@attritionorg 3rd party requires we use them. Like fips-140 in govt space...
-
-
-
@bertjwregeer can you cite an example of FIPS-140 mandating a vendor who has a documented *clear* backdoor? please? =) -
@attritionorg RSA bsafe just got pulled, since it only implemented dual ec crap for random number stuff. -
@bertjwregeer did FIPS-140 mandate RSA BSAFE toolkits specifically? -
@attritionorg no, but fips 140 was a requirement and the only vendor allowed to supply the implementation that was certified was rsa bsafe -
@bertjwregeer so 2 documents/requirements would show that ultimately? can you send me links? -
@attritionorg nope, this is not a public project. -
@bertjwregeer FIPS-140 is public... no? - 4 more replies
New conversation -
-
-
@attritionorg how do you tell backdoor from bug from just plain stupid? -
@jack_daniel some cases it is blurry. other cases it is very clear. -
@attritionorg True. What about NSL or similar "lawful" requests? (Just playing devil^^vendor's advocate). -
@jack_daniel i am only speaking for cases of their own action. no outside influence. -
@attritionorg comes down to trust, and that's tricky. Very volatile stuff, with a short shelf life.
End of conversation
New conversation -
-
-
@attritionorg because they give a good deal on their licence?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@attritionorg "The salesperson is really cute and I'm pretty sure s/he likes me"Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@attritionorg the vendor has a hell of a customer entertainment budget?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@attritionorg the CEO/CSO has a vested interest in company supplying backdoored product.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.