funsec mailing list archives

Re: Can you trust Chinese computer equipment?

From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Sat, 13 Feb 2010 21:42:11 -0800

Established configuration/regression/as-used test of the code, and
version, to be used, in a lab environment, with all the other code it's
supposed to be loaded with, in the production configuration.

 

If you were @ ISOI 6 you would have seen an extended discussion of this,
which I was one of the main protagonists in.

 

 

 

From: Benjamin Brown [mailto:optikali () gmail com] 
Sent: Saturday, February 13, 2010 8:44 PM
To: Tomas L. Byrnes
Cc: Robert Portvliet; funsec () linuxbox org
Subject: Re: [funsec] Can you trust Chinese computer equipment?

 

I apologize for waxing n00b, but what exactly do you mean by "baseline"?

Thanks!
-Ben

On Sat, Feb 13, 2010 at 10:48 PM, Tomas L. Byrnes <tomb () byrneit net>
wrote:

Las year, I had to clean out a client site due to a Trojan loaded on one
of their employee's laptops from a kid's learning program that was
duplicated in China.

 

Clearly, the PRC is engaging in war by other means.

 

YMMV, but I won't load anything into my network without a full baseline,
and I no longer install software via any method except direct download
from the manufacturer with hash code check.

 

 

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Benjamin Brown
Sent: Friday, February 05, 2010 9:47 AM
To: Robert Portvliet
Cc: funsec () linuxbox org
Subject: Re: [funsec] Can you trust Chinese computer equipment?

 

I know a good deal of electronic equipment I have bought from Hong Kong
and Mainland China have had Driver CDs or Tutorial CDs with Trojans. 

Then again this is only anecdotal evidence =P

On Fri, Feb 5, 2010 at 12:30 PM, Robert Portvliet
<robert.portvliet () gmail com> wrote:



http://hardware.slashdot.org/story/10/02/05/1548226/Can-You-Trust-Chines
e-Computer-Equipment



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Can you trust Chinese computer equipment? Robert Portvliet (Feb 05)
- Re: Can you trust Chinese computer equipment? Benjamin Brown (Feb 05)
  - Re: Can you trust Chinese computer equipment? Tomas L. Byrnes (Feb 13)
    - Re: Can you trust Chinese computer equipment? Benjamin Brown (Feb 13)
    - Re: Can you trust Chinese computer equipment? Tomas L. Byrnes (Feb 13)
    - Re: Can you trust Chinese computer equipment? Tomas L. Byrnes (Feb 13)
    - Re: Can you trust Chinese computer equipment? Valdis . Kletnieks (Feb 14)
    - Re: Can you trust Chinese computer equipment? Tomas L. Byrnes (Feb 14)
- Re: Can you trust Chinese computer equipment? David Harley (Feb 05)
- Re: Can you trust Chinese computer equipment? Shawn Merdinger (Feb 14)
- <Possible follow-ups>
- FW: Can you trust Chinese computer equipment? Tomas L. Byrnes (Feb 13)