Now the pentagon is creating a list of not to use software

  • Thread starter ForgottenSeer 69673
  • Start date

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Pushing out a list of software that people/governments shouldn't buy/use, but aren't the actual security issue within there own softwares/setup?
a string of cyber attacks that officials said put hackers working on behalf of the Russian government in a position where they could manipulate some industrial systems used to control infrastructure, including at least one power generator.
 
F

ForgottenSeer 69673

Thread author
Pushing out a list of software that people/governments shouldn't buy/use, but aren't the actual security issue within there own softwares/setup?

Yes I read an article yesterday where they said now the Russian military hackers are going into US power grids and not election meddling. At least not for now.
 
F

ForgottenSeer 58943

Thread author
Wonder how they are going to stop utilizing China, does this mean yanking hardware too? :unsure:

This is already enforced with TAA compliance. For example while some components of a Fortinet may(and are) made in China, the product is 'significantly' US because the testing, R&D, software and final assembly would be in the USA to meet TAA requirements.

This has been going on for a long time with manufacturers.
 
  • Like
Reactions: oldschool and Brie
I

illumination

Thread author
This is already enforced with TAA compliance. For example while some components of a Fortinet may(and are) made in China, the product is 'significantly' US because the testing, R&D, software and final assembly would be in the USA to meet TAA requirements.

This has been going on for a long time with manufacturers.
Same standards they used when all those back-door devices/parts were discovered flooding into the US?
 
F

ForgottenSeer 58943

Thread author
Same standards they used when all those back-door devices/parts were discovered flooding into the US?

Nope. TAA is to meet govt. supplier certifications for 'significantly US' products. It doesn't apply at all to consumers unless the manufacturer declares their entire product line TAA compliant. Consumer stuff - good luck there. Backdooring TAA compliant stuff is going to be way harder for China. The reason is, those chips come in from one place, the board another, the caps another. All of it gets hand assembled in the USA after testing and validation. Then the software which is entirely made here gets loaded on and validates the hardware integrity. Backdooring it would generally require access to the development code and assembly line.
 
  • Like
Reactions: oldschool and Brie
I

illumination

Thread author
You cannot protect the nation by doing one without the other. But pffffff... figuring out how to do it without tanking the world economy. Almost easier to simply launch missiles and drop bombs. Same result. Less effort.
Was kind of my point, but it got lost in translation, but as always, the sharp one enters for clarification ;) :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top