[kpremote]

For the past 30 years (a very long period of time), the U.S. has bought mountains upon moutains of crap from China, in both military and civilian sectors. But there is not even a single high-profile hardware backdoor incident publicised, except maybe the Bloomberg big hack fiasco. This tells you something.

[bArray]

> (please repeat after me, 30 years)

This is bad form.

> But there is not even a single high-profile hardware

> backdoor incident publicised. This tells you something.

Not so much. If the US military found a hardware backdoor, would they want to publicly tell their enemy that their strategy is effective? Not only this, but if they tell their enemies which ones they find, by doing so they also tell them which ones they haven't found.

The only reason details of these fakes were published was likely because the Chinese company couldn't reasonably be considered as acting maliciously in this regard. Rather, they were just trying to turn a quick buck.

[simion314]

>Not so much. If the US military found a hardware backdoor, would they want to publicly tell their enemy that their strategy is effective? Not only this, but if they tell their enemies which ones they find, by doing so they also tell them which ones they haven't found.

This thinking can be used to start real wars then, we know X has illegal weapons, trust us we have proof but we can't show it, sure years later after lots of deaths and bilions spent on war you find that it was all propaganda.

[bArray]

> This thinking can be used to start real wars then, we know

> X has illegal weapons, trust us we have proof but we can't

> show it, sure years later after lots of deaths and bilions

> spent on war you find that it was all propaganda.

That's not what I was talking about. What I discussing is security, you always need to assume the worst to build good defenses and information leakage only serves to help those who aim to break your security.

Going to war is another thing altogether. Having overly good defenses have little consequence (beyond primary resources such as time and money). The consequence of fighting a war without good reason can be extremely bad in every sense. That's why wars need to have consequences for those who incorrectly start them.

[simion314]

>That's not what I was talking about. What I discussing is security, you always need to assume the worst to build good defenses and information leakage only serves to help those who aim to break your security.

Assuming is not the same as accusing, I am OK if you say that for national security all sensitive hardware needs to pass some criteria, what I do not agree is "we know X has backdorrs,weapons but we can't show it to you because we don't want them to know what we know"

[freeflight]

So instead they leave backdoors in thousands of servers, affecting almost 30 U.S. companies, storing personal and private data on millions upon millions of people?

Even if the US military wants to keep them in place, as to "not to tip off the Chinese", I'm pretty certain those companies CISO's would not go along with that.

All it would take is just one guy with access to the hardware to leak a sample of this imaginary "Chinese super chip" to then make the story: "US military forces US tech companies to keep Chinese spy-chips in place", the blowback to that would extremely nasty and uncontrollable.

Sorry, but no matter how "The Big Hack" is spun, it remains a prime example of FUD [0].

[0] https://en.wikipedia.org/wiki/Fear,_uncertainty,_and_doubt

[acct1771]

98%+ of us have no authority to speak on what microcode is doing on 98%+ of chips out there.

Please do not speak generally and authoritively.

[freeflight]

On that basis, you shouldn't trust any chip on any piece of hardware out there, ever.

It's also not "me" speaking on authority, I'm merely going by what the actual authorities and responsible people are saying [0]. I mean, this was months ago, still no actual samples of that chip, still no CVE out about any of it.

[0] https://www.theguardian.com/commentisfree/2018/oct/13/tech-g...

[acct1771]

I don't.

We don't, from what I've seen.

We've (the "community"?) have been trying to build/have built phones without baseband backdoors/hardware killswitches, chips without Intel Management Engine, etc.

Feel free to check out those threads if you've missed them.

This isn't about a specific case, by the way. This is the reality of the state of chip production.

[kpremote]

Sorry, I see you replied before I edited that out. Apologize. They may not want to reveal details, but even not to the various Congressional committees for more funding (among many reasons) to fight back the enermy? The U.S. Congress could publicly condemn these kind of bad doings by China without publishing details. Plus, in the U.S. information has lots of ways to leak out, from Snowden to some pesky jounalists.