From: James Rogers (jamesr@best.com)
Date: Mon Apr 29 2002 - 10:49:35 MDT
On Mon, 2002-04-29 at 02:38, KPJ wrote:
> No Such Agency might have a different view, of course. Your statement
> also requires that network equipment sold abroad from the U.S. contain no
> secret back doors. In a cloak-and-dagger world, one should avoid such
> assumptions in order to avoid unnecessary security breaches.
The US does tamper with core routers and such sold abroad. Though the
US government denies knowledge, I distinctly remember the French being
furious a few years back when the French government discovered that some
of their core networking boxes which had been purchased from a major
American networking company were quietly forwarding interesting traffic
to parts unknown. The French had been using the routers for years; they
didn't even consider the possibility that their network systems had been
"rooted" the day they bought them. They knew they had been leaking
intelligence like a sieve, but it took them quite a bit of
counter-intelligence work to figure out that the US had back-doored
their networking hardware. IIRC, they finally figured it out through a
counter-intelligence analysis of the GATT treaty negotiations.
Which is all the more reason to use encryption on your own networks,
rather than only using it when you connect to remote sites. You rarely
know if your own hardware is actually "friendly".
-James Rogers
jamesr@best.com
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:13:41 MST