funsec mailing list archives
Re: Huawei
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 22 Jul 2013 21:42:23 -0400
On Mon, Jul 22, 2013 at 8:47 PM, Bruce Ediger <bediger () stratigery com> wrote:
On Mon, 22 Jul 2013, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:"Huawei Is a Security Threat and There's Proof, Says Hayden" However, they are not going to tell you what the proof is.I assumed that because it was Hayden, that was just more "Let's keep the Cyberwar Boogieman going, because otherwise, how will we keep the pig's trough with taxpayer dollars?" I mean, the End of Communism was pretty tough on the Beltway Bandits. People wanted a Peace Dividend.
Lol... All of that is do true!!!
I'm not personally familiar with what Huawei sells. Is there some way to slip data back to Unit 61398? I suppose you could use some kind of covert channel, but given the amount of data available, wouldn't that amount overwhelm any side channels?
The Chinese simply encrypt it and send it out - no need for a side channel. The US and its contractors are usually no wiser, and the US does not usually know what's been egressed once detected because its been encrypted (no, they don't use SSL/TLS). Confer: America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare, ISBN 159420313X.
If you just used IP packets, wouldn't they be visible on other company's routers and egress filtering appliances? What other kind of packets could get routed from a random Huawei box in a telecomm center back to Shanghai?
It gets proxied through a compromised host. I doubt it goes to China directly. Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Huawei Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 22)
- Re: Huawei David Harley (Jul 22)
- Re: Huawei Bruce Ediger (Jul 22)
- Re: Huawei Jeffrey Walton (Jul 22)
- Re: Huawei Valdis . Kletnieks (Jul 23)
- Re: Huawei Conrad Constantine (Jul 23)