NSA able to compromise Cisco, Juniper, Huawei switches
blair.trosper at gmail.com
Tue Dec 31 05:19:37 UTC 2013
To supplement and amend what I said:
These are the KINDS of things we want the NSA to do; however, the
institutional oversight necessary to make sure it's Constitutional,
warranted, and kept "in bounds" is woefully lacking (if any exists at all).
Even FISA is unsatisfactory.
At any rate, I agree that the current disposition of the NSA (or, at least,
what's been leaking the last few months) is simply unacceptable and cannot
be allowed. I say that last part from the perspective of a US citizen,
though I'd imagine most people of other nationalities would agree with me,
but probably for different reasons.
On Mon, Dec 30, 2013 at 11:08 PM, Jimmy Hess <mysidia at gmail.com> wrote:
> On Mon, Dec 30, 2013 at 10:41 PM, Blair Trosper <blair.trosper at gmail.com>wrote:
>> I'm torn on this. On one hand, it seems sinister. On the other, it's not
>> only what the NSA is tasked with doing, but it's what you'd EXPECT them to
>> be doing in the role as the NSA.
> The NSA's role is not supposed to include subterfuge and undermining the
> integrity or security of domestic enterprise infrastructure
> With any luck, we'll hopefully find absolutely nothing, or that it was
> "targetted" backdooring against specific targets only.
> And people have a need to know that the security agencies haven't left a
> trail of artificially inserted bugs and backdoors in common IT equipment
> providing critical infrastructures services, and that the agencies haven't
> prepared a collection of instant-root 0days, that are no more protected
> then the agencies' other poorly guarded "secrets".
> There would be a risk that any 'backdoors' are ready to be exploited by
> other unintended nefarious actors!
> Because the NSA are apparently great at prepping the flammables and
> setting fires, but totally incapable of keeping the fires contained,
> once they (or someone else) lights it.
> It is not the least bit necessary for the NSA itself to be a nefarious
> actor exploiting things or even complicit; for the mere presence of any
> backdoor or surreptitious code to eventually have the potential for serious
> It could well be a rogue ex-employee of the NSA, such as Snowden, or
> others, that happened to be aware of technical details, hackers, or
> members of a foreign nation state, who will just happen to have the time
> and energy to track down open doors waiting for the taking, AND figure
> out how to abuse them for evil purposes.
> There are enough potential 0day risks, without intentional ones, waiting
> for bad guys to co-opt!
More information about the NANOG