| ▲ | longislandguido 11 hours ago |
| > Vulnerabilities have nothing to do with country of manufacture. They have always been due to manufacturers' crap security practices. Sorry but this is merely a convenient excuse. Source: I have hard evidence of a Chinese IoT device where crap security practices were later leveraged by the same company to inject exploit code. It's called plausible deniability and it's foolish to tell me it's a coincidence. You're not going to convince me that a foreign state actor pressuring a company to include a backdoor wouldn't disguise it as a "whoopsie, our crap code lol" as opposed to adding in the open with a disclaimer on it. It's all closed source firmware. Even the GPL packages from most consumer router vendors are loaded with binary blobs. Tell me I should trust it. |
|
| ▲ | gobins 11 hours ago | parent | next [-] |
| Are you saying that other manufacturers don't do this? |
| |
| ▲ | cjk 11 hours ago | parent | next [-] | | If US manufacturers (or manufacturers in allied countries) do this, legal avenues exist to hold those manufacturers accountable. Not so with China. (That is not to say that the FCC change will move the needle on the underlying issue of router security; as some of the ancestor comments have said, lax security practices are common industry-wide, irrespective of country of development/manufacture.) | | |
| ▲ | lmm 3 hours ago | parent | next [-] | | > legal avenues exist to hold those manufacturers accountable Maybe in theory. I think the practical chance of enforcing anything meaningful through those legal avenues against a US manufacturer is not meaningfully higher than the chance of doing so against a Chinese manufacturer, so it doesn't make sense to treat them differently on these grounds. | |
| ▲ | pyrale 6 hours ago | parent | prev | next [-] | | The Snowden leak showed that Cisco routers had been altered to enable surveillance [1]. Whether or not the manufacturer is complicit, or how the alteration is performed is ultimately irrelevant to the end user. Ultimately, the only people that got in legal trouble for this were Snowden and people who provided service to him. [1]: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa... | | |
| ▲ | b112 an hour ago | parent [-] | | Actually it's entirely relevant how, in the context of this conversation. Here, we're discussing product as shipped, not product intercepted and modified. We're discussing if products are shipped secure or not. The Snowden disclosures are important, but not relevant in this case. |
| |
| ▲ | mindslight 10 hours ago | parent | prev [-] | | > legal avenues exist to hold those manufacturers accountable Oh, sweet summer child. Disclaiming these possible avenues of liability is the main goal of clickwrap "terms of service". |
| |
| ▲ | longislandguido 11 hours ago | parent | prev [-] | | Are you asking me if I have the master list of naughty and nice router manufacturers? No, I don't have it but you may check with Santa Claus. |
|
|
| ▲ | cowpig 11 hours ago | parent | prev | next [-] |
| What was the company, and what did they inject? |
| |
|
| ▲ | mindslight 11 hours ago | parent | prev | next [-] |
| And who hasn't seen American software companies where crap security practices are later leveraged by the same company to run exploits? It's of course always phrased in Orwellian terms of business practices, terms of service, "security", etc but we can still call a spade a spade. |
|
| ▲ | hrmtst93837 an hour ago | parent | prev [-] |
| [dead] |
