On Wed, 18 Feb 2015 12:49:28 -0800 Larry Brigman dijo: >Not just hard drives but the whole of the electronics coming out of >china in the near future. On Wed, Feb 18, 2015 at 01:36:54PM -0800, John Jason Jordan wrote: > A couple of questions: > > 1) Does this include hard drives and other hardware in computers used by > the federal government?
The feds have policies controlling the storage hardware they allow into secure sites. I have relatives near Annapolis, and the best technical library nearby is Nimitz Library at the Naval Academy. The USNA does not allow USB flash drives and outside computers onto the campus; too many ways for data to leak over airgaps from Navy secure sites, or trojans to find their way back in. I just got my first hearing aid. The computer in it is more sophisticated than my old flip phone. In another decade, hearing aids will store gigabytes, have agile radios that can communicate on any band, and be yet another transport for digital infection. > 2) Does there exist hardware free from these backdoors, perhaps > manufactured in a country unfriendly to the US government? Yes, all hardware is free of backdoors. Trust us. Also, all of the US is unfriendly to one aspect or another of the US government. :-) Here's yet another (rather technical) recent article on the subject: http://spectrum.ieee.org/semiconductors/design/stopping-hardware-trojans-in-their-tracks The answer is "you cannot know without very sophisticated teardown." Techniques like those suggested by the authors of the article above /might/ work, or they might simply add some expense and complexity to the task of adding backdoors to critical hardware. Unless the chips are transported by trusted courier between manufacturers, and directly to the final installation at a secure site, the good guys can add all the complexity they want, and the bad guys can replace secure items with compromised counterfeits, rerouting shipments by hacking Fed Ex. Keith -- Keith Lofstrom [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
