[167992] in North American Network Operators' Group
Re: Open source hardware
daemon@ATHENA.MIT.EDU (Darren Pilgrim)
Fri Jan 3 18:50:30 2014
Date: Fri, 03 Jan 2014 15:49:47 -0800
From: Darren Pilgrim <nanog@bitfreak.org>
To: =?windows-1252?Q?=22Dani=EBl_W=2E_Crompton=22?=
<daniel.crompton@gmail.com>, "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <CALKmEuA+wWnnstsWvsa+bJyFC=N3S=sAREfO0Ou9Oe53n0nWPg@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/3/2014 2:05 AM, Daniël W. Crompton wrote:
> Good point Jimmy, there is a world of hurt involved, although it may be
> slightly less painless when you realize that the alternative is: "*the NSA
> [who] has modified the firmware of computers and network hardware—including
> systems shipped by Cisco, Dell, Hewlett-Packard, Huawei, and Juniper
> Networks—to give its operators both eyes and ears inside the offices the
> agency has targeted.*"[1]
Why would you think other platforms would be any safer? The NSA plants
those bugs with interdiction operations. They could similarly install
eavesdroppers in the USB/serial links of your KVM switches and terminal
servers and capture your root/admin/console passwords.
Dell, HP, Cisco, etc. were named because the leaked docs mention
hardware-specific BIOS/firmware bugging such as ILO piggybacking in a
Proliant. I think it's foolhardy believing they wouldn't have similar
attacks for just about everything.
