Hacker News new | past | comments | ask | show | jobs | submit login

That's not how this will be applied. Instead, I think, they will go after devices that don't contain government backdoors.



> don't contain <the correct> government backdoors.

Fixed that for you. :/


Any backdoor can be used by any government. It may take time, but it will be found and exploited. All they're doing is passing the buck... your buck, that is.


Which devices have government backdoors?


Aside from Cisco, Juniper has not exactly been forthcoming about backdoors:

https://www.wired.com/2016/01/new-discovery-around-juniper-b...

If my job were to ensure backdoor access to everything I could, at least to get started I'd sort a list of hardware vendors by marketshare.


Cisco iirc


Sounds like it: https://tools.cisco.com/security/center/content/CiscoSecurit...


Source?


See CVE: https://www.cvedetails.com/vulnerability-list.php?vendor_id=...

At some point you have to think these are deliberate.


Like the deliberate ones from TP-Link?


Extraordinary claims require extraordinary evidence. All I see are a lot of CVEs.


If not intentional, it at least points to a culture that cannot be trusted with producing secure devices.


Does it though? Are you a SWE?


Given the number of times that a hard-coded password has been distributed on Cisco gear, yeah, I think it points to a cultural failure.


That happened 15 years ago dude, on Linksys gear. The first CVE on that list is probably older than a few of the commenters on this thread.


A cursory internet search reveals several that popped up within the past decade on Cisco's gear. Hard-coded passwords are table stakes, if that slips through, what else is lurking beneath the surface?

Network hardware is to operate in the adversarial landscape which is the open internet. It requires an extreme, exhaustive workflow to ensure bugs do not slip through. That we repeatedly see these failures does not raise confidence.

- 2016-01 https://tools.cisco.com/security/center/content/CiscoSecurit...

- 2018-03 https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-2018...

- 2018-10 https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-2018...

- 2019-07 https://tools.cisco.com/security/center/content/CiscoSecurit...

Edit: formatting


https://www.tomshardware.com/news/cisco-backdoor-hardcoded-a...


Cell phones are required to have them by law. https://www.youtube.com/watch?v=D5cAfEGhH5o


Almost all of them?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: