Re: [cryptography] evidence for threat modelling -- street-sold hardware has been compromised
On 31/07/13 03:52 AM, Peter Gutmann wrote: Marcus Brinkmann marcus.brinkm...@ruhr-uni-bochum.de writes: If you trust anonymous leaks to the Financial Review by members of your favourite spying agency network, then I guess its evidence. More importantly, look at the dates: The ban was introduced in the mid-2000s after intensive laboratory testing of its equipment allegedly documented 'back-door' hardware and 'firmware' vulnerabilities in Lenovo chips. In the mid-2000's, Lenovo PCs were still IBM Thinkpads (the sale to Lenovo happened in 2005). ZOMG! IBM backdoored them, not the Chinese! And to think that they've always been the most patriotic of computer manufacturers (Watson turned IBM over to the USG in both WWI and WWII). It was all a trick! On IBM's watch, right. But the Thinkpads were manufactured by Lenova in China well before that; what IBM sold was the franchise rights. Did they discover, as did google, that they had lost control of the situation, and easing out was the better deal? So either the analysis found completely normal design features in IBM parts, or it's the usual USG paranoia about the Chinese. Yawn. Next story about the Yellow Peril due in six to eight weeks. Lather, rinse, repeat. It's definitely a Yellow Peril story, as well as whatever else it might be. Some context: This came out of Australia. There (from memory) the government has embarked on the project to get 93% of all homes connected with fiber. This is the biggest infra project ever financed by the government in AU, and is a political make-or-break deal. It's big enough to topple the government, and the price is big enough to move the government from safest in the world into budget impaired land [0]. The opposition is making a lot of hay over the fiber project. Especially, as their #2 man is an Internet ISP squillionaire, and he is tech business competent. Here's the crux: *The government banned Huawai out of the backbone work*. Huawai hasn't taken this lying down, and has cozied up to the opposition. So the revelations about Lenova are being clearly created to protect this situation. They are not lightly made, these are politically-instructed leaks. I'd suggest that the claims made to AFR as leaks had better be true reliable, otherwise the leaks are going to effect the government's credibility in the overall scheme of things. iang [0] Especially, note that the economy of AU is driven by mining which is driven by China. As China stalls, so does AU, and its super-clean wot crisis? reputation slips into the mud. Poignant... Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] evidence for threat modelling -- street-sold hardware has been compromised
On IBM's watch, right. But the Thinkpads were manufactured by Lenova in China well before that; what IBM sold was the franchise rights. And so where does Cisco and Juniper gear come from again... ? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] evidence for threat modelling -- street-sold hardware has been compromised
On 31/07/13 11:46 AM, grarpamp wrote: On IBM's watch, right. But the Thinkpads were manufactured by Lenova in China well before that; what IBM sold was the franchise rights. And so where does Cisco and Juniper gear come from again... ? Indeed. Methinks the Australian pollies have been seduced by the industrial-military-cyber complex, yet again. They have good track record. The real answer at the core of this is that old saw: follow the money. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] evidence for threat modelling -- street-sold hardware has been compromised
2013/7/31 grarpamp grarp...@gmail.com And so where does Cisco and Juniper gear come from again... ? Let's not argue about whether Taiwan is China or The People's Republic of China is China ;) They do use foxxcon, but it's not clear whatfor. I can imagine they use foxconn for non-sensitive things. (Like European electronics hahaha). And they might've moved production in 2000. Or used parts from China. Regardless of this being rumor mongering, I'm pretty sure the Chinese are exploiting, backdooring, etc. anything they can. reg. Australia, of course there's massive amounts of wink-wink going on in that contract. I hope they give it to a domestic company, like every government should do. Especially not give it to those contract hungry Chinese semi-communist central planning extended government monopolistcorps. Huawei can suck it. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] evidence for threat modelling -- street-sold hardware has been compromised
grarpamp grarp...@gmail.com wrote: And so where does Cisco and Juniper gear come from again... ? Cisco has factories in China, in at least Suzhou Hefei. They also have RD centers in at least Shanghai Hefei: http://cisco-news.tmcnet.com/news/2011/11/25/5954051.htm ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] http://goldbug.sourceforge.net/ - Secure Instant Messenger
Did any one looked into this http://goldbug.sourceforge.net/ Secure Instant Messenger ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
