dslreports logo
site
spacer

spacer
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


view:
topics flat nest 
Comments on news posted 2012-10-09 09:43:53: The U.S. ..

prev page · 1 · 2 · 3 · next


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to cableties

Re: China owns us

said by cableties:

Do you think ANY government would allow its citizens full privacy with communications? See Iridium.

No I don't. I know that no government wants its citizenry having access to highly secure communications. That's a given. We know NSA has taps at at least a dozen telco fiber optic switching stations. They are building a data center in Utah to store every bit of data that traverses the Internet. This is why I think the House Intelligence Committee is being a bit hypocritical here.

As a private (non-corporate) citizen, I would much rather have the Chinese spy on me than my own government.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to KodiacZiller

Re: Frightening

said by KodiacZiller:

It would still have ultimate control and could do all sorts of hard (or impossible) to detect things.

Again I'm not a security expert, but, if I'm running a network and there's a bunch of encrypted layer 2 communications that I'm not familiar with happening on my network I'd be asking questions pretty quickly.

I'd also be communicating with the vendor to plug up those holes ASAP, if the vendor didn't cooperate then I'd be litigating the hell out of them.

Lastly wouldn't firmware updates (which is what I should've said when I was referring to software) resolve this irrespective of the original intent of the hardware?
--
Support Bacteria -- It's the Only Culture Some People Have


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to openbox9

Re: FUD

said by openbox9:

Maybe a little less concern, but I imagine the reviews will still happen...especially for critical infrastructure hardware/software.

I am skeptical how much such analysis can achieve, especially when done by hobbyists. They simply don't have the equipment. Transistors are extremely small now (~ 25 nm). You can hide a lot of malicious stuff at such a microscopic level. NSA might be capable of properly dissecting it, but not many other people have the expertise or the equipment necessary.

Also most of the firmware/microcode on these chips is not open source. That's another problem. It makes it that much harder to reverse engineer.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to El Quintron

Re: Security logistics

said by El Quintron:

I'm no security expert, but it seems to me that there's a bit of hype here.

Even with the rudimentary network knowlege that I do possess, I have to ask the following: Would a network operator (eg: Bell, VZW, AT&T) not know that information was being reported back to China? Network operators are usually pretty good at identifying traffic patterns in order manage their networks so why would this be any different?

If the hardware itself is subverted at the bare metal, then no. As Wilsdom said, the hardware can merely lie to you. If you own the hardware, you own everything, including third party software running on top.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to modifiy

Re: Anyone see 60 mins on this?

said by modifiy:

I still find it odd with the Gov stepping in and saying "don't use them because they could spy on us" while they are doing that same thing right now. Maybe Huawei's equipment doesn't have backdoors like the other vendors do for the US to spy on it citizens. Wouldn't that be funny?

----- Begin Tin-foil Hat Transmission -----

What if the government was so against Huawei because they know that they are *not* putting NSA approved backdoors in their systems (like everyone else does)? What if this is all about their concern over their own spying operations going dark wherever Huawei systems are deployed?

----- End Tin-foil Hat Transmission -----
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999

openbox9
Premium
join:2004-01-26
Germany
kudos:2
reply to KodiacZiller

Re: FUD

said by KodiacZiller:

especially when done by hobbyists.

Luckily for us the analysis isn't being done by hobbyists.
said by KodiacZiller:

Also most of the firmware/microcode on these chips is not open source. That's another problem. It makes it that much harder to reverse engineer.

It just takes longer.

Sammer

join:2005-12-22
Canonsburg, PA

1 edit
reply to rradina

Re: Afraid of competition?

said by rradina:

I'm not taking sides because the US does a lot of corporate welfare in the form of deductions that are designed to encourage certain behavior.

The so called "green energy" industry (including Obama campaign contributors) now receives tens of $Billions in subsidies while the traditional fossil fuel industry now receives less than $5 Billion and regardless of where the money goes much of it is borrowed money. Some corporations such as GE don't seem to pay any federal income tax and don't think there aren't government contracts awarded as political payoffs (by incumbents of both parties) rather than strictly on merit. Then there is the whole matter of the regulated effectively writing the regulations (often to the detriment of the American public) and that's a huge one for the U.S. telecommunications industry.

Whether or not Huawei became a telecommunications giant legitimately or through infringing intellectual property and help from the Chinese government is a fair trade and antitrust concern. Too bad our (no longer for the people) government has very little high moral ground left to stand on.


