From our front-page news:
I think it's safe to say that there is no such thing as true security anymore, because the news of poor security measures used in important agencies (government, banks) is never-ending. Take this latest case, where the FBI found 3,500 pieces of counterfeit Cisco equipment in secure US networks, including networks used by the US military.
There's no telling how the counterfeit equipment got in, but it's strange that it's even possible to begin with. The US military of all places should be cautious about where they buy equipment from, but with counterfeit equipment on this scale, they were certainly not dealing with a reputable dealer. The issue isn't so much of whether the equipment works or not, because it does, apparently, but it's the fact that some of this hardware could have been modified prior to sale.
According to a Cisco, who checked out the counterfeit equipment, they did not find any evidence of any re-engineering. Rather, the equipment likely just used reliable non-Cisco-provided parts and had a very believable Cisco badge slapped on. It's still amazing how this can happen, though, given how much money the US government tosses around every day. Purchasing legit Cisco products seems to make all the sense in the world.
<table align="center"><tbody><tr><td>
</td></tr></tbody></table>
The threat of gaining access to secure systems via backdoors and exploits in hardware is real. Researchers at the University of Illinois were able to modify a Sun Microsystems SPARC processor by altering a data file on the chip. The chip altered was used in automated manufacturing systems and the modifications allowed the researchers to steal passwords from the system the processor was used in.
Source: DailyTech
There's no telling how the counterfeit equipment got in, but it's strange that it's even possible to begin with. The US military of all places should be cautious about where they buy equipment from, but with counterfeit equipment on this scale, they were certainly not dealing with a reputable dealer. The issue isn't so much of whether the equipment works or not, because it does, apparently, but it's the fact that some of this hardware could have been modified prior to sale.
According to a Cisco, who checked out the counterfeit equipment, they did not find any evidence of any re-engineering. Rather, the equipment likely just used reliable non-Cisco-provided parts and had a very believable Cisco badge slapped on. It's still amazing how this can happen, though, given how much money the US government tosses around every day. Purchasing legit Cisco products seems to make all the sense in the world.
<table align="center"><tbody><tr><td>
</td></tr></tbody></table>
The threat of gaining access to secure systems via backdoors and exploits in hardware is real. Researchers at the University of Illinois were able to modify a Sun Microsystems SPARC processor by altering a data file on the chip. The chip altered was used in automated manufacturing systems and the modifications allowed the researchers to steal passwords from the system the processor was used in.
Source: DailyTech