Shostack + Friends Blog Archive

 

HP: The Kind of Security Theater We Like To Watch

This story just keeps getting more entertaining. “HP targeted reporters before they published” [link to http://news.com.com/HP+targeted+reporters+before+they+published/2100-1014_3-6117497.html?tag=nefd.lede no longer works]. They tried to install spyware on target’s computers, as CNET reported in “HP Spying More Elaborate Than Reported” [link to http://news.com.com/HP+spying+more+elaborate+than+reported/2100-1014_3-6116557.html no longer works]. They engaged in physical surveillance of targets, as reported by the Washington Post in “Extensive Spying Found At HP.” And the Post reports that the CEO knew and approved: “HP CEO Allowed Sting of Reporter,” and Ryan Singel points out that “the Chief Ethics Officer was heavily involved” [link to http://blog.wired.com/27BStroke6/index.blog?entry_id=1560597 no longer works]. Where do you go from there? I hear TSA needs a new privacy officer.

Bruce Schneier writes:

I’m amazed there isn’t more outcry. Pretexting, planting Trojans…this is the sort of thing that would get a “hacker” immediately arrested. But if the chairman of the HP board does it, suddenly it’s a gray area.

Speaking of the Chairman of the HP board, she took the irony cake [link to http://news.com.com/2100-1014_3-6117952.html no longer works] last night:

“All I will say about the maelstrom is that I look forward eagerly, in the near future, to the time when I can set the record straight and go back to leading my life as discreetly as possible,” Dunn said during her after-dinner speech.

And the title? I stole it from Dave Weinstein.