Weekly output: supply-chain attacks, Mark Vena podcast, password managers, 5G vs. IMSI catchers, fake vaccination cards

TALLINN, Estonia–I’m writing a post from the other side of the Atlantic for the first time since November of 2019 because of a press trip set up for this week by Estonia’s business-development types to show off the country’s tech sector. That sort of thing would be a non-starter were I on anybody’s staff, but I’m not and I’ve gotten a lot out of a few previous trips along these lines. It does help that Estonia is no Las Vegas in its approach to the pandemic. 

Screenshot of the story as seen in Safari on an iPad8/10/2021: More SolarWinds-style attacks are coming. Here’s how to stop them, Fast Company

I wrote up the keynote that opened Black Hat, in which security researcher (and excellent Twitter individual) Matt Tait outlined how getting hostile code into a software supply chain can yield rewards so outsized that attackers have to work extra to focus their attack.

8/11/2021: SmartTechCheck Podcast by Parks Associates, Mark Vena

This week’s edition of my tech-analyst pal’s podcast featured an unusually contentious debate over Apple’s announced plans to do on-device scanning of photos ready to be uploaded to iCloud for matches of known child sexual-abuse material.

8/12/2021: Best Password Managers of 2021, U.S. News & World Report

I contributed an update to the guide I helped write at the start of this year. My work this time includes profiles of 1Password, Bitwarden, Dashlane, Enpass, and LastPass, plus comparisons of 1Password and LastPass, Dashlane and LastPass, and 1Password and Dashlane.

8/13/2021: 5G defends against IMSI catchers – but implementation is critical, Light Reading

My Black Hat coverage-from-afar continued with this writeup of a briefing about 5G’s vulnerability to IMSI catchers, the fake base stations sometimes used by law-enforcement and national-security investigators as well as criminal enterprises to intercept people’s communications.

8/13/2021: Fake vaccination cards, Al Jazeera

I thought the Arabic-language news network would want me to talk about the technical difficulties involved in making counterfeit-proof vaccination cards, but instead they stuck to such big-picture queries as why people would even want to spend $100 or so on fake vax cards sold by random con artists on Telegram.

Weekly output: Huawei concerns, talking about 5G, states v. Google, Amazon Sidewalk, Russian hacking

I may not have the usual deluge of CES pitches to remind that the year is almost done, but it’s still comforting to think that the number of stories I still owe to various editors in 2020 is now under five.

12/15/2020: Huawei concerns, Al Jazeera

My appearance on the Arabic-language news channel to discuss concerns over the reliability of Huawei’s hardware and software was cut short when my laptop dropped off my home WiFi. Awkward!

12/15/2020: Top 2020 questions: “Why all the hype about 5G?”, Talking Tech with Jefferson Graham

My USAT colleague is taking a buyout at the end of this year, so I joined his podcast for one last time to discuss–what else?–5G wireless, how far it’s fallen short of the hype, and how it might get better in a year or so.

12/18/2020: Here’s What Google Should Worry About Now That Most States Are Suing It, Forbes

I wrote an explainer about the two multi-state antitrust lawsuits filed against Google this week, both of which allege some disturbing misconduct by Google in its advertising businesses.

12/19/2020: Amazon wants your devices to talk to each other. Should you take a walk on Sidewalk?, USA Today

I talked to a few experts–two briefed by Amazon, one a longstanding expert in Internet-of-Things security–about the peer-to-peer network that Amazon is now activating on its smart-home gadgets.

12/19/2020: Russian hacking allegations, Al Jazeera

My producer in AJ’s D.C. bureau evidently had no hard feelings about my WiFi dropout on Tuesday, since he had me back on Saturday evening to discuss revelations of a massive hacking carried out by Russian intelligence.