North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Trusting COTS - What's really in the box?
>> Several third party firmwares for the linksys wrt54g wireless AP + >> "router" (which, of course, is owned by brand C) implement sshd using >> dropbear. For example, the ones at sveasoft, and at h.vu.wifi-box.net > > How do you know what you get in the box is the same as what was > shipped from the factory? Or was it just re-sealed and put back > on the shelf with an altered configuration? > > http://www.securityfocus.com/archive/1/364977 > > If you buy your network equipment off Ebay, what are you really > getting? Does it come with hitchhiking firmware pre-installed? > The power of the Internet means the bad guys don't need to care > who buys the tampered equipment, because it can "call home" and > tell the bad guy where it ended up. and, of course, there are no back doors in code directly from vendors, government standards (can you say clipper), ... [sounds of luftswineza] building from certifiable open source that has been inspected by many is the only half-credible scheme of which i am aware. randy
|