dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
27
share rss forum feed
« I call bullsh*t
This is a sub-selection from Frightening


FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5
reply to fifty nine

Re: Frightening

said by fifty nine:

There's really no escape. Since we don't build anything here anymore and are designing less and less of it here, there is a real possibility of equipment being built that phones home and sends our sensitive data back home.

But I think it's just foolish to focus on just two companies.

The real risk to be worried about isn't phoning home. It is that, in a time of war, a signal could be sent that would cause the Chinese built hardware to self destruct, thereby turning off a huge part of US communications infrastructure.
--
»www.gop.com/2012-republican-platform_home/
»www.gop.com/2012-republican-plat···onalism/


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
said by FFH5:

The real risk to be worried about isn't phoning home. It is that, in a time of war, a signal could be sent that would cause the Chinese built hardware to self destruct, thereby turning off a huge part of US communications infrastructure.

This assumes that you're asking the same group of people to build both the hardware and software, and that they'll be doing all the subsequent support afterwards to cultivate the vulnarability through multiple firmware revisions.

I'm not saying I trust a foreign corporation, with ties to a foreign government to be 100% clean, but it would seem that basic precautions here would eliminate most if not all threats.
--
Support Bacteria -- It's the Only Culture Some People Have


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

1 recommendation

said by El Quintron:

said by FFH5:

The real risk to be worried about isn't phoning home. It is that, in a time of war, a signal could be sent that would cause the Chinese built hardware to self destruct, thereby turning off a huge part of US communications infrastructure.

This assumes that you're asking the same group of people to build both the hardware and software,

Uh, if you have subverted the hardware, then the software is inconsequential. Own the metal, you own the software too. If Intel put a backdoor into their chips, it wouldn't matter if you ran Windows, OSX, Linux, Unix, AIX, IRIX, whatever. It would still have ultimate control and could do all sorts of hard (or impossible) to detect things.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
said by KodiacZiller:

It would still have ultimate control and could do all sorts of hard (or impossible) to detect things.

Again I'm not a security expert, but, if I'm running a network and there's a bunch of encrypted layer 2 communications that I'm not familiar with happening on my network I'd be asking questions pretty quickly.

I'd also be communicating with the vendor to plug up those holes ASAP, if the vendor didn't cooperate then I'd be litigating the hell out of them.

Lastly wouldn't firmware updates (which is what I should've said when I was referring to software) resolve this irrespective of the original intent of the hardware?
--
Support Bacteria -- It's the Only Culture Some People Have

BosstonesOwn

join:2002-12-15
Wakefield, MA
Reviews:
·Verizon FiOS
Nope, look at intel microcode updates as a prime example, they had to patch microcode to make up for some die errors at some points in production.

There is always the possability of an asic embedded in there to self destruct circuits and such and all it takes is a magic packet to wake it up.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!"


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
said by BosstonesOwn:

Nope, look at intel microcode updates as a prime example, they had to patch microcode to make up for some die errors at some points in production.

There is always the possability of an asic embedded in there to self destruct circuits and such and all it takes is a magic packet to wake it up.

Self-destruct is bad, but less so than continual harvesting of information. I'm glad someone confirmed that this would be possible.

It lends credence to a "known vendors" argument.
--
Support Bacteria -- It's the Only Culture Some People Have