Shostack + Friends Blog Archive


HP: The Kind of Security Theater We Like To Watch

This story just keeps getting more entertaining. “HP targeted reporters before they published.” They tried to install spyware on target’s computers, as CNET reported in “HP Spying More Elaborate Than Reported.” They engaged in physical surveillance of targets, as reported by the Washington Post in “Extensive Spying Found At HP.” And the Post reports that the CEO knew and approved: “HP CEO Allowed Sting of Reporter,” and Ryan Singel points out that “the Chief Ethics Officer was heavily involved.” Where do you go from there? I hear TSA needs a new privacy officer.

Bruce Schneier writes:

I’m amazed there isn’t more outcry. Pretexting, planting Trojans…this is the sort of thing that would get a “hacker” immediately arrested. But if the chairman of the HP board does it, suddenly it’s a gray area.

Speaking of the Chairman of the HP board, she took the irony cake last night:

“All I will say about the maelstrom is that I look forward eagerly, in the near future, to the time when I can set the record straight and go back to leading my life as discreetly as possible,” Dunn said during her after-dinner speech.

And the title? I stole it from Dave Weinstein.