[Cryptography] This is why we have Stuxnet
Troy Benjegerdes
hozer at hozed.org
Mon Mar 21 22:42:59 EDT 2016
On Mon, Mar 21, 2016 at 09:23:46PM -0400, Perry E. Metzger wrote:
> On Mon, 21 Mar 2016 05:59:26 +0000 Peter Gutmann
> <pgut001 at cs.auckland.ac.nz> wrote:
> > I usually do embedded cross-development under Linux, typically with
> > some hacked-up ancient version of gcc and obtuse command-line
> > utilities that fail with cryptic error messages until you've spent
> > several hours hacking around with them. This time though I had to
> > use Windows because getting the drivers going under Linux just
> > wasn't working. So I go to the web site of the $20B global
> > hardware vendor that makes this stuff and download their SDK tools.
>
> [Terrifying story of incompetence elided.]
>
> > I think we need to treat any embedded device developed via this
> > vendor as pre- compromised. And that includes the aerospace and
> > military ones.
>
> But you haven't let us in on who the vendor is.
Because it's easier to point out the ones that aren't.
That's probably debian, Ubuntu, and maybe the Novena & puri.sm laptops.
Course you still can't layout a real PCB board or route an FPGA without
some binary blob either, so...
More information about the cryptography
mailing list