nanog mailing list archives
Re: NSA able to compromise Cisco, Juniper, Huawei switches
From: Brandon Butterworth <brandon () rd bbc co uk>
Date: Wed, 1 Jan 2014 14:37:11 GMT
If legal, consider risk to NSA. Official product ran inside company to add requested feature, hundred of people aware of it. Seems both expensive to order such feature and almost guaranteed to be exposed by some of the employees. Alternative method is to presume all software is insecure, hire 1 expert whose day job is to search for vulnerabilities in IOS. Much cheaper, insignificant risk. Which method would you use?
I'd also look at having people work in the factory in china designing test or at (/own) the QA/test equipment manufacturer as when they connect the product jtag to test you can give a little extra. Both smaller groups of people and nobody knows what they do anyway but they do get legit access to the product perhaps with low level details handed on a plate.
If this is as widespread as claimed, and if we'll gain knowledge how to see if you are affected, there are potentially repercussions on geopolitical scale, as I'm sure many on these lists would go public and share information if they'd find being targeted.
Would they leave them out there gathering data for as long as possible or remove the evidence as soon as people start looking (then put some back later once the fuss has died down)? brandon
Current thread:
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Florian Weimer (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Paul Ferguson (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Warren Bailey (Dec 31)
- <Possible follow-ups>
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Jan 01)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Randy Bush (Jan 01)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Valdis . Kletnieks (Jan 01)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Jimmy Hess (Jan 01)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Eugeniu Patrascu (Jan 01)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Saku Ytti (Jan 02)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Eugeniu Patrascu (Jan 02)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Paul Ferguson (Dec 31)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Brandon Butterworth (Jan 01)
- Re: NSA able to compromise Cisco, Juniper, Huawei switches Marco Teixeira (Jan 01)