Wednesday, August 1, 2012

Huawei vulnerabilities accidental or by design?

Former Cisco employee Dan Kaminski was quoted in the Network World article (read the article here)  as saying:
If I were to teach someone from scratch how to write binary exploits, these routers would be what I'd demonstrate on.
According to the article, "Huawei equipment powers half the world's Internet infrastructure…" Given the "data exhaust" of China's documented "bad Internet citizenship," it is not a gigantic leap of logic to suggest that those security holes are no accident.

2 comments:

  1. Hello.
    The Sabotage can be easier.

    +A study of the security unit of Microsoft, Digital Crime, has revealed that some of the firm computers made ​​in China and contained a virus before they reach the market, as reported by the company. Specifically, these computers were connected to a botnet called Nitol.

    +The infected computers were connected to the server via the controlled DNS service that facilitated Chinese website 3322.org, which since 2008 has been associated with such activities. Microsoft has discovered that over 70,000 subdomains of this website could be found up to 500 different types of malware.

    +To prevent problems for users of these computers, and others who may have been infected later to form part of Nitol, a Virginia state court has ordered the registrar of dominios.org that redirects all traffic to the domain 3322.org Redmond giant's servers. Microsoft has blocked traffic 70,000 subdomains those affected, allowing the rest of the web continues to run.

    +More:The Official Microsoft Blog
    http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx

    So ... China Can be considered the enemy? Should we stop trading with China?

    ReplyDelete
  2. Joseph, to answer your last question—"Should we stop trading with China?"—my answer is "Definitely no." The only thing that keeps China from completely lowering the hammer on full-scale cyberwar is our mutual trade and financial dependence. Heck, our national debt service is funding 70% of their military budget (take that number with a grain of salt, since it was touted by a conservative radio talk show host). The "tipping point" at which China might declare full-scale cyberwar is that point at which (a) they think they can completely win and (b) dominate the world economy in perpetuity. Right now, we're their biggest (espionage-driven but nevertheless real) technology R&D facility, and until they think they can replace that capability we're relatively safe.

    ReplyDelete

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?