[Cryptography] "Apple moves to bring iCloud infrastructure in-house predicated by backdoor fears - report"
Tom Mitchell
mitch at niftyegg.com
Wed Mar 23 23:48:53 EDT 2016
On Wed, Mar 23, 2016 at 5:30 PM, Jerry Leichter <leichter at lrw.com> wrote:
> From
> http://appleinsider.com/articles/16/03/23/apple-moves-to-bring-icloud-infrastructure-in-house-predicated-by-backdoor-fears---report
> ....
>
....
> Apple's multi-year effort to develop its own servers and networking
> hardware has reportedly been driven in large part by security concerns, as
> the company worries that supply chain tampering may lead to deeply embedded
> vulnerabilities which are difficult to find and remediate.
>
...
> Unfortunately, Apple's worries are not unfounded.
>
...
> "You can't go take an X-Ray of every computer that hits the floor. You
> want to make sure there's no extracurricular activity" by building servers
> in-house, one source told the publication.
Photographing including X-ray imaging is not terribly difficult. Factory
imaging systems are
not crazy expensive including X-ray. It is the disassembling and
reassembling that
is a PITA.
Astronomers have marvelous imaging libraries.
The obvious question "Is this one another one just like the other one" is
the easy
question and has gotten better given the fact that images can be contraband.
Hardware test is almost all JTAG scan and can also be automated. So looks
good and scans as good
is possible and can be automated.
There are a lot of turtles but if you can inspect and "trust" a couple
layers of turtles some things are safer,
depending on the turtle the bad boys sit on.
A room of old SGI or Sun servers with old compilers from old media in a
locked room could cross
compile and improve the trust of a number of turtles of type utility and
compiler.
A binary editor could craft the foundation words of FORTH...
http://www.eecs.wsu.edu/~hauser/teaching/Arch-F07/handouts/jonesforth.s.txt
And from there bootstrap a lot more.
It is a problem. One difference is we have no Snowden from other nation's
spook centers.
The big name service companies do see attacks and do have staff to inspect
analyse and react.
They have reacted... to real attacks from near and far.
One layer to ponder is the network itself. I have wondered why Facebook
spent money on this:
https://code.facebook.com/posts/843620439027582/facebook-open-switching-system-fboss-and-wedge-in-the-open/
But it is an arms race...
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160323/7e7da3a0/attachment.html>
More information about the cryptography
mailing list