Results 1 to 12 of 12
  1. #1
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,357
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts

    Need to suspect tampering even with hardware?

    Rui
    -------
    R4

  2. #2
    4 Star Lounger access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    566
    Thanks
    51
    Thanked 42 Times in 39 Posts
    "We're doomed, we're all doomed" - Private James Frazer
    "Don't panic, don't panic!" - Corporal Jack Jones (This said as he panics)

    It's interesting that most IT projects fail and the bigger they are, the more likely they will fail. Some of the posts re this and Google et all - I wonder if these will ultimately fail because no one can get their head round what's required. There is a likelihood that the snoops will just die under the weight of all that data.

    Excuse me, there's a banging at the door....

  3. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,357
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by access-mdb View Post
    "We're doomed, we're all doomed" - Private James Frazer
    "Don't panic, don't panic!" - Corporal Jack Jones (This said as he panics)

    It's interesting that most IT projects fail and the bigger they are, the more likely they will fail. Some of the posts re this and Google et all - I wonder if these will ultimately fail because no one can get their head round what's required. There is a likelihood that the snoops will just die under the weight of all that data.

    Excuse me, there's a banging at the door....
    There is ground to be suspicious. Bruce Schneier, the reputed security specialist that wrote the linked post, has had access to Edward Snowden's documents, given to The Guardian. From those documents, legitimate suspicions that encryption manufacturers weakened their products to allow NSA access can be raised... and now this.

    This is not entirely new. In a similar, albeit not entirely related matter, chinese telecom manufacturers are not seen as reliable by some US legislators...
    Don't know whether it happens or not, but there is no harm in being informed.
    Rui
    -------
    R4

  4. #4
    4 Star Lounger access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    566
    Thanks
    51
    Thanked 42 Times in 39 Posts
    Sorry Rui, you're quite right. I still wonder however, if these people are as clever as they like to think they are - but through what they do, all sorts of bad things could happen...

  5. #5
    3 Star Lounger
    Join Date
    Mar 2010
    Location
    USA
    Posts
    252
    Thanks
    46
    Thanked 32 Times in 25 Posts
    IMO, the article should be in those newspapers where you see at supermarket checkouts ... together with gossip magazines.

    If I say, "Easy to sabotage a dollar: just change the ink!" You may laugh. And that's why I laugh at this 'doping' crap.
    Or, how about add a little bit of sand (read: silicon) to the semiconductor wafer? Or dial down the furnace temperature?
    You don't have to do all thaaat to kill the million/multimillion dollar project (wafer runs and masks are extremely expensive). If you're that close to them, spit on it or just breathe on it (contaminating it). Voila! It's trash.
    Even if an ordinary person sees a mask set, he/she probably would not know what it is, let alone creating a minor hidden change.
    It might be easier to change/modify one digit of the government banknote. At least we know a note or a bank check looks like.
    A brief and a very general description on semiconductor processing:
    1. Cut to thin wafer of pure silicon.
    2. Expose entire wafer to chemicals or chemical vapors to properly dope the pure silicon wafer to target properties.
    3. Lay down first mask. Expose to chemicals again. Only the unmasked locales are affected by chemicals.
    4. Repeat 3. several times to form transistors and components.
    5. Lay down metal mask and expose to metalized vapor or chemicals. Exposed areas of the wafer form interconnects.
    6. Repeat 5. several times to form multilayer interconnects.
    7. More masks to finish and add protection layers to the wafer.
    There are many more improved and/or proprietary processing methods and optical methods, ultraviolet, x-ray optical for examples. Electron beam direct write is another example.
    It is like cooking an apple pie but in super hot furnace and in nano scale. Need teams of know-how people. Check and recheck. Cannot afford a single mistake. Yes, a single mistake. Sometimes ,a single mistake blows millions. And that's not important! It is weeks late!
    So, you see? You don't have to go so sophisticated to 'dope and stuck a logic gate'. Just one guy drinks too much beer and makes ONE mistake. And that is enough. Just a 6-pack!

  6. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,357
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by scaisson View Post
    IMO, the article should be in those newspapers where you see at supermarket checkouts ... together with gossip magazines.

