As read in the People's Daily
|
|
|
Advertisement
Subscribe to INQ newsletters
Advertisement
INQ Poll
Companies looking for a safe environment for purchasing used networking equipment should make sure they are dealing with a member of the United Network Equipment Dealer Association (www.uneda.com). More than 300 members worldwide work together to promote and uphold the highest standards and best practices when it comes to buying and selling legitimate pre-owned gear from all the leading OEMs. Together, UNEDA members sell more than $2 billion in pre-owned gear annually to over 10,000 customers, fueled by an increased supply of and demand for pre-owned network routers, switches, access servers, security products and VoIP phones/telephony products at savings of up to 90 percent off OEM list prices.
http://www.phrack.org/issues.html?issue=65&id=9#article
There's a simple solution to the problem ... its called a pre-emptive strike. About 75 to 80 well placed blasts would be all it would take to neutralize the Chinese threat. I'd do it in a heart beat.
Is there any guarantee that there is no backdoor in Cisco equipment, intentional or not? Users outside the US may want to reevaluate the possibilities.

http://www.heise.de/newsticker/Insecure-by-Design-Cisco-Produkt-ab-Werk-mit-Backdoor--/meldung/105068
I'll bet genuine Cisco routers aren't made in California. In fact, they are probably made in China. If not, certainly most of the components are.

It is unlikely that the Chinese would have a hardware hack that implements a backdoor, it would be far more likely with software. All they need for that is a copy of Cisco's IOS source code. I don't suppose they've ever employed a Chinese national with a sufficient level of access to snag a copy of the source? ;)

Once you have that, you just need to make a few modifications. One, to insert your backdoor. Two, to modify the code that installs updated firmware images to insert that backdoor into and the modified code that installs updated firmware images itself.

See "On trusting trust" by Dennis Ritchie (you'll find it via google)

This is what the FBI should be worrying over, not counterfeit but likely 100% identical router hardware.

Doug
All these cost cutting measures make me proud to be an American.