A near-perfect copy of Slashdot was supposedly served to infect "targets" with malware. Since Slashdot isn't the center of the IT world any more, the logical conclusion must be this: Who of us (reading this) is currently being served his HN by GCHQ?
We're here at the heart of what should (and does) bug many IT people over here in Europe: If you work in IT for a company that does something of interest to GCHQ and the NSA, then you and your access credentials are one of those 'targets' they keep speaking about.
Yes but this is NIST (formerly ANSI), and these are essentially credits. Heck even I am in credits at NIST somewhere, it's quite a leap from being mentioned to being tracked by government.
I just assume the intelligence community has penetration into YC at an organizational level anyway. (Not to single out YC, just any firm in that class).
What would be the point of penetrating YC? There isn't much useful intelligence to gain from a startup accelerator. Things might change now that there are a lot of foreigners in the program, but even then, it's a relatively small group of people.
As much as people on this site like to think they're important, I highly doubt that anyone here (with the exception of the infrastructure/security people) matters enough to the intelligence community for anything more than your run-of-the-mill passive wiretapping/eavesdropping that all Americans are being subjected to.
British secret service police wanted an informer on every street and certainly tried to send infiltrators to every minority political meeting they could.
His computer was infected after clicking a (bogus) LinkedIn invitation of a non-existent employee of the European patent office.
Just goes to show how effective phishing attacks are. If a professor of cryptography does not check SSL certificates, far less people do so than we think.
thanks. First sentence of second paragraph had my mind in shambles trying to parse it.
"There isn't a card with an electronic chip available, or it has some sort of security technology that UCL professor Jean-Jacques Quisquater (67) was involved in developing."
I haven't a clue what that means.
[edit] wait, your link just ends up at the same article for me.
Thanks to the mod for the link change. Only found the standaard translation and thought the gigaom was at least some form of a summary and better than a google translated document.
That's a pretty literal translation from Dutch, a better interpretation would be "There isn't a chip card in circulation without security technology based on the work of UCL professor Jean-Jacques Quisquater".
That sentence is not perfectly idiomatic, but it seems to assert that Prof. Quisquater was involved in developing security tech for all chip-equipped cards that are currently available.
That sentence is a literal translation from Dutch. Basically saying that the professor has been involved in the development of basically any card with an electronic chip available.
ISTM that a strict adherence to Kerckhoffs's principle on the part of the professor and his colleagues would reduce the value of this hack to run-of-the-mill NSA/GCHQ creepiness. That is, they're not going to learn any secret keys to CA roots by reading his email. Since they're creepy evil bastards, however, there doesn't have to be a point to it.
That example just shows, how easy it is to be scamed. No matter how smart and how much of an expert you are, you still may be vulnerable from an totally unsuspected angle. Don't ridicule someone who "deserved" it because of his "stupidity" or "naivety", because you may be the next laughing-stock.
Besides the GCHQ aspect, doesn't seem terribly different from other less catchy news stories: "Immunologist gets the flu", "Physical therapist fractures shin", etc.
You make it sound like it happened by chance. However, it's more like "Special Forces kill top terrorist in Absurdistan" (as in, went an extra mile, tailored operation, high-value target).
We're here at the heart of what should (and does) bug many IT people over here in Europe: If you work in IT for a company that does something of interest to GCHQ and the NSA, then you and your access credentials are one of those 'targets' they keep speaking about.