-
Have you read this news?
What do you thing of pfsense? I know it's a diferent market but, could it happen to it also?
-
For what its worth, yes….
-
It depends on what part of the article you're concerned about addressing. I'd be more worried about the persistent hardware attacks using HDD firmware that are a worry no matter what OS you run.
We've already had threads/debates about various aspects of the NSA issue with respect to pfSense, search the forum and mailing list (which had a really heated discussion).
The real threat would be the NSA obtaining access to your hardware either after you received it, or (!)before – Or they were able to gain access somehow through an attack remotely. It wouldn't be anything pre-loaded with the OS, unless it's something that is pulled in from a third-party source (e.g. FreeBSD, OpenSSL, etc)
-
Would they be able if using a hypervisor with no contact to the outside world??
-
Would they be able if using a hypervisor with no contact to the outside world??
I'm not sure anyone would be able to answer that with 100% certainty. As mentioned above, there is always a chance the hardware was touched before it ever reached you and then it may not matter what is running on the system, virtual or otherwise.
-
So… only way to be sure is to pull the plug… damn
-
So… only way to be sure is to pull the plug… damn
Yes, the power plug. Just removing all the network cables still leaves the possibility that they built-in a radio device of some sort in the hardware (I suppose you can also put your hardware in a Faraday cage. You just have to live with the fact that, unless you own your own chip fabrication… plant then you have to rely on the hardware+firmware manufacturer actually building just what is advertised, which it seems you can't.
-
It's interesting to speculate on what sort of code they could possibly install into the BIOS that would then allow them to access the box remotely at a later date. Even more so into the HD firmware.
I guess there are many server grade boards that have some out-of-band access system running at some low level independent of the OS. Most (all?) are still IP based though so you would be able to see the traffic. You'd be able to see it requesting an IP if it used DHCP. Perhaps the NSA have developed their own protocol that just looks like noise?Personally I dictate all my forum posts from inside my lead lined box. ;)
Steve
-
Now that researchers have some ideas where to look, it may only be a matter of time before the public gets more details from captured samples of what they actually have.
The program could possibly alter outgoing packets in a subtle way to inject some data here and there in padded fields or in other places. They probably have compromised routers or handoffs in between to gather the data and maybe even strip off the payload before delivering it to the destination. There are loads of possibilities if you have some leverage on both the endpoint and in the middle.
Side note: A GIS for "Faraday Cage Hat" has some really interesting/weird things in it.
-
Yes and it will be facinating to find out what's out there. Given the rest of the revelations I'm sure it'll be beyond anything I've imagined.
I'm struggling to see how an altered hd firmware could be remotely accessible. Something in the spec allows the hd to run some compatibility code on the CPU? I would think that NIC firmware would be a better target.Steve
-
This is all very depressing. Can Hifn and other accelerators be trusted? Intel AES-NI? Probably not.
-
Who can you trust? No-one.
FVEY nations are US, UK, Australia, Canada, and New Zealand, and if they're not doing it, the EU certainly will, which includes Germany and if not them then who?
Well, definitely Russia, China, Japan, Korea, and there's absolutely no question about North Korea and Israel. Those last two are fanatics and snakes.The question then becomes..what?
And the the answer is 'Collectivism'. Without a doubt, it's a competition on the centuries old question of, 'Who Will Control?' irrespective of who says what and the labels, names, or ideologies adopted.
Remember, if you adopt an ideology, you won't see or recognize truth. This is subversion and the only way to counter that is realisation…and if you've never realised, or considered anything about the NSA since Snowden revelations, then you're naive and subverted. How are those 'conspiracy nuts' looking now?
-
To sum it up … A War between Good and Evil is coming ....
-
We need an open hardware revolution. I VOLUNTEER AS TRIBUTE. J/k I know nothing about hardware design or EE.
I second the suspicion on CPU compromise, including but not limited to instruction sets like AES-NI. Or NIC compromise. And it turns out that a lot of the microcontrollers on a motherboard are hackable/tweakable. Keyboard controllers, USB microcontrollers, HDD and flash-based storage microcontrollers…
Also, can anyone well-versed in IPv6 and/or IPSec tell me if there's any integrity checking/HMAC that is native to IPv6 that can be implemented that can improve the future of the publicly routeable Internet? I don't think the world is ready for IPv6, but I don't know much about it. I wonder what NSA/GCHQ and other nation-states have in the works to monitor IPv6 traffic.
-
I wonder what NSA/GCHQ and other nation-states have in the works to monitor IPv6 traffic.
I would be amazed if they weren't monitoring everything already. Honestly if these guys aren't using IPv6 then what hope is there. :P I guess they might have some old tools that are IPv4 only but with their resources I shouldn't have thought that will hold them back for more than a day. The more likely scenario IMHO is that at some point a large amount of the internet is going to be forced to go IPv6 whether they're ready or not and at that point there will be a vast number of badly/misconfigured routers and firewalls making GCHQs job much easier.
Steve
-
Is it just me, but it seems some of the high traffic web sites for the past week or so are significantly slower?
Ping time to the gateway in normal ….. shouldn't be getting lag ...... I can only assume that large internet providers have begun throttling since the FCC lost the War against Net Neutrality?
You do know with Net Neutrality being killed its going to kill a lot of the small players on the web ..... And the corrupt corporate thugs will own the internet just as the own cable TV. I see this as a hostel takeover by the corporations to disrupt and take control of the FREE flow of uncensored information. You know there will be more and more regulations that will be passed in the future only to give the corporations/governments more power and control over the internet. This is not going to end well fokes ....
How do you think this will affect you in the coming years?
-
The FCC isn't giving up on Net Neutrality: http://www.computerworld.com/s/article/9246443/FCC_will_set_new_net_neutrality_rules
But maybe they'll just buy their way into the standards: A "trusted proxy"? No thanks.
And of course they could just do what they want anyway.
-
It's hard for me to get a grasp on this because here in the UK the broadband market is so different.
Any idea just how much Netflix traffic, for example, is being throttled? What level of bandwidth is required to watch some thing in HD? Are they throttling to a level that is deliberately just below the minimum required to watch uninterrupted?Steve
-
Its basically targeted mafia style extortion tactic.
Examples:
-
If you don't pay us this amount $$$$$$ we will throttle your users down to a crawl.
-
We are throttling your users, if you don't pay us this amount $$$$$$ we will continue throttling your users, or maybe even block your site/apps from our networks all together.
-
We don't like your content, we are going to slow your users down to a crawl.
-
Your content is competing with our content, we are going to block your site from our network.
-
We don't like your content, we are going to block your site from our networks.
-
Government doesn't like your content, we are going to block your site from our networks.
-
Government doesn't like your content, we are going to slow your users down to a crawl.
List goes on and on…...........
Why do you think Google announced new build outs of fiber in major city's …... https://fiber.google.com/newcities/ They are going to try and side step the Mafias toll fees and charge their own fees for there products and services.
Most Free web services will disappear in the future because the Mafia will incur financial burdens on site/app owners. This is going to be a disaster as the corporations will put the squeeze on entrepreneurs. Freedoms will fade into the sun set, and only darkness will exist …. The Evil Corporate Empire wins again... :-[
-
-
So it's not good then. :P
I see that Netflix has just caved. The start of the slippery slope. :-\
Steve
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.