[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"To Protect and Infect" - the edges of privacy-invading technology

On Tue, Dec 31, 2013 at 8:02 PM, Hannes Frederic Sowa
<hannes at stressinduktion.org> wrote:
> Most of the implants are installed without we surely know if the vendors
> did know about that or am I missing something?

are you only considering this 30C3/catalog set of docs?

venally complicit to conveniently compromised to blissfully ignorant
compromise of hardware vendors goes back to CryptoAG and as recently
as the BULLRUN leaks.  a bit too long and complicated a thread for
this list, i think...

> I also don't count RSA as a hardware vendor in this case, as the
> backdoored RNG was included in their bSafe suite, which is purely
> software.

sure, just another example of in scope target for a "compromise all
the things" approach.

my point was to highlight their response as particularly deceptive and
inexcusable when observing how the various parties not only respond,
but act, in response to these leaks. (e.g. Google deploying crypto
over their internal fibers is positive action.  sitting silent or
deflecting criticism not confidence inspiring...)

best regards,