----- Forwarded message from ianG <iang@iang.org> ----- Date: Tue, 30 Jul 2013 14:07:44 +0300 From: ianG <iang@iang.org> To: Crypto discussion list <cryptography@randombit.net> Subject: [cryptography] evidence for threat modelling -- street-sold hardware has been compromised User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 It might be important to get this into the record for threat modelling. The suggestion that normally-purchased hardware has been compromised by the bogeyman is often poo-pooed, and paying attention to this is often thought to be too black-helicopterish to be serious. E.g., recent discussions on the possibility of perversion of on-chip RNGs. This doesn't tell us how big the threat is, but it does raise it to the level of 'evidenced'. http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgc... Computers manufactured by the world’s biggest personal computer maker, Lenovo, have been banned from the “secret” and ‘‘top secret” networks of the intelligence and defence services of Australia, the US, Britain, Canada, and New Zealand, because of concerns they are vulnerable to being hacked. Multiple intelligence and defence sources in Britain and Australia confirmed there is a written ban on computers made by the Chinese company being used in “classified” networks. The ban was introduced in the mid-2000s after intensive laboratory testing of its equipment allegedly documented “back-door” hardware and “firmware” vulnerabilities in Lenovo chips. ... _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5