On Tue, Dec 31, 2013 at 10:04 AM, Hannes Frederic Sowa <hannes@stressinduktion.org> wrote:
... There is a very big difference e.g. I (and a lot of other people too, I guess) will react to vendors whose debug interfaces where just hijacked by the NSA to install backdoors and where the vendors worked hand in hand with the NSA to do so deliberately.
agreed. we've got some years to wait for a definitive full picture. http://cryptome.org/2013/11/snowden-tally.htm - 932 pages (~1.6%) of reported 58,000. NSA head claims 200,000 (~.40% of that released)
If such FUD is spread against vendors, which in my opinion, do actually have a valid interest in trying to stop those back doors, what do you think will a lot of members of this community do?
vendor responses are fairly self evident. bad: RSA less-bad: Cisco good/proactive: SilentCircle etc,... we could get into details of what makes a good vendor response vs. one that is clearly weasel worded accountability deflection, don't think this list is the place however.
Until now I saw no facts that I distrust the major hardware vendors.
then you're not paying attention :)
I don't want to see what the PR persons on those accused companies' twitter feeds will have to go through now. I guess lots of overreaction is happening now, which is not helpful at all.
corporate media sucks to more or less degree; i feel bad for anyone who touches it. glad it's not my problem! best regards,