On Tue, Dec 31, 2013 at 8:02 PM, Hannes Frederic Sowa <hannes@stressinduktion.org> wrote:
... Most of the implants are installed without we surely know if the vendors did know about that or am I missing something?
are you only considering this 30C3/catalog set of docs? venally complicit to conveniently compromised to blissfully ignorant compromise of hardware vendors goes back to CryptoAG and as recently as the BULLRUN leaks. a bit too long and complicated a thread for this list, i think...
I also don't count RSA as a hardware vendor in this case, as the backdoored RNG was included in their bSafe suite, which is purely software.
sure, just another example of in scope target for a "compromise all the things" approach. my point was to highlight their response as particularly deceptive and inexcusable when observing how the various parties not only respond, but act, in response to these leaks. (e.g. Google deploying crypto over their internal fibers is positive action. sitting silent or deflecting criticism not confidence inspiring...) best regards,