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to KodiacZiller

Re: Security logistics

said by KodiacZiller:

If the hardware itself is subverted at the bare metal, then no. As Wilsdom said, the hardware can merely lie to you. If you own the hardware, you own everything, including third party software running on top.

Again I'm no networking expert, but assuming you have some ZTE/Huwei radios, with a Cisco or Mikrotik backend, then even if the radio isn't reporting that it's phoning home, then the backend would still detect unknown traffic originating from the device no?
--
Support Bacteria -- It's the Only Culture Some People Have


Chinaaaa

@rr.com

USA

Do it our way or no money for you!


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to openbox9

Re: Frightening

So maybe the government says to Cisco, Juniper, HP, etc.... that they WILL manufacture at home in giant shared factories - in order to on-shore manufacturing and reap some economies of scale.

But then those companies will say...."The US market is tiny compared to the rest of the world market, and we can still manufacture cheaper in China so that's where we're going to make our stuff for ALL markets."



fifty nine

join:2002-09-25
Sussex, NJ
kudos:2
reply to Angrychair

said by Angrychair:

The humorous part is that the American government does exactly what they're accusing the Chinese government of doing - intercepting everything and allowing nothing to be private communication. I'm sure it's not a good idea for American interests to use Chinese gear that would spy on them, but for a small potato such as myself I'm not sure I see where it would matter for me.

I'm against both our own Gov't and foreign ones like China, Russia and Israel (yes they spy on us) spying on us. But at least our Government is elected by us... the Chinese, not so much.


fifty nine

join:2002-09-25
Sussex, NJ
kudos:2

1 recommendation

reply to 88615298

said by 88615298:

said by fifty nine:

There's really no escape. Since we don't build anything here anymore

If we did people would bitch about high prices. People want these factory jobs back in America at the old $25-$30 an hour wages with full pension and fully paid health care for life, but still want these goods at "made in China" prices. Not realistic.

No one will work for $8-$10 an hour for maybe a 6% match in a 401k( meaning the worker actually has to contribute to his own retirement god forbid ) and a health care plan that requires the worker to pay some of that cost and ends when he retires.

And even in that scenario costs of goods would go up.

Bullshit. If CxOs can making millions and billions we can damn well pay workers a decent wage.

Honda, Toyota, Hyundai and others make cars here. The workers are paid reasonably well and the cars are of good quality. Why can't we do that with electronics?

openbox9
Premium
join:2004-01-26
Germany
kudos:2
reply to MaynardKrebs

Trusted foundries exist and they don't necessarily need to be in the US. The access to them needs to be broadened to allow access by our critical infrastructure partners (i.e., some of the manufacturers that you mentioned). Yes, it costs money.



AnonFTW

@rr.com
reply to openbox9

Re: FUD

said by openbox9:

Perhaps you missed what Carlos Slim is doing down in Mexico with profitability? This is about US companies purchasing foreign manufactured equipment, not foreign companies entering the US to compete with domestic service providers.

I'm referring to the overall market as a whole, including service providers and equipment suppliers. Verizon and AT&T both have much higher revenue with far less subscribers than American Movil.

Regardless, who do you think it is that supplies those companies with gear? Qualcomm, Ericcson, Nortel, Alcatel-Lucent, etc. The government is trying to protect the $100B+ annual revenue of those companies. They don't want ZTE and Huewai entering the market and undercutting the domestic suppliers, which is exactly what would happen.

BosstonesOwn

join:2002-12-15
Wakefield, MA
Reviews:
·Verizon FiOS
reply to El Quintron

Re: Frightening

Nope, look at intel microcode updates as a prime example, they had to patch microcode to make up for some die errors at some points in production.

There is always the possability of an asic embedded in there to self destruct circuits and such and all it takes is a magic packet to wake it up.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"



El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL

said by BosstonesOwn:

Nope, look at intel microcode updates as a prime example, they had to patch microcode to make up for some die errors at some points in production.

There is always the possability of an asic embedded in there to self destruct circuits and such and all it takes is a magic packet to wake it up.

Self-destruct is bad, but less so than continual harvesting of information. I'm glad someone confirmed that this would be possible.

