This is the most bizarre thing I've heard. People want Snapchat, Instagram. People have LinkedIn. No one wants it. It's a dinosaur. People using it actively just haven't realized it's dead already.

What makes you say that? Why do you think this is rogue employee behavior?

LinkedIn at 10% of Facebook's cap is super over valued. It's pure spam. Everyone is suggesting Microsoft will improve, add features! It would have been better and cheaper to create from scratch. LinkedIn exists in a space that none of the big player care to enter seriously.

It would not have been cheaper to create from scratch, certainly not in a reasonable amount of time. You're truly underestimating just how sticky a product like LinkedIn really is.

Facebook is irritating and intrusive. LinkedIn is spam. It's garbage used because legacy and lack of alternative.

Not relevant to your point, but Hoover never retired. He died in office.

With that much power, he was only ever going to leave in a coffin.

Good point!

Host OS being compromised is one thing. Hardware compromised? VM won't help you

I really hope you're not involved with securing sensitive systems. This is the nightmare right here. Who cares about hardened a OS when the hardware is compromised in a way that is virtually undetectable. Very few have the resources to verify every item on the board and its purpose. The fact that this is even possible is a problem.

That's a distinction without a difference imo. "Oh, thank goodness I was compromised by a hardware backdoor not a software flaw. What a relief!"

"backdoor" and "attack" refer to entirely distinct concepts: backdoor is, given administrative access to equipment or code, installing an hidden component that will be used later by an adversary.

"attack" is the operational word, sometimes using a backdoor but mostly just exploiting a given system to your benefit.

Coming to read this article, I'd have no problem if it stated "the most sophisticated backdoor I've ever seen", but it implied that it exposes an unprecedentedly sophisticated attack - I was expecting something operational of the Stuxnet variety, and instead I got a research paper.

If this article showed how this backdoor was embedded into a real (commercial and widely used) chip - unbeknownst to the chip maker - and later used by an actual adversary, then that would be an attack.

You do realize that Stuxnet required a failure of physical security. Either an agent inserted intentionally via USB or an employee inserted a compromised USB unwillingly. Neither should happen in a secure facility.

The paper shows simple yet sophisticated POC. The simplicity is the scary part. BTW, do you think the University of Michigan spends more on research than the NSA, GCHQ, BND, DGSE, 3PLA, etc.

Looking at my pay check tells me that Michigan does not pay more than said agencies :).

There is some value to precision in terminology, but here it seems to me to be merely pedantic. Are there any important practical consequences at issue here?

It's a big difference, especially in a legal sense, and if that attacker is a government player.

Walking in a back door which you have a key for, if argued correctly in a court, is a lot different than breaking in through a window.

No. If your job is to secure systems there is zero difference. If other than primary has key, it's not secure. If you can break in, it's not secure. Legal arguments are irrelevant.

I am not convinced that the legal difference will carry much weight with all the potential exploiters, but if it does, there is always the question of how you acquired the key.

Android has approximately 85% of worldwide market. I think his statement is justified.

While Android is a smartphone OS, it is questionable whether android devices are being used as smartphones by majority of the users who have android devices.

Most of those phones are at the extreme low end and aren't used as smartphones the way iPhones are

And yet the Play Store generates way less money than the App Store. It's ridiculous how lopsided the difference is actually. I mean, does that 15% really have more spendable money than the other 85%? Something else has to account for these results.

Android is more popular in emerging markets. In most of these markets cash or mobile money payments are common. Most banks locally charge a monthly fee to have your card enabled to do online payments which is a pain in itself. Oflate things have started to change as most retail giants have started offering branded prepaid cards for both online payments and loyalty points.