Keith Lofstrom wrote: > On Wed, 18 Feb 2015 12:49:28 -0800 Larry Brigman dijo: > >> Not just hard drives but the whole of the electronics coming out of >> china in the near future. > > On Wed, Feb 18, 2015 at 01:36:54PM -0800, John Jason Jordan wrote: >> A couple of questions: >> >> 1) Does this include hard drives and other hardware in computers used by >> the federal government? > The feds have policies controlling the storage hardware they allow > into secure sites. I have relatives near Annapolis, and the best > technical library nearby is Nimitz Library at the Naval Academy. > The USNA does not allow USB flash drives and outside computers onto > the campus; too many ways for data to leak over airgaps from Navy > secure sites, or trojans to find their way back in. > > I just got my first hearing aid. The computer in it is more > sophisticated than my old flip phone. In another decade, hearing > aids will store gigabytes, have agile radios that can communicate > on any band, and be yet another transport for digital infection. > > >> 2) Does there exist hardware free from these backdoors, perhaps >> manufactured in a country unfriendly to the US government? > Yes, all hardware is free of backdoors. Trust us. Also, all of the > US is unfriendly to one aspect or another of the US government. :-) > > > Here's yet another (rather technical) recent article on the subject: > > http://spectrum.ieee.org/semiconductors/design/stopping-hardware-trojans-in-their-tracks > > The answer is "you cannot know without very sophisticated teardown." > Techniques like those suggested by the authors of the article above > /might/ work, or they might simply add some expense and complexity to > the task of adding backdoors to critical hardware. Unless the chips > are transported by trusted courier between manufacturers, and directly > to the final installation at a secure site, the good guys can add all > the complexity they want, and the bad guys can replace secure items > with compromised counterfeits, rerouting shipments by hacking Fed Ex. > > Keith > Keith,
Sounds like monitoring your network traffic would be a way to discover any trojan traffic. Unless the traffic is carried by radio frequency somewhere. Now all you need is a frequency spectrum analyzer or put your computer in a Faraday cage. Ken _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug