Senate Unanimously Approves Bill To Ban Purchase of Huawei Equipment With Federal Funds (thehill.com) 53
The Senate unanimously approved legislation on Thursday that would ban the use of federal funds to purchase telecommunications equipment from companies deemed a national security threat, such as Chinese group Huawei. From a report: The bipartisan Secure and Trusted Telecommunications Networks Act, which the House passed in December, bans the Federal Communications Commission (FCC) from giving funds to U.S. telecom groups to purchase equipment from companies deemed threats. The bill would require the FCC to establish a $1 billion fund to help smaller telecom providers to rip out and replace equipment from such companies, and to compile a list of firms seen as posing a threat to telecom networks.
That's pretty big for a lot of schools and stuff (Score:2)
Huawei produces more than just telecom equipment. Tablets, computers etc. are all produced at bottom market prices. Schools and Universities love to purchase these.
Re: (Score:2)
I had no issues with Huawei phones and tablets. If you haven't been following, they do produce high end hardware. High end huawei mobile hardware is comparable to Samsung. And I was pleasantly surprised to see my huawei phone receive security updates almost every month.
Re: (Score:3)
Then buy the product that doesn't come from Winnie the Pooh
Re:That's pretty big for a lot of schools and stuf (Score:5, Funny)
But it comes with a free honey pot.
Re: That's pretty big for a lot of schools and stu (Score:2)
Thatâ(TM)s smarter than the average joke.
Re: (Score:2)
Concentration camps? Check. Horrifying atrocities? Check. 99.9% criminal conviction rate? Check. "Everything in the state, nothing against the State, nothing outside the state"? Check.
Yep, it checks out.
https://www.nbcnews.com/news/w... [nbcnews.com]
https://en.wikipedia.org/wiki/... [wikipedia.org]
http://www.worldfuturefund.org... [worldfuturefund.org]
Re: (Score:2)
"China Tribunal"? What a great PR con operation. Thanks for the laughs. Need to think about setting up something like "International Court of Liberty Justice" in my spare time.
Re: (Score:2)
Concentration camps? Check. Horrifying atrocities? Check. 99.9% criminal conviction rate? Check. "Everything in the state, nothing against the State, nothing outside the state"? Check.
Yep, it checks out.
https://www.nbcnews.com/news/w... [nbcnews.com] https://en.wikipedia.org/wiki/... [wikipedia.org] http://www.worldfuturefund.org... [worldfuturefund.org]
Not really. Especially the organ harvesting "china tribunal" article is full of shit attempt to distract from the real source of black market organs - the conflict zones.
KLA established that practice in Kosovo with active assistance of NATO and western security services. In order for the organs to be transplanted (when used locally - patient arriving for transplant) and/or transported the "customer" aircraft landed at the NATO controlled Pristina airport traversing the air traffic control zone of NATO cou
Re: (Score:2)
But strangely American capital did happily business with Germans AND Soviets. The extent of American capital in the early Soviet industrialization is staggering, while IBM provided equipment helping Nazi's catalogue its population, including keeping track of the German Jews quantity and whereabouts.
Re: (Score:2)
Hold up... so having done something wrong is an excuse to do something wrong? I mean... sorry boss, I fucked up... can I just you know... continue to keep fucking up? How about it?
No one is perfect but to use excuses like this as a defense is bad form. Is America perfect? No...
But your you logic just said... we Atom Bombed Japan twice... lets kick a few more nations in the nuts again!
Re: (Score:2)
Bombing Japan with the big bombs saved numerous Japanese lives compared to continuing to bomb them with lots of the little bombs. Ending the war was a good thing.
Re: (Score:2)
Yup, no use in learning from the past. Every crime must be punished for generation even by people that had no part in it.
Re: (Score:2)
Did you see that Tom Steyer is pushing hard for reparations to blacks for slavery? People who never owned slaves will pay people who never were slaves for slavery. Genius!
what ABoot (Score:1)
closing the stable door after the horse has bolted (Score:3)
A better plan might be to establish a policy to audit equipment for security, regardless of where it is manufactured.
Better because banning the purchase of Huawei leaves wide-open other opportunities for intrusion through both intentional and unintended manufactured-in exploits. Another reason is that the legislation continues to deny purchases of Huawei equipment even if Huawei cleans up its act, which is unjust and inefficient.
This looks more like Congress selling out to the protectionist lobbying of Huawei's competitors than any sincere attempt to improve security, playing to public anti-China and anti-trade sentiments. Though not purely, because the threat of permanent legislative ban on federal purchases has some effect to discourage nefarious acts from other manufactures. Though the effect is also to incentivize development of more effectively covert means of intrusion.
Open source mandates would helpful, if there were a practical way to verify hardware for conformance to a published design. Maybe if the designs in a hardware description language were published, the entire software toolchain was published, the die layouts were published and silicon on the actual hardware was sampled and imaged and matched to those layouts, then that would work. Uncertain if that is feasible mandate though, the response might be "not selling to you if you require that."
Re: (Score:2)
A better plan might be to establish a policy to audit equipment for security, regardless of where it is manufactured.
You can't trust the congress to produce sensible legislation on technical matters. Most of the senators have degrees in law and humanities, and very few in science or technology.