It lends credence to a "known vendors" argument.
--
Support Bacteria -- It's the Only Culture Some People Have

BosstonesOwn

join:2002-12-15
Wakefield, MA
Reviews:
·Verizon FiOS
reply to El Quintron

Re: Security logistics

You can hide the traffic by masking it as udp traffic bound for a spoofed address, you can also hide it as traffic encrypted and bound for say a management station that has a "updater" there are all sorts of ways to hide traffic, I have been doing security work for over 13 years now , and it never amazes me how these guys figure out ways to hide traffic, some of them I only found by being nosy and wanting to know why a link light was blinking fairly rapidly while the interface said it was only moving a small bit of data.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"



Oh_No
Trogglus normalus

join:2011-05-21
Chicago, IL

1 recommendation

reply to fifty nine

Re: Frightening

said by fifty nine:

said by Angrychair:

The humorous part is that the American government does exactly what they're accusing the Chinese government of doing - intercepting everything and allowing nothing to be private communication. I'm sure it's not a good idea for American interests to use Chinese gear that would spy on them, but for a small potato such as myself I'm not sure I see where it would matter for me.

I'm against both our own Gov't and foreign ones like China, Russia and Israel (yes they spy on us) spying on us. But at least our Government is elected by us... the Chinese, not so much.

The president is not elected by us. If it was Bush would not have been president in 2001.
The electoral college elects the president.


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to BosstonesOwn

Re: Security logistics

said by BosstonesOwn:

You can hide the traffic by masking it as udp traffic bound for a spoofed address, you can also hide it as traffic encrypted and bound for say a management station that has a "updater" there are all sorts of ways to hide traffic,

Fair enough, how does the UDP traffic get around the router seeing as it originates behind the network firewall (eg: carrer class routers) ?
--
Support Bacteria -- It's the Only Culture Some People Have

rdmiller

join:2005-09-23
Richmond, VA

Consider the source

The House Intelligence Committee is made up of some of the greatest minds in the Universe.


pearcy

join:2004-12-08
Chicago, IL

Not the first Allegation against Huawei

»business.financialpost.com/2012/···-pieces/



Baud1200

join:2003-02-10

can only imagine the fear mongering if the things were made in Iran...


pearcy

join:2004-12-08
Chicago, IL

The only thing made in Iran is Fear.



Baud1200

join:2003-02-10

and scary hats...


milkman82

join:2006-06-19
Lakewood, OH
Reviews:
·T-Mobile US

1 recommendation

I am actualy on board with the intelligence committee

China has had a long history of spying on US companies. Is everyone that forgetful not too long ago when an employee with worked for Motorola was Chinese and the FBI actually busted her before she made it to the plane. She had the thumb drives for the secrets for iDEN that Motorola had been working on. She stated that she was working on behalf of the Chinese military to steal communication secrets. That was just one case of many.

I find it crazy that people on here are saying this is due to competition. It's honestly just creepy the fact they are here!



battleop

join:2005-09-28
00000
reply to KodiacZiller

Re: Frightening

"Not likely."

I agree it's not likely but it's not impossible. As long as there are humans and greed in the process it's always a possibility even it it's an extremely remote possibility.
--
I do not, have not, and will not work for AT&T/Comcast/Verizon/Charter or similar sized company.



TelcoHead

@acterna.com
reply to milkman82

Re: I am actualy on board with the intelligence committee

+1
Both Huawei and ZTE are companies with murky pasts and have been linked to the Chinese military numerous times. Unlike most of their competitors - Erricsson, Cisco, NSN, Alcatel Lucent these two are not publicly held and do not divulge much information on their financials.

Industrial espoinage is the modus operandi of many Chinese companies - steal IP and save all the R&D expenses, giving them a huge cost advantage and the ultimate demise of their competitors.


scross

join:2002-09-13
Cordova, TN
reply to rradina

Re: Frightening

Kind of gives you the warm fuzzies about those folks who are always so concerned about their 2nd Amendment rights, now, doesn't it?


scross

join:2002-09-13
Cordova, TN
reply to Chubbysumo

n/m


scross

join:2002-09-13
Cordova, TN
reply to Chubbysumo

I might characterize this as "Better than nothing, but a day late and a dollar short!" The Chinese have long maintained an active but low-key cyber-warfare program against the US (along with an active but low-key spying program utilizing Chinese nationals within US borders), where if nothing else they are conducting industrial espionage - or at least attempting to. This was one of the main topics at an FBI meeting I attended a few months back, where they made it clear that they are finally starting to take this stuff very seriously. I haven't read this report yet, but I'm curious as to what details it gives.