Discuss Now the pentagon is creating a list of not to use software

upnorth

Level 24
Verified
Joined
Jul 27, 2015
Messages
1,342
#3
Pushing out a list of software that people/governments shouldn't buy/use, but aren't the actual security issue within there own softwares/setup?
a string of cyber attacks that officials said put hackers working on behalf of the Russian government in a position where they could manipulate some industrial systems used to control infrastructure, including at least one power generator.
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,650
OS
Other OS
#6
Wonder how they are going to stop utilizing China, does this mean yanking hardware too? :emoji_thinking:
This is already enforced with TAA compliance. For example while some components of a Fortinet may(and are) made in China, the product is 'significantly' US because the testing, R&D, software and final assembly would be in the USA to meet TAA requirements.

This has been going on for a long time with manufacturers.
 
I

illumination

Guest
#7
This is already enforced with TAA compliance. For example while some components of a Fortinet may(and are) made in China, the product is 'significantly' US because the testing, R&D, software and final assembly would be in the USA to meet TAA requirements.

This has been going on for a long time with manufacturers.
Same standards they used when all those back-door devices/parts were discovered flooding into the US?
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,650
OS
Other OS
#8
Same standards they used when all those back-door devices/parts were discovered flooding into the US?
Nope. TAA is to meet govt. supplier certifications for 'significantly US' products. It doesn't apply at all to consumers unless the manufacturer declares their entire product line TAA compliant. Consumer stuff - good luck there. Backdooring TAA compliant stuff is going to be way harder for China. The reason is, those chips come in from one place, the board another, the caps another. All of it gets hand assembled in the USA after testing and validation. Then the software which is entirely made here gets loaded on and validates the hardware integrity. Backdooring it would generally require access to the development code and assembly line.
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,557
#9
Wonder how they are going to stop utilizing China, does this mean yanking hardware too? :emoji_thinking:
You cannot protect the nation by doing one without the other. But pffffff... figuring out how to do it without tanking the world economy. Almost easier to simply launch missiles and drop bombs. Same result. Less effort.
 
I

illumination

Guest
#10
You cannot protect the nation by doing one without the other. But pffffff... figuring out how to do it without tanking the world economy. Almost easier to simply launch missiles and drop bombs. Same result. Less effort.
Was kind of my point, but it got lost in translation, but as always, the sharp one enters for clarification ;) :)
 

ticklemefeet

Level 15
Verified
Joined
Jan 31, 2018
Messages
709
#11
Remember this one? Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say

" Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature. "