Re: (Score:2)
A better plan might be to establish a policy to audit equipment for security, regardless of where it is manufactured.
Even better would be to require all routers bought by the Feds to have open-source firmware. Then a meaningful audit can be done by anyone.
Re: (Score:2)
A better plan might be to establish a policy to audit equipment for security, regardless of where it is manufactured.
Even better would be to require all routers bought by the Feds to have open-source firmware. Then a meaningful audit can be done by anyone.
Not so much. The firmware can be flawless, pass an audit and withstand thorough public scrutiny and yet the hardware can be compromised. For example, the hardware could simply not report what is the actual firmware and hide away additional hidden programs which it never reports.
Re: (Score:2)
There is always some level of security risk. An exploit could be in software, firmware, hardware, the compiler, or a brain implant in the auditor. But deeper levels are far more difficult and less plausible.
Building an exploit into hardware is way more difficult than doing it in firmware, and will require a lot of additional silicon that will increase cost and power consumption, which means nobody buys the routers.
Re: (Score:2)
Re: (Score:2)
This is all fine and dandy before someone inserts one line like "#include backdoors.c" prior the final build of firmware.
Re: (Score:2)
This is all fine and dandy before someone inserts one line like "#include backdoors.c" prior the final build of firmware.
If end users have the source, they can compile the firmware themselves and reflash their devices.
Re: (Score:2)
Re: (Score:2)
Router firmware is written in C/C++.
Re: (Score:2)
Because the International Obfuscated C Code Contest [ioccc.org] has not conclusively shown that audits are not a guarantee of anything.
Re: (Score:2)
Because the International Obfuscated C Code Contest [ioccc.org] has not conclusively shown that audits are not a guarantee of anything.
I am aware that IT security folk prefer to speak in terms of guarantees and agree that it is useful in some contexts, such as proofs of the effectiveness of encryption algorithms. Yet, practically, if 1-bit encryption keeps my grandmother out of my porn 50% of the time then that is an improvement over no encryption. Audits which reduce risk of intrusion are not a guarantee, yet that does not imply that they are not helpful or should be abandoned. Along the same lines, code reviews are no guarantee agai
Re: (Score:3)
A better plan might be to establish a policy to audit equipment for security, regardless of where it is manufactured.
You mean finding all those Cisco backdoors? The NSA will not like that...
Re: (Score:3)
Re: (Score:2)
I read that as backdoors in Cisco equipment put there by the NSA.
Re: (Score:2)
Re: (Score:3)
The devices were shipped from Cisco *without* any backdoors.
Because they already gave the NSA keys to the frontdoor. And left all the windows open. Also a wall was missing.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
So you missed all those convenient "bugs" Cisco equipment had in the last few years? Well, you obviously do not know that this is a primary strategy for camouflaging backdoors.
The only other option is that Cisco developers are exceptionally incompetent and they do not do any meaningful internal code reviews at all. That would be worse.
Re: (Score:2)
Re: (Score:2)
And you just show you are even more clueless. Do you have any actual qualifications in this area? I guess not. You just have a big mouth.
First, there is a timeline for the different actions. Second, there are different types of backdoors and it is desirable tho have more than one in place. And third, a somewhat competent target can detect modified firmware given a reference system, but that does not work for bugs. Also, bug-type backdoors eventually can be discovered by others and then they are gone and new
Re: (Score:2)
you are spreading misinformation either ignorantly or maliciously.
He does it every day and continues even if you correct him, so it appears to just be malicious.
Especially when on other subjects he isn't so stupid. He clearly knows better.
Re: (Score:2)
Especially when on other subjects he isn't so stupid. He clearly knows better.
Hahaha, funny. On this subject, I happen to be an actual expert. Of course, in the IT Security field, even the most clueless morons think they know how things work and that can lead to them finding actual expert statements outlandish and not credible.
Re: (Score:2)
Especially when on other subjects he isn't so stupid. He clearly knows better.
Hahaha, funny. On this subject, I happen to be an actual expert.
That doesn't help your case. In the slightest.
Socrates found the same thing, a few years back; none of the purportedly wise men had any clue at all what led to their success, and most of them cited factors that actually interfered with their success but that they had overcome by luck or assistance.
Here, you presume that because you see yourself as an expert, whatever words you bleet must be wise. Even though the actual meaning of the words you bleeted might be completely false. But because you see yourself
Re: (Score:2)
Especially when on other subjects he isn't so stupid. He clearly knows better.
Hahaha, funny. On this subject, I happen to be an actual expert.
That doesn't help your case. In the slightest.
It does not need to help me. I have no interest in convincing big-ego-small-skills people like you. I am just mocking you.
Re: (Score:2)
Oh, my, what an impressive epeen you described.
I have no doubt you'll report being very satisfied with it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Nope. You did not "correct" me. You made a completely ridiculous claim that the NSA would use just this one way to add backdoors.
Re: (Score:2)
This looks more like Congress selling out to the protectionist lobbying of Huawei's competitors
*cough* Cisco *cough*
What about... (Score:2)
What about all of the Huawei equipment that has already been installed?
What about any other equipment that is already installed?
It may be worthwhile to invest some time, money, and effort on checking up on these devices.
misread that one (Score:2)