On (2013-12-31 23:04 +0000), Warren Bailey wrote:
that RSA had a check cut for their participation (sell outs..), would it be out of the realm of possibility cisco knowingly placed this into their product line? And would it be their mistake to come out with a “we had no idea!” rather than “guys with badges and court orders made us do it!”?
Is this legal? Can NSA walk in to US based company and legally coerce to install such backdoor? If not, what is the incentive for private company to cooperate? If legal, consider risk to NSA. Official product ran inside company to add requested feature, hundred of people aware of it. Seems both expensive to order such feature and almost guaranteed to be exposed by some of the employees. Alternative method is to presume all software is insecure, hire 1 expert whose day job is to search for vulnerabilities in IOS. Much cheaper, insignificant risk. Which method would you use?
techniques isn’t a surprise to me, what is a surprise to me is the level of acceptance the IT community has shown thus far on NANOG.
This seems like generalization, majority opinion seems to be, government has no business spying on us. Someone contacted me yesterday, after reading how I'd love to see some of these attacks dissected and analysed to gain higher quality data than screenshot of PDF. He told me, he and his employer are cooperating with their vendor right now looking at attack done against router they operate and claimed they are aware of other operators being targeted. Unfortunately he couldn't share any specifics, so hopefully we'll soon have situation where someone can dissect publicly any of the attacks. If this is as widespread as claimed, and if we'll gain knowledge how to see if you are affected, there are potentially repercussions on geopolitical scale, as I'm sure many on these lists would go public and share information if they'd find being targeted. -- ++ytti