Trusting COTS - What's really in the box?

• Previous message (by thread): IT security people sleep well
• Next message (by thread): Trusting COTS - What's really in the box?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 8 Jun 2004, Suresh Ramasubramanian wrote:
> Several third party firmwares for the linksys wrt54g wireless AP +
> "router" (which, of course, is owned by brand C) implement sshd using
> dropbear. For example, the ones at sveasoft, and at h.vu.wifi-box.net

How do you know what you get in the box is the same as what was
shipped from the factory?  Or was it just re-sealed and put back
on the shelf with an altered configuration?

http://www.securityfocus.com/archive/1/364977

If you buy your network equipment off Ebay, what are you really
getting?  Does it come with hitchhiking firmware pre-installed?
The power of the Internet means the bad guys don't need to care
who buys the tampered equipment, because it can "call home" and
tell the bad guy where it ended up.

• Previous message (by thread): IT security people sleep well
• Next message (by thread): Trusting COTS - What's really in the box?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]