[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What the hell can be done with this trinity?



Could you email me your past posts on FIPS 140 and the NSA rule? I would like to include them in a future post on /r/badBIOS on reddit.com. Thanks.

On December 30, 2014 6:59:37 PM EST, Peter Gutmann <[email protected]> wrote:
>Badbiosvictim <[email protected]> writes:
>
>>USPS interdiction of routers, computers, packages and mail has little
>over
>>sight. USPS attempted to censor report of failure to follow
>safeguards.
>
>There's actually a security standard that's supposed to deal with this
>sort of
>thing, FIPS 140 (people who have seen my previous posts about what a
>waste
>of... well, everything FIPS 140 is should see what's coming here :-). 
>If you
>recall the Snowden-provided NSA photos of their people intercepting
>Cisco gear
>in transit and adding supplementary functionality to it:
>
>* The physical seals are applied after it reaches its destination.  You
>order
>a special "FIPS kit" consisting of (allegedly) tamper-evident stickers
>that
>  you apply to the gear after the NSA has tampered with it.
>
>* Since your $40,000 router doesn't come with the stickers that you
>need for
>FIPS 140 compliance, you have to order them specially.  No-one bothers
>(the
>description I got was "in the n years I've been involved with this, I
>can
>count the number of customers who've done it on the fingers of one
>hand").
>
>* No-one who works with the gear has any idea what a tampered sticker
>would
>  look like, but in any case they're never checked once applied.
>
>Still, at least there's a government standard for it.
>
>Peter.