On 1/3/2014 2:05 AM, Daniël W. Crompton wrote:
Good point Jimmy, there is a world of hurt involved, although it may be slightly less painless when you realize that the alternative is: "*the NSA [who] has modified the firmware of computers and network hardware—including systems shipped by Cisco, Dell, Hewlett-Packard, Huawei, and Juniper Networks—to give its operators both eyes and ears inside the offices the agency has targeted.*"[1]
Why would you think other platforms would be any safer? The NSA plants those bugs with interdiction operations. They could similarly install eavesdroppers in the USB/serial links of your KVM switches and terminal servers and capture your root/admin/console passwords.
Dell, HP, Cisco, etc. were named because the leaked docs mention hardware-specific BIOS/firmware bugging such as ILO piggybacking in a Proliant. I think it's foolhardy believing they wouldn't have similar attacks for just about everything.
