You are reading a single comment by @Howard and its replies. Click here to read the full conversation.
  • Cisco kit has security holes as well, I don't hear the same screaming about the USA maybe having backdoors in Cisco kit.

    Not publicly, but there's lots of screaming about it in the IT world:

    (random article): https://www.tomshardware.com/news/cisco-backdoor-hardcoded-accounts-software,37480.html

    The problem is that you never know whether the bug that can be exploited to end up in full eavesdropping was just a result of sloppy development practices or whether it was accidental-on-purpose.

    Add on to that the possibility that Cisco (and other US manufacturers) kit was being tampered with prior during the export process:-

    https://www.infoworld.com/article/2608141/snowden--the-nsa-planted-backdoors-in-cisco-products.html

    Hardware/software is nigh on impossible to validate: Is the source code you're looking at the source code that builds the product? Has the build been modified post compilation? Do you trust the compilation tool chain? Has the hardware been scrutinised? Could extra bits (that haven't been assessed) have been snuck in? etc. So called "reproducible builds" are an ongoing unsolved problem in computing.

    I personally think that they've suddenly realised that china has had free reign on our networks for a decade.

    I'd agree, and I think they're just realising how much of an impact this has had and how much more it will be in the future and that they have no idea how to solve it.

About

Avatar for Howard @Howard started