What the hell can be done with this trinity?
Badbiosvictim
badbiosvictim at ruggedinbox.com
Tue Dec 30 16:06:04 PST 2014
Could you email me your past posts on FIPS 140 and the NSA rule? I would like to include them in a future post on /r/badBIOS on reddit.com. Thanks.
On December 30, 2014 6:59:37 PM EST, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>Badbiosvictim <badbiosvictim at ruggedinbox.com> writes:
>
>>USPS interdiction of routers, computers, packages and mail has little
>over
>>sight. USPS attempted to censor report of failure to follow
>safeguards.
>
>There's actually a security standard that's supposed to deal with this
>sort of
>thing, FIPS 140 (people who have seen my previous posts about what a
>waste
>of... well, everything FIPS 140 is should see what's coming here :-).
>If you
>recall the Snowden-provided NSA photos of their people intercepting
>Cisco gear
>in transit and adding supplementary functionality to it:
>
>* The physical seals are applied after it reaches its destination. You
>order
>a special "FIPS kit" consisting of (allegedly) tamper-evident stickers
>that
> you apply to the gear after the NSA has tampered with it.
>
>* Since your $40,000 router doesn't come with the stickers that you
>need for
>FIPS 140 compliance, you have to order them specially. No-one bothers
>(the
>description I got was "in the n years I've been involved with this, I
>can
>count the number of customers who've done it on the fingers of one
>hand").
>
>* No-one who works with the gear has any idea what a tampered sticker
>would
> look like, but in any case they're never checked once applied.
>
>Still, at least there's a government standard for it.
>
>Peter.
More information about the cypherpunks
mailing list