via Ina Fried and David McCabe, writing at Axios, comes the latest revelation of feckless user data management at Facebook Inc. (Nasdaq: FB); this time, the event comes with smarmily justified sharing of Facebook Inc. user data (without user consent) to Chinese manufacturers' (including People's Republic of China's Peoples Liberation Army controlled Huawei and others) by Francisco Varela, Facebook, Inc. Vice President - Mobile Partnerships Varsela, also (apparently) is a shill ( here) for First Republic Bank. Enjoy today's Must Read and this! H/T
“Huawei is the third largest mobile manufacturer globally and its devices are used by people all around the world, including in the United States. Facebook along with many other U.S. tech companies have worked with them and other Chinese manufacturers to integrate their services onto these phones. Facebook's integrations with Huawei, Lenovo, OPPO and TCL were controlled from the get go — and we approved the Facebook experiences these companies built. Given the interest from Congress, we wanted to make clear that all the information from these integrations with Huawei was stored on the device, not on Huawei's servers.”' - Francisco Varela, Vice President - Mobile Partnerships, Facebook Inc.
'In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.' - via Mathy Vanhoef, Ph.D. and Frank Piessens, Ph.D.