| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Nov 2012 17:49:08 -0700
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: bk <chort0@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Security risks of doing business with China?
Really? I get nothing for that one??? That shit was FUNNY!!! :)
On Nov 1, 2012, at 10:41 AM, bk <chort0@...il.com> wrote:
>
> On Nov 1, 2012, at 1:43 AM, Dan Ballance wrote:
>
>> Hi guys,
>>
>> I greatly respect the collective knowledge about security matters on this list. What do you make of this BBC report? Here in the UK we are seeming happy to do business with China, but other countries are blocking over alleged security concerns. Do you think these concerns are legitimate or is this purely political protectionism?
>>
>> http://www.bbc.co.uk/news/business-20163907
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> There are two main ways businesses are at risk when dealing with China:
>
> a) Trying to business _in_ China, the authorities won't let you setup shop directly, but instead force you into a "joint venture" with an established (and state-supported) Chinese company. In order to make and sell your products, you have to transfer a lot of intellectual property to the joint venture. Guess what happens to that intellectual property? Pretty soon there are multiple Chinese companies making exactly the same thing you make, but selling for a lot cheaper, and maybe not only in their domestic market.
>
> b) Deploying Chinese-built infrastructure components in critical areas of your country. There's a lot of hype about backdoors, but IMO the biggest practical risk is the technical experts they send to do the support. Do people do background checks on the support experts they send in who will have privileged access and debugging capabilities? I doubt it. Maybe they don't even steal any information directly, but simply file reports on how the infrastructure is designed and connected. That information alone has strategic value.
>
> Related to the original article, simply selling a stake as an investment doesn't appear to be all that risky. It's a question of what access is granted as a part of that investment. Do they get access to board members, to sensitive financial data? If there's no access to non-public data or trade secrets, then there wouldn't appear to be much risk.
>
> Are politicians exploiting China-bashing for votes? Absolutely. Just like any major issue, people are trying to hitch their wagon to it in improbable ways. That doesn't mean there isn't any truth to it.
>
> If you're a business going into China, know that their goal will be to replace you with domestic companies within several years. Don't get bullied into stretching past your risk tolerance. They're really good at making it seem like you have a huge opportunity, if only you give in just a little bit more...
>
> --
> chort
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists