Posts by Rich of Observationz
Last ←Newer Page 1 2 3 4 5 Older→ First
-
You still have to get that data back to you, though
Send apparently legitimate traffic through the target network and "corrupt" it with the gathered info (which would not be large - a million login packets is only a gigabyte).
I doubt any state would actually do it (and certainly Huawei would be very unlikely to do it knowingly).
SSL decryption will probably become widely* possible within the next few years
I'm waiting in hope for the first government operative to realise quite how much money they can steal.
-
Hard News: The Huawei Question, in reply to Matthew Poole,
If I was asked to build a backdoor into a router, I'd look at a few options:
- create an overlooked buffer overrun vulnerability, buried in some complex protocol parsing code. Inadvertent buffer overruns have been found (including by me) in code that's been repeatedly tested and audited in the past.
- implement some kind of broken higher level protocol
- play around with the encryption math
Having got access, it wouldn't be hard to gather selective data, such as connections to servers in a certain country, login packets, etc. It also wouldn't be hard to mount a denial-of-service attack - though this would have an obvious reputational impact on the equipment manufacturer.
(Login packets would only be useful if the agency collecting the data had SSL decryption abilities. That gets increasingly possible as time goes on).
-
Continued from above
I think the post size limit is there to encourage brevity. Just sayin.
-
I'd see the Chinese 'patriotic' hackers as being an online equivalent to the football thugs that used to travel from England to various foreign countries dumb enough to host them at soccer, and then battle the locals and cops.
The UK government put in various measures to stop them, like banning convicted thugs from getting passports and tipping off overseas states to turn them round at the airport.
Maybe if the Chinese government see hacking as a threat to their exports, they'll introduce effective measures against the hackers. (Hopefully proportionate ones rather than murder and torture).
-
My view on the justification for a threshold is influence.
A single MP can, by acting as sand in the machine, achieve policy and office that an MP for a larger party would struggle with. (If Dunne was a National MP, would he be a minister? Or get his policies enacted? If Banks was a National MP, would we hear anything of Charter Schools?).
We can't do anything about MPs who've got an agglomeration of support in one area (apart from changing the whole system, which I won't cover here). But we can have a threshold.
I'd agree with the 2.5% level, and no coat-tailing.
-
Hard News: The Huawei Question, in reply to James George,
Can't be having peace lest no one buys our guns, is the kindest rationale to come to mind
The other one is that Israel vehemently doesn't want any Arab state (especially one of her neighbours) to evolve into a stable, strong democracy with an military focused on national defence rather than internal repression.
-
A few more or less techy points:
- what is being acquired is an Internet access network. The Internet is *defined* as insecure, unreliable delivery of IP packets - anything else, you can put a layer on, like SSL.- there is a possibility that embedded malware could disrupt the control/billing/routing segment and cause a denial of service - that can't be layered against.
- it's also possible that Western network companies put backdoors in their products for NSA/GCHQ and these agencies wish to limit the use of kit that doesn't have such backdoors
- the more open source and local content in the system, the less vulnerable it would be to attack from all angles.
-
Hard News: The Huawei Question, in reply to martinb,
digging hobbits
Where were they buried?
-
Hard News: The Huawei Question, in reply to Matthew Poole,
it’s not really [senior management's] job to know the difference,
That is certainly the model in most large tech companies (and companies who are too far up themselves to realise that what they do is tech). I'd argue that the minority where that *isn't* the case and the boss has a detailed understanding and the ability to dig into the detail perform way better. Apple under Jobs was the obvious example. Or Microsoft, way back in the day. Or Google - who've dispensed with their generalist CEO and put the geeks back in control.
The RNCs cost millions of dollars
Not sure how you'd quantify the reputational and cash loss from the system failing. Certainly it's much worse for Telecom than Alcatel Lucent - if AL made the deployment decisions, they had a lot less skin in the game than Telecom. The other, less technical decision was to go for a bare 3G system - going with GSM/3G (which VF and 2 degrees have) would have cost more but would (I think) have been more resilient to failure - people cared (then) a lot more about losing text & voice than losing data.
-
Non-democratic governments are accountable to no-one.
They have stakeholders. These might include the members of the government, the army, the wealthy, patron states, even the masses (who, in a non-voteocracy, have few outlets for discontent that don't involve the regime hanging from lampposts).