Re: Open source hardware

[Darren Pilgrim <nanog () bitfreak org>]

On 1/3/2014 2:05 AM, Daniël W. Crompton wrote:
> Good point Jimmy, there is a world of hurt involved, although it may be
> slightly less painless when you realize that the alternative is: "*the NSA
> [who] has modified the firmware of computers and network hardware—including
> systems shipped by Cisco, Dell, Hewlett-Packard, Huawei, and Juniper
> Networks—to give its operators both eyes and ears inside the offices the
> agency has targeted.*"[1]

Why would you think other platforms would be any safer?  The NSA plants 
those bugs with interdiction operations.  They could similarly install 
eavesdroppers in the USB/serial links of your KVM switches and terminal 
servers and capture your root/admin/console passwords.

Dell, HP, Cisco, etc. were named because the leaked docs mention 
hardware-specific BIOS/firmware bugging such as ILO piggybacking in a 
Proliant.  I think it's foolhardy believing they wouldn't have similar 
attacks for just about everything.