Re: Huawei

[Jeffrey Walton <noloader () gmail com>]

On Mon, Jul 22, 2013 at 8:47 PM, Bruce Ediger <bediger () stratigery com> wrote:
> On Mon, 22 Jul 2013, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
>
> > "Huawei Is a Security Threat and There's Proof, Says Hayden"
> >
> > However, they are not going to tell you what the proof is.
>
>
> I assumed that because it was Hayden, that was just more "Let's keep
> the Cyberwar Boogieman going, because otherwise, how will we keep the
> pig's trough with taxpayer dollars?"
>
> I mean, the End of Communism was pretty tough on the Beltway Bandits.
> People wanted a Peace Dividend.
Lol... All of that is do true!!!

> I'm not personally familiar with what Huawei sells. Is there some way
> to slip data back to Unit 61398? I suppose you could use some kind of
> covert channel, but given the amount of data available, wouldn't that
> amount overwhelm any side channels?
The Chinese simply encrypt it and send it out - no need for a side
channel. The US and its contractors are usually no wiser, and the US
does not usually know what's been egressed once detected because its
been encrypted (no, they don't use SSL/TLS). Confer: America the
Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime,
and Warfare, ISBN 159420313X.

> If you just used IP packets, wouldn't they be visible on other company's
> routers and egress filtering appliances?  What other kind of packets
> could get routed from a random Huawei box in a telecomm center back to
> Shanghai?
It gets proxied through a compromised host. I doubt it goes to China directly.

Jeff
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.