cc6696c7257be46a08bd20b1ef1e58c4
Faking Security Again, Promoting Remote Control
Creative Commons Attribution-No Derivative Works 4.0
THE Microsoft-connected shills, partly funded by Bill Gates himself, are having a go at Free software again, slandering or spreading FUD, as noted here. The talking points are based on old myths and stereotypes, so people from Red Hat (IBM) along with SJVN are rushing to respond.
"They're planning to mandate "secure" boot like browsers do with centralised/monopolised CAs."But to make matters much worse, it's part of a broader trend; they refer to Free software as "supply chain" and demonise it even when it's controlled by Microsoft and the NSA (shipping actual malware to GNU/Linux machines) and seems like fake security is being "mainstreamed" or "normalised". They want us to think that "self-signed" is inherently bad or dodgy, whereas Microsoft-controlled means safe. As Psydroid put it, in reference to this new article about "secure" boot in electric car chargers, "Microsoft controlling your car's security looks like a suicide mission to me. I don't mind them pushing this agenda; what is worse is that the alternatives are getting shoved aside; I mean, you can do whatever you want in your sandbox, but don't force it on everyone..."
They're planning to mandate "secure" boot like browsers do with centralised/monopolised CAs. While the article speaks specifically about the UK, "if these policies are broadly imposed even internationally," Psydroid notes, "we are in for some big problems."
It's part of an ongoing trend and it's also connected to the "smart" car series we recently did.
Here's what The Register says:
Electric car chargers will have to include secure boot and automatic network disconnection if unsigned software runs on the smart devices – but only from 2023, the British government has said.
New security requirements for smart chargers won't be enforced until the last day of this year, according to government papers reviewed by The Register.
While those changes are positive, and help protect against a deliberate cyber attack or a drive-by malware infection, the Electric Vehicles (Smart Charge Points) Regulations 2021, passed in December, gives industry a whole year before it has to meet the standards.
Schedule 1 of the regulations sets out the cybersecurity requirements new car chargers will have to meet and there's little to complain about there: secure boot; only running signed firmware; automatic checks for software updates; and a ban on "hard-coded security credentials."