Weekly output: Samsung self-repair, FCC chair’s security concerns, tech-policy forecast, password managers, Google layoffs, electric-car progress, legal risks for security research

This week had me head into D.C. for work events four days in a row, something that last happened in early 2020.

1/17/2023: Samsung ‘Self-Repair’ Program Adds Galaxy S22 Phones, Some Galaxy Books, PCMag

The post I wrote after Samsung gave me an advance copy of their press release noted the limited number of replacement parts offered under this program, but Technica’s Ron Amadeo–who has a lot more experience with Samsung gadgets than I do–went into detail about how much it doesn’t cover.

1/18/2023: FCC Chair: 5G Expansion Creates ‘Broader Attack Surface’ for Cyberattacks, PCMag

I watched a brief but fairly info-dense speech by FCC chair Jessica Rosenworcel about privacy and security risks to U.S. wireless networks and their customers.

Screenshot of the story in Safari for iPadOS, illustrated with a photo of the Capitol not long after sunrise.1/18/2023: Is This the Year Congress Finally Tackles Privacy Legislation?, PCMag

Betteridge’s law of headlines suggests that the answer to that question is “no.” A look at the last decade of Congressional inaction on privacy also points to a negative answer.

1/19/2023: Considering an app to manage your passwords? This advice will be key no matter which app you choose., USA Today

This column got published considerably after I filed it, and I don’t exactly know why. Fortunately (or unfortunately, if you’re a LastPass customer), LastPass hasn’t provided any more clarity about its data breach since I wrote the piece.

1/20/2023: Google layoffs, Al Jazeera

I made an in-studio appearance to talk about Google’s layoffs–and made sure to note Google’s aggressive stock buybacks.

1/20/2023: Feds Tout Progress in Electrifying US Fleet, Building Out Car Chargers, PCMag

The Washington Auto Show’s public-policy day didn’t feature an enormous amount of news, but two panels featuring Biden administration representatives yielded some useful details about efforts to electrify government vehicles and support building out hundreds of thousands of new car chargers.

1/22/2023: Good News, Bad News for Security Researchers: Feds Are Less Likely to Charge You, States Are Another Thing, PCMag

Information-security lawyer Harley Geiger gave an amusing and informative talk at the ShmooCon conference about the state of computer-crime laws and how they can menace legitimate security research.

Weekly output: supply-chain attacks, Mark Vena podcast, password managers, 5G vs. IMSI catchers, fake vaccination cards

TALLINN, Estonia–I’m writing a post from the other side of the Atlantic for the first time since November of 2019 because of a press trip set up for this week by Estonia’s business-development types to show off the country’s tech sector. That sort of thing would be a non-starter were I on anybody’s staff, but I’m not and I’ve gotten a lot out of a few previous trips along these lines. It does help that Estonia is no Las Vegas in its approach to the pandemic. 

Screenshot of the story as seen in Safari on an iPad8/10/2021: More SolarWinds-style attacks are coming. Here’s how to stop them, Fast Company

I wrote up the keynote that opened Black Hat, in which security researcher (and excellent Twitter individual) Matt Tait outlined how getting hostile code into a software supply chain can yield rewards so outsized that attackers have to work extra to focus their attack.

8/11/2021: SmartTechCheck Podcast by Parks Associates, Mark Vena

This week’s edition of my tech-analyst pal’s podcast featured an unusually contentious debate over Apple’s announced plans to do on-device scanning of photos ready to be uploaded to iCloud for matches of known child sexual-abuse material.

8/12/2021: Best Password Managers of 2021, U.S. News & World Report

I contributed an update to the guide I helped write at the start of this year. My work this time includes profiles of 1Password, Bitwarden, Dashlane, Enpass, and LastPass, plus comparisons of 1Password and LastPass, Dashlane and LastPass, and 1Password and Dashlane.

8/13/2021: 5G defends against IMSI catchers – but implementation is critical, Light Reading

My Black Hat coverage-from-afar continued with this writeup of a briefing about 5G’s vulnerability to IMSI catchers, the fake base stations sometimes used by law-enforcement and national-security investigators as well as criminal enterprises to intercept people’s communications.

8/13/2021: Fake vaccination cards, Al Jazeera

I thought the Arabic-language news network would want me to talk about the technical difficulties involved in making counterfeit-proof vaccination cards, but instead they stuck to such big-picture queries as why people would even want to spend $100 or so on fake vax cards sold by random con artists on Telegram.