Bloomberg Shits the Bed Again on Cybersecurity

Worth reading the full article to understand why reading Bloomberg coverage of infosec topics requires a heavy pinch of salt…:

[…] Long story short, this was a bad bug that was apparently exploited in the wild. A reasonable point to be taken from this story is that end-to-end encryption is not a panacea. If an attacker manages to install malware on your device, whether via remote exploit or physical access to the device, it’s game over, because they’re now inside one of the ends.

It’s like if you have a secure communication line between two rooms, but an attacker gains entry into one of the rooms. The problem is not with the communication line. […]

“End-to-end encryption is not a panacea” was not the lesson taken by Bloomberg columnist Leonid Bershidsky. His take currently runs under the headline “End-to-End Encryption Isn’t as Safe as You Think”. When I first saw the story two days ago, though, the headline was “WhatsApp’s End-to-End Encryption Is a Gimmick”. […]

It’s no smokescreen. Bershidsky’s profound mistake is his apparent belief that security is binary — totally secure or totally insecure. And so in his mind, this week’s WhatsApp exploit means WhatsApp is insecure, and since other such exploitable bugs almost surely exist in other apps and in OSes, no messaging system is secure.


Original article here