Trusting COTS - What's really in the box?

• Previous message (by thread): Trusting COTS - What's really in the box?
• Next message (by thread): Trusting COTS - What's really in the box?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> Several third party firmwares for the linksys wrt54g wireless AP +
>> "router" (which, of course, is owned by brand C) implement sshd using
>> dropbear. For example, the ones at sveasoft, and at h.vu.wifi-box.net
> 
> How do you know what you get in the box is the same as what was
> shipped from the factory?  Or was it just re-sealed and put back
> on the shelf with an altered configuration?
> 
> http://www.securityfocus.com/archive/1/364977
> 
> If you buy your network equipment off Ebay, what are you really
> getting?  Does it come with hitchhiking firmware pre-installed?
> The power of the Internet means the bad guys don't need to care
> who buys the tampered equipment, because it can "call home" and
> tell the bad guy where it ended up.

and, of course, there are no back doors in code directly from
vendors, government standards (can you say clipper), ...
[sounds of luftswineza]

building from certifiable open source that has been inspected
by many is the only half-credible scheme of which i am aware.

randy

• Previous message (by thread): Trusting COTS - What's really in the box?
• Next message (by thread): Trusting COTS - What's really in the box?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]