Not just hard drives but the whole of the electronics coming out of china in the near future. http://www.zdnet.com/article/us-slams-new-chinese-rules-for-tech-firms/?utm_campaign=OpenStack+Now&utm_source=hs_email&utm_medium=email&utm_content=16098696&_hsenc=p2ANqtz-8xi16xIK3jwISc8800aWwOSL-U9XA5KTClYb16Hu8RWAAdEV_ORznb5jVFUHD6G1UQtVhEt4UTYTjyOQxRzbcYgu0tLQ&_hsmi=16098696
On Wed, Feb 18, 2015 at 12:23 PM, Keith Lofstrom <kei...@gate.kl-ic.com> wrote: > > http://www.kaspersky.com/about/news/virus/2015/Equation-Group-The-Crown-Creator-of-Cyber-Espionage > http://tinyurl.com/osdhxs8 > > A week ago, I merely worried that hard drive manufacturers > could insert backdoors into the disk firmware on the assembly > line. According to this Kapersky Lab report, it is worse than > that. Hard drives shipped to 30 target countries can have > backdoors in the hard drive firmware. Software on USB drives > and CDs (such as those provided at conferences) can also add > backdoors by exploiting firmware vulnerabilities in the drives. > > Without open hardware designs, verifiable by third parties down > to the chip transistor level, software security ... isn't. If > you don't own the schematic, and occasionally tear a chip down > to the transistors to look for deviations from that schematic, > you are trusting the chip manufacturer too much. > > The even more frightening thing is that a transistor level chip > designer like me can add "analog hacks" that are invisible to > gate level logical analysis, but can be subtly triggered to > have logic-level outcomes. Bits are a myth. > > The EVEN MORE frightening thing ... well, I won't go there in > a public forum, but you want continuous and verifiable live > security camera surveillance, and surprise inspections, during > some phases of wafer manufacturing, so the fab should be > "open", too. > > If you have superb software security procedures, and pay no > attention to the electronics, it is like adding a steel bank > vault door to the front of a tissue paper tent. > > Keith > > -- > Keith Lofstrom kei...@keithl.com > _______________________________________________ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug