[Cryptography] Anyone else seen some odd shipping delays?
thierry.moreau at connotech.com
Fri Dec 4 12:31:58 EST 2015
Is paranoia a productive feeling? See below for details.
On 04/12/15 02:27 AM, Phillip Hallam-Baker wrote:
> Twice in the past week, I have ordered a computer and it has been
> subject to odd shipping delays and the UPS data makes no sense.
> I don't think it is seasonal, other stuff arrives fine. Only computers
> seem to be held up.
a) you missed a simple explanation for delays and apparent non-sense,
b) irrespective of your findings, you will remain suspicious of what's
inside these boxes full of firmware with peripheral access to potential
Is your day job about designing crypto key management schemes where the
most critical operations are performed in computing environments (e.g.
an "open source HSM") where critical secret leakage risk is manageable?
(At least I think the last paragraph is a more productive use of my time.)
> So anyone have ideas for checking over a QNAP box to see what surprises
> might have been planted in the firmware?
For minimally related feedback, a shipment for a box equipped with wired
and wireless interfaces had neat bar code labels on the outside of the
box for the MAC addresses of both interfaces. I guess this is useful for
feeding a database of [MAC address to customer shipment details] for
mass surveillance support.
I guess the last trusted box I procured was a 80486-based desktop with a
40GB hard disk found in the garbage in a city sector remote from where I
live. Nonetheless, I do not plan future procurements with this strategy.
More information about the cryptography