[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <47CF5D69.6000309@krr.org>
Date: Wed, 05 Mar 2008 19:56:41 -0700
From: Times Enemy <times@....org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Chinese backdoors "hidden in router firmware"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings.
I agree, that the threat does not stop at firmware for routers and
switches. Even with open source, or dare i type, even more so with open
source, the threat for maliciously modified code exists. This is not a
new threat, per se, however, it is a growing threat which is fed by more
and more hardware being built/assembled/manufactured/what-have-you in
questionable countries/locations.
This is not isolated to the far east, though the far east is a perfectly
legitimate location for western users to NOT trust. I would venture to
state that eastern users have already accepted that their products may
have gone 1984 on them. It does not give me warm fuzzies that the way
the vast majority of production appears, at least one part of most
gizmos comes through the far east.
Without question, a security concern.
.te
quispiam lepidus wrote:
| Why stop at routers & switches? You could own far more devices by
| backdooring BIOS', HDD's, etc, all of which are often produced in "Far
East
| countries".
|
|
| On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy <times@....org> wrote:
|
| Greets.
|
| It does not matter so much if there is no hard proof about the router
| firmware containing backdoors set in place by Chinese manufacturers.
| ~From a security perspective, it is a potential threat which should be
| addressed, especially for western networks and those they trust.
|
| It is not too far fetched of an idea. Google yielded the following
| fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml
|
| If you want to be inundated with reading material on the matter, be
| creative, or not too creative, with Google searches having to do with
| China and western powers and businesses, specific to information warfare.
|
| .te
|
|
| Larry Seltzer wrote:
| |>> Next we'll be seeing "Japanese tactical nukes "Hidden in Toyota
| | trunks"
| |
| | And who knows what the French are putting in that cheese.
| | Larry Seltzer
| | eWEEK.com Security Center Editor
| | http://security.eweek.com/ <http://security.eweek.com/>
| | <http://blogs.pcmag.com/securitywatch/>
| | http://blogs.pcmag.com/securitywatch/
| | <http://blogs.pcmag.com/securitywatch/Contributing>
| | Contributing Editor, PC Magazine
| | larry.seltzer@...fdavisenterprise.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkfPXWkACgkQVuM8PD1UnspGaACeIRRRYubyJOSXuWSwQdoLyqlJ
A1EAnAtBAlGyGIXOMk3OyEcHhpRi+hdN
=jaFt
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists