On Thu, Dec 05, 2013 at 04:20:42AM -0800, Paul R. Ramer wrote: > Peter Lebbing <pe...@digitalbrains.com> wrote: > >On 02/12/13 20:37, Andreas Schwier (ML) wrote: > >> Wait a second - you can not simply hide a backdoor in a Common > >Criteria > >> evaluated operating system. There are too many entities that would > >need > >> to be involved in the process > > > >Why couldn't the manufacturer simply put a different, backdoored > >firmware in the > >card ROM than the one they showed to the other entities? Are those > >other > >entities physically examining the ROM mask of the final product or > >somehow > >bypassing the code protection and reading out the flash ROM? > > On that note, why assume that the manufacturer would not do the opposite: > feign helping the spy agency by giving them a compromised ROM and then > substituting a secure one on the real product. In either case, we are > assuming the company would try to supply different bodies with different ROMs.
Probably because the company might be open to criminal charges. I understand that the NSA has used this threat in the past. -- Bob Holtzman Your mail is being read by tight lipped NSA agents who fail to see humor in Doctor Strangelove Key ID 8D549279
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
