Open source hardware
nanog at bitfreak.org
Fri Jan 3 23:49:47 UTC 2014
On 1/3/2014 2:05 AM, Daniël W. Crompton wrote:
> Good point Jimmy, there is a world of hurt involved, although it may be
> slightly less painless when you realize that the alternative is: "*the NSA
> [who] has modified the firmware of computers and network hardware—including
> systems shipped by Cisco, Dell, Hewlett-Packard, Huawei, and Juniper
> Networks—to give its operators both eyes and ears inside the offices the
> agency has targeted.*"
Why would you think other platforms would be any safer? The NSA plants
those bugs with interdiction operations. They could similarly install
eavesdroppers in the USB/serial links of your KVM switches and terminal
servers and capture your root/admin/console passwords.
Dell, HP, Cisco, etc. were named because the leaked docs mention
hardware-specific BIOS/firmware bugging such as ILO piggybacking in a
Proliant. I think it's foolhardy believing they wouldn't have similar
attacks for just about everything.
More information about the NANOG