Not trying to sound paranoid, in light of recent events...
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The ban applies to various agencies in the Five Eyes alliance (UK, US, Canada, New Zealand and Australia) where such rules are normally implemented across the board given the interconnected nature of some of their classified networks, AFR said.
"Five Eyes" ? How unusual. Together do they make the one eye ?
I was hoping they would provide more details of exactly which firmware contains the backdoor. It is most likely UEFI, as it is the most capable, and IMO the only one capable of the things they say.
IT security industry analyst at tech research firm IBRS, James Turner, said hardware back doors are very hard to detect if well designed.
They were often created to look like a minor design or manufacturing fault, he said. To avoid detection, they are left latent until activated by a remote transmission.
“Most organisations do not have the resources to detect this style of infiltration. It takes a highly specialised laboratory to run a battery of tests to truly put hardware and *software through its paces,” Mr Turner said. “The fact that Lenovo kit is barred from classified networks is significant, and something the *private sector should look at closely.”
Professor Villasenor said malicious circuitry known as “kill-switches” can be used to stop devices working and to establish back doors. French defence contractors reportedly installed kill-switches into chips that can be remotely tripped if their products fall into the wrong hands.
I'm not yet convinced that this is not just more anti-China propaganda and nothing more. If they don't post details, I don't trust the eye(s).
They use AT&T trucks as cover for wiretapping operations. They use pest control trucks as cover for poisoning people. But there's absolutely no way they tried to seek a back door into hardware, like the Clipper Chip.
No, they don't kill people who discover a conspiracy. That would make it seem plausible. They use undercover agents to exaggerate the details of that conspiracy, add details that will make it seem ridiculous and unbelievable.
The clipper chip is a different issue, although not completely unrelated. For sure you should not count on hardware encryption certified by the gov and/or NSA.
The practicality of putting a backdoor in firmware, unless it is something like UEFI, is low. The most they can put in other firmware is a kill switch, or they can implement a backdoor in an encryption algorithm itself.
Firmware is just software burned onto a chip. Unlike the old EEPROMs that had to be erased with UV light through a little window on top, most "firmware" these days is on a plain flash chip which makes modifying the code child's play.
Here's a paranoid thought for you though: maybe big companies like Google and Facebook are allowed to succeed because they cooperate with the government, not because people love the site. And maybe any company that doesn't cooperate with the government gets sabotaged, once they reach a certain size anyway. Of course, I'm sure anti-trust laws are enforced with zero tolerance for noncompetitive behavior... because we live in a free-market society.
Last edited by 911InsideJob; 07-29-2013 at 07:30 AM.
Here's a paranoid thought for you though: maybe big companies like Google and Facebook are allowed to succeed because they cooperate with the government, not because people love the site. And maybe any company that doesn't cooperate with the government gets sabotaged, once they reach a certain size anyway. Of course, I'm sure anti-trust laws are enforced with zero tolerance for noncompetitive behavior... because we live in a free-market society.
Yes, that is true. You need the Don's approval to become a made man
As for the firmware, yes you can flash firmware, but how much can you do in firmware, that's my question. You are very limited in terms of space for the code and access to resources. That's why I said, I think such complex things are only plausible for UEFI, which can do a lot and have plenty of space, unlike older BIOSs.
You're right, if the NSA was putting backdoors on flash chips someone would get the bright idea to desolder the chip and use some prog like Linux's dd to download, modify and reflash it, before re-soldering it back into the device. Why, someone like that might be able to reverse the backdoor and gain access to data coming from the other direction. But on second thought, I'm sure that couldn't happen, so no need for the government to be paranoid. hehehehe
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.