    If I say, "Easy to sabotage a dollar: just change the ink!" You may laugh. And that's why I laugh at this 'doping' crap.
    Or, how about add a little bit of sand (read: silicon) to the semiconductor wafer? Or dial down the furnace temperature?
    You don't have to do all thaaat to kill the million/multimillion dollar project (wafer runs and masks are extremely expensive). If you're that close to them, spit on it or just breathe on it (contaminating it). Voila! It's trash.
    Even if an ordinary person sees a mask set, he/she probably would not know what it is, let alone creating a minor hidden change.
    It might be easier to change/modify one digit of the government banknote. At least we know a note or a bank check looks like.
    A brief and a very general description on semiconductor processing:
    1. Cut to thin wafer of pure silicon.
    2. Expose entire wafer to chemicals or chemical vapors to properly dope the pure silicon wafer to target properties.
    3. Lay down first mask. Expose to chemicals again. Only the unmasked locales are affected by chemicals.
    4. Repeat 3. several times to form transistors and components.
    5. Lay down metal mask and expose to metalized vapor or chemicals. Exposed areas of the wafer form interconnects.
    6. Repeat 5. several times to form multilayer interconnects.
    7. More masks to finish and add protection layers to the wafer.
    There are many more improved and/or proprietary processing methods and optical methods, ultraviolet, x-ray optical for examples. Electron beam direct write is another example.
    It is like cooking an apple pie but in super hot furnace and in nano scale. Need teams of know-how people. Check and recheck. Cannot afford a single mistake. Yes, a single mistake. Sometimes ,a single mistake blows millions. And that's not important! It is weeks late!
    So, you see? You don't have to go so sophisticated to 'dope and stuck a logic gate'. Just one guy drinks too much beer and makes ONE mistake. And that is enough. Just a 6-pack!
    I think you missed the whole point.
    Rui
    -------
    R4

  7. #7
    4 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    467
    Thanks
    72
    Thanked 5 Times in 5 Posts
    Quote Originally Posted by ruirib View Post
    bruce once applied to work for my security consultancy before he made it big on his own
    that said as full disclosure

    i do not have a lot of faith in much of what bruce says

    there are much worse things that are being done to chips
    both by us
    and presumably by foreign companies that our military buys chips from

    i know that our IFF chips that we sell to other countries have a back door
    so we can spoof them and also verify they are not trying to use them to spoof us

    presumably there are many back door/trojans/scumware things that our security folks
    are getting deliberately designed into chips both to hack us as well as the enemy (assuming there is a difference).

    for all you know the old DES algorithm that presumably did not have a back door into it was secure,
    but the chips that implemented it could have had one that told nsa how to decrypt that chips message.

    fast forward and all bets are off. nsa/srv/mossad/whoever are all trying EVERY way to get access to ALL our content no matter how we try to hide it.

  8. #8
    3 Star Lounger
    Join Date
    Mar 2010
    Location
    USA
    Posts
    252
    Thanks
    46
    Thanked 32 Times in 25 Posts
    What I tried to say previously is that the original article tries to be hi-tech using technical words. Do it to attract attention.
    The semiconductor processing steps are very delicate, easy to make mistakes, not to mention sabotage. But the whole thing has nothing to do with technology and semiconductor processing.

    It has to do to with crying wolf and be heard. And to instill fear.
    If followed the advice, every manufacturing step needs a political officer or security officer looking over the worker's shoulder ...

    Are we going to make a baby step towards this 'goal', to create a vast security industry?

  9. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,357
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by scaisson View Post
    What I tried to say previously is that the original article tries to be hi-tech using technical words. Do it to attract attention.
    The semiconductor processing steps are very delicate, easy to make mistakes, not to mention sabotage. But the whole thing has nothing to do with technology and semiconductor processing.

    It has to do to with crying wolf and be heard. And to instill fear.
    If followed the advice, every manufacturing step needs a political officer or security officer looking over the worker's shoulder ...

    Are we going to make a baby step towards this 'goal', to create a vast security industry?
    That's an opinion. I consider Bruce Schneier a reputed voice in the security arena and the article he linked was written by academics. This means that, in principle, it expresses points of view that already have, or will be at some point, submitted to peer analysis. It does not sound to me to be the typical "cry wolf" stuff, sorry.
    Rui
    -------
    R4

  10. #10
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,177
    Thanks
    207
    Thanked 213 Times in 205 Posts
    I agree with you, Rui, it's worrisome.

    The tag line I took away from the article was "its a great example of the corrosive damage that the NSA has done to US cyber-security."

    In the past there was always someone who questioned the US government's intentions with regard to security, but in general people didn't worry that much about it.

    Now, however, with the Snowden revelations, I believe most people consider things out of control.

    Big Brother truly is watching you.

  11. #11
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,177
    Thanks
    207
    Thanked 213 Times in 205 Posts
    Here are some suggestions from Bruce Schneier on How to Remain Secure Against the NSA:

    https://www.schneier.com/blog/archiv..._remain_s.html

  12. #12
    4 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    467
    Thanks
    72
    Thanked 5 Times in 5 Posts
    i am not worried about nsa at all

    give me a way to keep out of the clutches of the IRS when the current whitehouse admin (either party) decides to use them as a weapon to beat me into doing what they want me to do

    Quote Originally Posted by mrjimphelps View Post
    Here are some suggestions from Bruce Schneier on How to Remain Secure Against the NSA:

    https://www.schneier.com/blog/archiv..._remain_s.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •