Which predate modern tech by quite a bit. My first discovery of the ploy was in The Count of Monte Cristo (1844) where it involved a telegram intercept. Which, to digress, was omitted from the abridged version of the novel that I chose for a quick rereading, marking the last time I ever bothered with abridged works.
Anyway, an old problem that demonstrates that if you’re a target and the perps are clever and persistent enough, you’ll get burned. Normal people don’t need to worry much.
I can tell you that in modern corporate espionage and cyber hacking, spear–phishing “ordinary people” to socially engineer entrance to secured systems is a big deal.
Very true, north of 80% of the attacks we’ve seen had a social engineering component to them.
Ditto. My boss at my workplace specializes in cyber security and comprehensive security training was drilled into everyone’s heads. He would read regularly to staff major news of security breaches to emphasize the absolute importance of proactive, attentive thinking. KnowBe4 training is one of many training modules employees are required to take, and we have regular weekly fake phishing attempts as well through them across the various channels to try to trick employees. Any employee who falls for any of these planted fake phishing attempts must get rigorous, remedial training. When it was first implemented many years ago, it even trapped a non-tech savvy senior leadership who since became an expert and advocate for it.
This is a great/terrible example of the problems of security and IMHO how little the companies (Netgear in this case) actually do about it. Stuff like this seems to be an obvious example of where regulation could be beneficial. eg. something on the order of what’s required of many consumer products with mandatory recall/repair protocols.
What’s especially galling to me though I guess I shouldn’t expect better from Forbes is that the writer says “hats off to Netgear for being open and transparent…” Ummm No hats off would apply if they offered to replace the routers 
and BTW; the only reason Netgear is " open" about this is that customers were actually impacted by these vulnerabilities and several security researchers went public about it.
Sadly, that applies to a LOT of tech companies…
First, this is a great discussion thread… One of the only places on the net where the topic can veer into the weeds of political discourse, and yet maintain it’s civility.
I’m with @Bishop, I laugh when IT policy says we can’t reuse passwords. Everyone has lost count on many accounts we’ve all registered for. I even had to create one to order Chinese food, requiring the 8 letters, capitalization, and symbol. People keep a paper notebook to keep track of them, who can blame them?
2FA is beginning to get ridiculous too. I had a new computer, where Steam sent 2F request via email, and then the email used 2F via my phone. The absurdity of which, made me feel like going through a TSA pat down twice.
As far as educating users, I think the most vulnerable are the elderly. Do we think they can self sufficiently learn cyber security??? Heck, I’d just settle for my parents not calling me in the middle of the day because their printer is offline or something. And it’s not like they can avoid the internet in this day and age, not with banking going paperless, health appts, and connecting with family. So yeah, I think regulation can do more…
This is a newly discovered flaw in Apple’s M1 chips. It’s real but practically speaking (unlike Ars headline implies) it would take a Jack Ryan movie level of effort to actually exploit it.
It does show though how incredibly complex modern chip design is.
Newly Discovered Apple M1 Security Flaw is Unpatchable (gizmodo.com)
This one is a bit worrisome especially for our corporate customers, especially because of the sophisticated nature and likely state sponsorship of some of the tools and actors behind it.
I’ll bet money we are a short amount of time away from a bunch of public impacting exploits of this.
Whack a mole once again…
And an FCC commissioner calls for ban on Tik Tok app as being a Chinese government intelligence gathering vector -
The kids’ll go nuts.
So will Xi Jinping…
So yet another set of vulnerabilities , this time with a bunch of consumer Lenovo models.
ARS take on this for the most part ok. but they should have led with the statement that the exploits require physical access to enact. And that’s simply going to be a non issue for the vast majority of people when the amount of effort required to do this, is not worth the other associated risks or efforts. Except if perhaps the ThinkPad in question belongs to Warren Buffet.
Yes, one of my pet peeves. I often suspect they bury or omit that crucial info so that 1) people get alarmed and share the URL and/or 2) they have a computer security software advertiser. 
Edit: I should add a disclaimer since I was misunderstood before. Ordinary people don’t have to worry about things like this and by “ordinary” I mean home computer users who are not doing anything that would make them targets of corporate espionage or foreign governments or hackers going after exceptionally wealthy people or… you know, ordinary people.
This one is my PET PEEVE of all time, ever since Joanna Stern (WSJ) sparked the “cover your webcam” debate by an expose about an “ethical hacker” working with her to access her webcams - but only AFTER she cooperated by permitting the access by clicking on a an attack link. granted, folks make that mistake every day, BUT it still took cooperative action to permit the hack.
Yet another UEFI exploit. ARS does a pretty good job of explaining it overall, but they don’t go nearly far enough into the possible likley sources of this.
Our security experts see strong indications that a lot of this is being introduced via the used systems market and secondarily less than honest repair facilities.
One of these UEFI exploits affected one of our customers in Thailand via their IT repair service provider. In this case it was industrial espionage intended, as come to find out, one of the companies competitors bribed repair company employees to introduce the UEFI hacks.
It was only discovered accidentally when one of the companies network engineers was trying out some new network scanning software and noticed three machines were generating encrypted traffic before the system had even booted the OS.
TLDR; Individual users are pretty powerless if someone wants to invade enough.
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica
Strike one for buying an “open box” laptop at Best Buy 
It seems the likely best approach is doing as much as possible inhouse and vetting personnel vigorously.
