Domain: devttys0.com
Stories and comments across the archive that link to devttys0.com.
Comments · 7
-
7 and 8 are just guesses, but here is evidence:
A few of the many stories about backdoors in U.S. hardware:
D-Link: Reverse Engineering a D-Link Backdoor (Oct. 12, 2013)
Arris: 600,000 Arris cable modems have 'backdoors in backdoors', researcher claims (Nov. 20, 2015)
Juniper Networks: Juniper drops NSA-developed code following new backdoor revelations (Jan. 10, 2016)
Cisco: Snowden: The NSA planted backdoors in Cisco products (May 15, 2014)
Netgear: Netgear Patch Said to Leave Backdoor Problem in Router (April 23, 2014)
Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)
Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)
Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)
Hard drives: Breaking: Kaspersky Exposes NSA's Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware (Feb. 17, 2015)
Is every backdoor the work of the NSA? There is no way of knowing. -
Want safe equipment? Buy outside the U.S.
A few of the many stories about backdoors in U.S. hardware (Copied from another comment.):
D-Link: Reverse Engineering a D-Link Backdoor (Oct. 12, 2013)
Arris: 600,000 Arris cable modems have 'backdoors in backdoors', researcher claims (Nov. 20, 2015)
Juniper Networks: Juniper drops NSA-developed code following new backdoor revelations (Jan. 10, 2016)
Cisco: Snowden: The NSA planted backdoors in Cisco products (May 15, 2014)
Netgear: Netgear Patch Said to Leave Backdoor Problem in Router (April 23, 2014)
Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)
Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)
Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)
Hard drives: Breaking: Kaspersky Exposes NSA's Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware (Feb. 17, 2015)
Is every backdoor the work of the NSA? There is no way of knowing. -
NOT "purely political"! Secret gov. is not healthy
That is certainly NOT a "purely political" story; although I can understand why someone would make that mistake. It's a story about the decline of technology in the United States caused by those who make money favoring secret actions by secret U.S. government organizations.
NSA = No Sales for America.
Boeing Might Lose $4B Brazil Deal For F-18 Jets After NSA Surveillance Scandal; Analysts Say Politics Won't Trump Business (09/12/13)
Three months later: President Dilma Rousseff Announces Brazil Is Buying Sweden's Saab Gripen Jet Fighters (12/18/13)
NSA = Not a Sensible Arrangement.
The NSA does not provide "Security". Instead, the secrecy makes everyone feel insecure. Anyone can claim that a secret organization did something destructive; that's an easy sale when a small group wants violence. Suppose an NSA manager wants a promotion. The manager can arrange something likely to cause violence; there is no outside review; new violence can be used as a reason for new authority.
Consider the Culture of fear. Nazi leader Hermann Goring: "The people don't want war, but they can always be brought to the bidding of the leaders. This is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism and for exposing the country to danger. It works the same in every country."
Quote from that same Wikipedia page: 'Former US National Security Advisor Zbigniew Brzezinski argues that the use of the term War on Terror was intended to generate a culture of fear deliberately because it "obscures reason, intensifies emotions and makes it easier for demagogic politicians to mobilize the public on behalf of the policies they want to pursue." '
Another quote: "... journalist Adam Curtis argues that politicians have used our fears to increase their power and control over society."
NSA = No Structural Authority.
There are complicated problems in running ANY organization. Managing secret organizations sensibly is impossible. Each manager of a secret organization has an excuse to hide his or her mistakes. There can be no outside ideas to fix problems because no outsiders are allowed to know what is happening.
Backdoors:
The U.S. government allows secret government agencies to go to any executive in any company, make demands for "security", and threaten the executive with prison if he or she doesn't do what the secret agency wants. Is that the reason that U.S. computer equipment has backdoors? We are not allowed to know. Secret agencies are allowed to lie, so even if an agency says it didn't force a backdoor, no one can know if the statement is true.
A few of the many stories about backdoors in U.S. hardware:
D-Link: Reverse Engineering a D-Link Backdoor (Oct. 12, 2013)
Arris: 600,000 Arris cable modems have 'backdoors in backdoors', researcher claims (Nov. 20, 2015)
Juniper Networks: Juniper drops NSA-developed code following new backdoor revelations (Jan. 10, 2016)
Cisco: Snowden: The NSA planted backdoors in Cisco products (May 15, 2014)
Netgear -
Re:Words without actions are meaningless
http://www.devttys0.com/wp-con...
I don't know if that is the same issue or ont.
-
If consumers made informed buying decisions
If consumers made informed buying decisions, D-Link would be out of business. Does anyone still believe that they're not producing "bug backdoors"? Seriously, patches which introduce the exact same kind of bug in a different place while fixing the previous bug? D-Link survives through the power of marketing alone. Their products are worse than flawed.
-
FUD
This strikes me as the sort of thing someone would post and flood to every content aggregator if they wanted to gain themselves a lot of exposure for finding a flaw in an embedded wireless device.
The fact that it has a cute little relay on it doesn't really make the "attack" much more remarkable. $10 says that the web UI for the thing is vulnerable to XSS, completely negating the need to root the device itself. Hacking embedded web servers isn't a real feat by any measure.
Toggling a relay on and off will just result in the contacts wearing out, I could see it causing a problem if you get it to repeatedly arc, but these things won't be rated for enough current for that to be a problem - the fuse in the should blow if the device somehow draws a dangerous amount of current.
-
Re:DD-WRT?From the actual annoucement: (what I get for not reading TFA) http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/
Yeah, dd-wrt is affected.