U.S. President Joe Biden has informed Americans that a potential cyberwar with Russia is likely. And we should be prepared for the consequences and havoc it can cause on such a society. It is common knowledge many of our industries, corporations, and infrastructure services, such as the electrical grid, are weak and can fall victim to large-scale attacks. Even Americans have weak defenses on our computers.  

“Given the administration’s stellar track record in predicting Russian moves in its attack on Ukraine, we should take this warning seriously,” wrote Richard Bennett, a writer, and analyst focusing on telecom and network. “Cyberwar is a business conducted by firms and individual actors with a rapidly changing arsenal of software-based tools.” 

The timing of the White House release was at best a coincidence, and at worst, curious since it came on the same day Apple experienced a massive outage in its online services. To be very clear, what I am about to write is hypothetical, and I am putting it in my “what if” buckets. 

An odd and somewhat crazy thought crossed my mind — what if the outage resulted from an attempt to compromise Apple’s crown jewel — its Keychain, end-to-end encryption, and the iMessage. Like many, I have had blind faith in Apple’s capabilities to protect my privacy and data. I am not alone, and many folks in the government and corporate America have faith in Apple’s capabilities. So this keychain could be a single point of information security failure that could impact a lot of folks across America. Forget America — with hundreds of millions of iPhones, a breach’s impact will likely have an impact globally. 

If the cyberwar starts to unfold, password management services such 1Password, could find themselves under extreme pressure. Yes, they all have pretty blue chip reputations, and impecable infrastucture. It is crazy to even suggest as much. However, read the headlines just from today — a ransomware group is rumored to have accessed Okta’s database, which provides trusted authentication services to about 15,000 companies. The same ransomware group has claimed that it stole source code from Microsoft. If this is even fractionally true, then basically every company is vulnerable. 

No matter how secure we might feel, at this point, our password defense is our biggest strength and our biggest weakness. 

PS: Bennett has some good advice: follow the news, check for patches, and update daily. Keep a local copy of your data, just in case you need to wipe your computer and restore it. That’s the best for now. 

March 22, 2022. San Francisco


WORTH READING

The Pursuit of Productivity is a trap: “in a culture so focused on managing time, we have become subservient to it,” writes Lawrence Yeo. “By scheduling your day down to the last minute, you introduce an anxiety from managing your real-time progress to an imagined vision.”

The Joy of Physical Media: David Mitchell, a British comedian, points to the growing sales of physical media formats (including books) as a sign that digital (streaming) lacks a loving feeling. I am sadly in the “streaming is convenient” camp, though I tend to buy my music from Bandcamp to support the artists, not because I want a download taking up space on my hard drive.

We all still don’t understand Substack: Nathan Baschez, who was with Substack in its earliest days, explains why the newsletter platform differs from most other media startups. I kind of agree with Nathan.


What I am reading today

An Elizabethan cyberwar. An excellent piece about the growing tensions between US and China. [The New York Times] The state of responsive design. [Smashing Mobile] How to survive the Series A crunch from someone who didn’t. [Sean Percival] This is a blog post. It is not a blog. Great rant. [Forrest Wickman] Can Sephora make-up … Continue reading What I am reading today