[Cryptography] This is why we have Stuxnet

Perry E. Metzger perry at piermont.com
Mon Mar 21 21:23:46 EDT 2016


On Mon, 21 Mar 2016 05:59:26 +0000 Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> I usually do embedded cross-development under Linux, typically with
> some hacked-up ancient version of gcc and obtuse command-line
> utilities that fail with cryptic error messages until you've spent
> several hours hacking around with them.  This time though I had to
> use Windows because getting the drivers going under Linux just
> wasn't working.  So I go to the web site of the $20B global
> hardware vendor that makes this stuff and download their SDK tools.

[Terrifying story of incompetence elided.]

> I think we need to treat any embedded device developed via this
> vendor as pre- compromised.  And that includes the aerospace and
> military ones.

But you haven't let us in on who the vendor is.

Perry
-- 
Perry E. Metzger		perry at piermont.com


More information about the cryptography mailing list