NSA able to compromise Cisco, Juniper, Huawei switches

Tue Dec 31 04:41:20 UTC 2013

I'm torn on this.  On one hand, it seems sinister.  On the other, it's not
only what the NSA is tasked with doing, but it's what you'd EXPECT them to
be doing in the role as the NSA.

I'm not saying it's right or wrong...it creeps me out a little,
though...but these are the kinds of things we have demanded that they do
(via our elected representatives).

More to the point, I really doubt the NSA has any interest whatsoever in my
Facebook or Twitter account.  It's probable a means to and end...a
transitory stop on their way to propagating more widely.  They need regular
folks to propagate, but in reality, they likely have zero interest in our
actual accounts at the end of the day.  I think of it a bit like a virus
with a slightly less hysterical outcome/plan.

On Mon, Dec 30, 2013 at 10:33 PM, Dobbins, Roland <rdobbins at arbor.net>wrote:

>
> On Dec 31, 2013, at 11:06 AM, [AP] NANOG <nanog at armoredpackets.com> wrote:
>
> > Then looking at things from the evil side though, if they owned the
> system which provides the signing then they could sign
> > virtually anything they wish.
>
> Or if they owned *people* with the right level of access to do so, or if
> there were implementation bugs which could be utilized to bypass or obviate
> the signing . . .
>
> None of the alleged capabilities described in the purported documents is
> really standalone; they all rely upon other methods/mechanisms in order to
> provide the required foundation to accomplish their stated goals.
>
> > I think we need to watch and listen/read over the coming weeks and
> months before we go assuming we have it figured out.
>
> This is the most pertinent and insightful comment made in this thread.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
>           Luck is the residue of opportunity and design.
>
>                        -- John Milton
>
>
>