What the hell can be done with this trinity?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Dec 30 15:59:37 PST 2014
Badbiosvictim <badbiosvictim at ruggedinbox.com> writes:
>USPS interdiction of routers, computers, packages and mail has little over
>sight. USPS attempted to censor report of failure to follow safeguards.
There's actually a security standard that's supposed to deal with this sort of
thing, FIPS 140 (people who have seen my previous posts about what a waste
of... well, everything FIPS 140 is should see what's coming here :-). If you
recall the Snowden-provided NSA photos of their people intercepting Cisco gear
in transit and adding supplementary functionality to it:
* The physical seals are applied after it reaches its destination. You order
a special "FIPS kit" consisting of (allegedly) tamper-evident stickers that
you apply to the gear after the NSA has tampered with it.
* Since your $40,000 router doesn't come with the stickers that you need for
FIPS 140 compliance, you have to order them specially. No-one bothers (the
description I got was "in the n years I've been involved with this, I can
count the number of customers who've done it on the fingers of one hand").
* No-one who works with the gear has any idea what a tampered sticker would
look like, but in any case they're never checked once applied.
Still, at least there's a government standard for it.
Peter.
More information about the cypherpunks
mailing list