infected laptop.. even Apple devices that theoretically should boot only signed code can practically be infected ("jailbreaking" is essentially invalidating the signature verification process and running unauthorized code in order to gain full root access to the system, and as far as I know pretty much every version of iOS has got jailbroken so far).
4meAndyou · F
@Elessar I bow to your superior knowledge of encryption legislation.
I know that Smart phones, Smart TV's, and infected laptops can listen in. Re: photos, I like to keep my laptop camera blocked physically. I know the metadata you mention is saved in the cloud by devices such as Amazon's Echo, and similar devices.
But when we are talking about the network infrastructure that controls traffic lights, the computers controlling our electricity and nuclear power plants, we have to be a LOT smarter than we have been in the past. Laypersons, such as myself, watch movies such as Live Free or Die Hard with Bruce Willis with a sense of mind numbing shock.
I know that Smart phones, Smart TV's, and infected laptops can listen in. Re: photos, I like to keep my laptop camera blocked physically. I know the metadata you mention is saved in the cloud by devices such as Amazon's Echo, and similar devices.
But when we are talking about the network infrastructure that controls traffic lights, the computers controlling our electricity and nuclear power plants, we have to be a LOT smarter than we have been in the past. Laypersons, such as myself, watch movies such as Live Free or Die Hard with Bruce Willis with a sense of mind numbing shock.
Elessar · 31-35, M
@4meAndyou Not really about legislation, I know the essentials of cryptography because I actively work with it (notice: WITH, not IN), and it's a well known matter of fact in the field that security through obscurity - which is what you'd get if you require cryptography implementors to put secret backdoors in their algorithms - is extremely insecure. "One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them", placing a deliberate vulnerability by law, even if you keep it hidden, goes totally against this fundamental principle.
With metadata I refer to stuff that goes through the internet all the time, think of the network as an exchange of packets: you can seal it and keep secret the content of a packet (by encryption) but not some metadata essential to its transfer, such as the address of the recipient - otherwise the packet couldn't be delivered, or its weight. Just by analyzing how many, how frequent and how big are the packets you send to a specific destination, a lot can be assumed about your activity already, without even checking the inside of the packet itself.
Such critical facilities and businesses should at least theoretically implement security practices that don't really depend on the public infrastructure security. Then, if they comply or not I don't know. Here in Italy a lot of entities both in the public and private sector tend to overlook security. Then once they get massive ransomware infections, you realize they had still hundreds of (now infected) machines running Windows XP. 😑
With metadata I refer to stuff that goes through the internet all the time, think of the network as an exchange of packets: you can seal it and keep secret the content of a packet (by encryption) but not some metadata essential to its transfer, such as the address of the recipient - otherwise the packet couldn't be delivered, or its weight. Just by analyzing how many, how frequent and how big are the packets you send to a specific destination, a lot can be assumed about your activity already, without even checking the inside of the packet itself.
Such critical facilities and businesses should at least theoretically implement security practices that don't really depend on the public infrastructure security. Then, if they comply or not I don't know. Here in Italy a lot of entities both in the public and private sector tend to overlook security. Then once they get massive ransomware infections, you realize they had still hundreds of (now infected) machines running Windows XP. 😑
4meAndyou · F
@Elessar Yes, that makes sense. Smart televisions, for example, are notorious for giving out a lot of information about us without our intent, as does my laptop. Primarily marketing information.
One company here in the USA, PC Matic, includes ransomware protection for business and for the private sector.
I don't want you to think it is a deficiency in your English which affects my understanding. It is simply a mental block I sometimes experience when dealing with computers.
One company here in the USA, PC Matic, includes ransomware protection for business and for the private sector.
I don't want you to think it is a deficiency in your English which affects my understanding. It is simply a mental block I sometimes experience when dealing with computers.
Elessar · 31-35, M
@4meAndyou Smart televisions are among those devices (like the IoT world in general) that tend to be easily exploitable because their software/firmware is hardly if ever updated, while research in vulnerabilities never stops (and should never stop, otherwise it would be another instance of attempting security through obscurity). Surveillance cameras are another thing, but also routers and network equipment in general (as most people and even businesses won't care much about checking and installing the latest software updates for any and every of them, and sometimes even the producers maintain them only for one year or two).
There are multiple solutions for ransomware, essentially all you need is frequent backups in a location that can't be overwritten by the ransomware itself. The working principle of that type of malware is easy: it takes your files, encrypts them with a key that only the author of the ransomware itself will know, and asks you for a ransom if you want the key (without it it's mathematically impossible to get your data back, unless you have a copy, i.e. that's why backing up stuff is important)
No problem. :)
There are multiple solutions for ransomware, essentially all you need is frequent backups in a location that can't be overwritten by the ransomware itself. The working principle of that type of malware is easy: it takes your files, encrypts them with a key that only the author of the ransomware itself will know, and asks you for a ransom if you want the key (without it it's mathematically impossible to get your data back, unless you have a copy, i.e. that's why backing up stuff is important)
No problem. :)
4meAndyou · F
@Elessar That's part of what the ex used to do every day. He ran a call center for a financial company and had to back up the servers daily.
That's part of the reason for my mental block with all things "computer". My son, and the ex both, were impatient with my self taught computer skills. Every time I tried to learn something new, or asked for help, I was given a demonstration that was so fast I could not follow it...and then I was told it was "easy".😂 Not for ME. I didn't go to college for computers.
That's part of the reason for my mental block with all things "computer". My son, and the ex both, were impatient with my self taught computer skills. Every time I tried to learn something new, or asked for help, I was given a demonstration that was so fast I could not follow it...and then I was told it was "easy".😂 Not for ME. I didn't go to college for computers.
Elessar · 31-35, M
@4meAndyou Ah damn, I'm a strong believer in automation and I would never ever get in a schedule of manually backing up my systems/servers lol. Even because the more things you have to do manually, the higher are the chances of making mistakes (such as even simply forgetting to backup something critical).
It's the pressure that some people put on others what make the latter take distances and "fear" or even hate technology; I see it everyday even at work, unfortunately, with my sw engineer colleague being literally paranoid to the point his wife (in the administration area) is scared of even double clicking on the wrong icon.
Computers/tech are extremely dumb and "mechanical" machines, and if a system is well designed you can't do damage with it unless you purposefully want to. Yet we have people who are scared of even opening a webpage, lol.
It's the pressure that some people put on others what make the latter take distances and "fear" or even hate technology; I see it everyday even at work, unfortunately, with my sw engineer colleague being literally paranoid to the point his wife (in the administration area) is scared of even double clicking on the wrong icon.
Computers/tech are extremely dumb and "mechanical" machines, and if a system is well designed you can't do damage with it unless you purposefully want to. Yet we have people who are scared of even opening a webpage, lol.
Elessar · 31-35, M
@4meAndyou Me neither, actually I don't like being explained things but prefer learning them on my own. Through books, practice, trial and error.. I've literally learned my job like that, and even in uni at some point I stopped going to lessons (attendance is not mandatory in my specific uni) and started studying from reference books and my scores actually improved, lol.
Ah yeah, unsupervised automation is the opposite extreme you want to stay away from. The system we use (Veeam), like many others, lets you know if something goes wrong.
Ah yeah, unsupervised automation is the opposite extreme you want to stay away from. The system we use (Veeam), like many others, lets you know if something goes wrong.