[GTALUG] supply chain risks: a real example
D. Hugh Redelmeier
hugh at mimosa.com
Fri Mar 18 15:16:44 EDT 2022
| From: Alvin Starr via talk <talk at gtalug.org>
| As for the github posting about an NGO being damaged.
| There are a hand full of things that raise red flags for me.
| None of these are clear indicators of fakery but make me scratch my head and
| want to look more closely at this before taking it at face value.
|
| - The account was created just before the posting
| - The NGO is not named
| - The NGO is storing data in the country where the whistle blowers are.
|
| The last one may be less than obvious, but keeping a computer in a country
| where the local government has access to the hardware and network connection
| seems to be an amazingly bad idea if you hope to protect the people who post
| information.
Good point. I may have been a sucker and amplified disinformation.
Very embarrassing.
More information about the talk
mailing list