[Cryptography] Anyone else seen some odd shipping delays?

Thierry Moreau thierry.moreau at connotech.com
Fri Dec 4 12:31:58 EST 2015


Is paranoia a productive feeling? See below for details.

On 04/12/15 02:27 AM, Phillip Hallam-Baker wrote:
> Twice in the past week, I have ordered a computer and it has been
> subject to odd shipping delays and the UPS data makes no sense.
> I don't think it is seasonal, other stuff arrives fine. Only computers
> seem to be held up.

Two propositions:
a) you missed a simple explanation for delays and apparent non-sense,
b) irrespective of your findings, you will remain suspicious of what's 
inside these boxes full of firmware with peripheral access to potential 
subliminal channels.

Is your day job about designing crypto key management schemes where the 
most critical operations are performed in computing environments (e.g. 
an "open source HSM") where critical secret leakage risk is manageable?

(At least I think the last paragraph is a more productive use of my time.)

> So anyone have ideas for checking over a QNAP box to see what surprises
> might have been planted in the firmware?

For minimally related feedback, a shipment for a box equipped with wired 
and wireless interfaces had neat bar code labels on the outside of the 
box for the MAC addresses of both interfaces. I guess this is useful for 
feeding a database of [MAC address to customer shipment details] for 
mass surveillance support.

I guess the last trusted box I procured was a 80486-based desktop with a 
40GB hard disk found in the garbage in a city sector remote from where I 
live. Nonetheless, I do not plan future procurements with this strategy.


- Thierry

More information about the cryptography mailing list