[Cryptography] This is why we have Stuxnet
Perry E. Metzger
perry at piermont.com
Mon Mar 21 21:23:46 EDT 2016
On Mon, 21 Mar 2016 05:59:26 +0000 Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> I usually do embedded cross-development under Linux, typically with
> some hacked-up ancient version of gcc and obtuse command-line
> utilities that fail with cryptic error messages until you've spent
> several hours hacking around with them. This time though I had to
> use Windows because getting the drivers going under Linux just
> wasn't working. So I go to the web site of the $20B global
> hardware vendor that makes this stuff and download their SDK tools.
[Terrifying story of incompetence elided.]
> I think we need to treat any embedded device developed via this
> vendor as pre- compromised. And that includes the aerospace and
> military ones.
But you haven't let us in on who the vendor is.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list