| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 05 Mar 2008 19:56:41 -0700 From: Times Enemy <times@....org> To: full-disclosure@...ts.grok.org.uk Subject: Re: Chinese backdoors "hidden in router firmware" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings. I agree, that the threat does not stop at firmware for routers and switches. Even with open source, or dare i type, even more so with open source, the threat for maliciously modified code exists. This is not a new threat, per se, however, it is a growing threat which is fed by more and more hardware being built/assembled/manufactured/what-have-you in questionable countries/locations. This is not isolated to the far east, though the far east is a perfectly legitimate location for western users to NOT trust. I would venture to state that eastern users have already accepted that their products may have gone 1984 on them. It does not give me warm fuzzies that the way the vast majority of production appears, at least one part of most gizmos comes through the far east. Without question, a security concern. .te quispiam lepidus wrote: | Why stop at routers & switches? You could own far more devices by | backdooring BIOS', HDD's, etc, all of which are often produced in "Far East | countries". | | | On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy <times@....org> wrote: | | Greets. | | It does not matter so much if there is no hard proof about the router | firmware containing backdoors set in place by Chinese manufacturers. | ~From a security perspective, it is a potential threat which should be | addressed, especially for western networks and those they trust. | | It is not too far fetched of an idea. Google yielded the following | fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml | | If you want to be inundated with reading material on the matter, be | creative, or not too creative, with Google searches having to do with | China and western powers and businesses, specific to information warfare. | | .te | | | Larry Seltzer wrote: | |>> Next we'll be seeing "Japanese tactical nukes "Hidden in Toyota | | trunks" | | | | And who knows what the French are putting in that cheese. | | Larry Seltzer | | eWEEK.com Security Center Editor | | http://security.eweek.com/ <http://security.eweek.com/> | | <http://blogs.pcmag.com/securitywatch/> | | http://blogs.pcmag.com/securitywatch/ | | <http://blogs.pcmag.com/securitywatch/Contributing> | | Contributing Editor, PC Magazine | | larry.seltzer@...fdavisenterprise.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfPXWkACgkQVuM8PD1UnspGaACeIRRRYubyJOSXuWSwQdoLyqlJ A1EAnAtBAlGyGIXOMk3OyEcHhpRi+hdN =jaFt -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists