FW: Can you trust Chinese computer equipment?

["Tomas L. Byrnes" <tomb () byrneit net>]

From: Tomas L. Byrnes 
Sent: Saturday, February 13, 2010 6:24 PM
To: 'Robert Portvliet'
Subject: RE: [funsec] Can you trust Chinese computer equipment?

 

It depends on what level of "Trust" you require. That doesn't just apply
to China, although their recent behavior RE Google (as if Moonlight Maze
wasn't bad enough) means that their default/baseline trust level should
be much lower than , say equipment made by our NATO allies captive
government owned companies.

 

At the very least, you should audit and baseline firmware to whatever
you consider acceptable and have tested in your network.

 

It all depends on what your required level of security, mitigation
strategies, and acceptable level of risk is. That's what the "Residual
Risk Matrix" in DITSCAP/DIACAP is all about.

 

 

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Robert Portvliet
Sent: Friday, February 05, 2010 9:31 AM
To: funsec () linuxbox org
Subject: [funsec] Can you trust Chinese computer equipment?

 



http://hardware.slashdot.org/story/10/02/05/1548226/Can-You-Trust-Chines
e-Computer-Equipment

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.