By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Official statement from DHS:
The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story. Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely. Just this month — National Cybersecurity Awareness Month — we launched several government-industry initiatives to develop near- and long-term solutions to manage risk posed by the complex challenges of increasingly global supply chains. These initiatives will build on existing partnerships with a wide range of technology companies to strengthen our nation’s collective cybersecurity and risk management efforts.
For me, having the current U.S. government weighing in publicly on this issue does not fill me with any sense of confidence or reassurance on either side of this story.
But, still: Bloomberg’s Big Hack story should eventually be fully-corroborated, if true. According to their report, there are thousands of compromised servers out there. If there are, security experts will eventually identify these rogue chips and document them.
And whatever you think of a statement from DHS, from what I’ve heard, this is only beginning. Apple is not letting this go.
★ Sunday, 7 October 2018