Huawei Offers 'Complete and Unrestricted' Source Code Access 255
An anonymous reader writes "The BBC reports that 'Huawei has offered to give Australia unrestricted access to its software source code and equipment, as it looks to ease fears that it is a security threat. Questions have been raised about the Chinese telecom firm's ties to the military, something it has denied. Australia has previously blocked Huawei's plans to bid for work on its national broadband network. Huawei said it needed to dispel myths and misinformation.' But is this sufficient? Will they be able to obscure any backdoors written into their equipment?"
Re:Source (Score:5, Informative)
Re:Source (Score:5, Informative)
Yes; some very good people who evaluate products for use within the Oz government and Defence:
http://www.dsd.gov.au/infosec/epl/index.php [dsd.gov.au]
However, the process is usually long, often expensive, and generally targets a particular software/hardware combination; bump your version number, and there's potentially a fairly significant re-evaluation required.
Huawei could take advantage of this program now, but would either need to front up some dough, or have a sponsor to guide them through it.
Re:hardware backdoors (Score:4, Informative)
And, if they did send a copy of every packet to China, do you think the carriers wouldn't notice that traffic pattern? It's an absurd accusation, with no basis in fact. And, if true, would be quickly found if it were ever used. All to compromise an unspecific portion of a residential broadband network.
It's more likely that Huawei was behind the assassination of Kennedy and 9/11 than they are inserting router backdoors in an attempt to remotely control Australia. If you've been to WA, you don't need to sniff their traffic to know what they are doing. 99% porn, 1% skype to family.
Re:Source (Score:5, Informative)
Re:Compiler Vulnerability (Score:1, Informative)
And would Australia even be interested in jumping through that extra hoop considering that there are other vendor options available where Australia feels this isn't necessary? The price difference between Huawei and other vendors would have to be fairly sizable to warrant that.
Why indeed. Why spend so much justifying why they are planning on over-paying to a company run by white people, when there has never been an "incident" with Huawei gear? Australia is spending millions trying to make sure they spend their money with white people, in order to secure an "insecure" residential Internet network. You tell me, why is Australia inventing all these hoops?
Re:Source (Score:4, Informative)
Because the rest of those companies weren't founded and run by ex-Chinese military and long-time Chinese Communist Party members?
Re:Is this Sufficient? What else could you want? (Score:5, Informative)
http://cm.bell-labs.com/who/ken/trust.html [bell-labs.com]
If you haven't read it, or even if you haven't read it recently, you really should.
BBC reports only part of the offer (Score:4, Informative)
What the BBC is reporting is not quite what was offered. The ABC quotes Mr Lord [abc.net.au] as:
"Huawei is willing to offer complete and unrestricted access to our software source code and our equipment in such an environment," he said. "And in the interests of national security, we believe all other vendors should be subject to the same high standard of transparency."
The reference to "such an environment" is an industry funded organisation dedicated to vetting this stuff.
The exercise is nothing more than a PR spin. Huawei knows full well that the other players will neither want to fund a centre that effectively lets a competitor back into the race nor subject their own code to such scrutiny and risk rejection. He is the local face of Huawei so he has to say these things, but they will not change anything.
Who needs a back door? (Score:5, Informative)
Who needs a back door when you have a range of security vulnerabilities to choose from.
Here's the slide deck from the talk on Huawei talk at Defcon 20 this year. At the end of the talk the presenter addressed the topic of backdoors by saying (my paraphrase) given the state of the code, who knows if a given hole is a backdoor or unintential security vulnerability.
The deck is worth a read if only for the fortune cookie slides, which contain actual quotes from the object code:
http://phenoelit.org/stuff/Huawei_DEFCON_XX.pdf [phenoelit.org]
Min
Re:Anything new from Slashdot ? (Score:4, Informative)
If Huawei (and all equipments from all Chinese companies) are suspicious, what makes you think that equipments from Germany or Japan or Britain or Korea or Canada or USA aren't?
Hmmm . . . are there any other one party communist states with aspirations of hegemony, a long history of enmity against democratic government, free enterprise, and personal liberty, that currently have intense foreign espionage efforts directed against the West, that make direct threats against the United States while being armed with intercontinental ballistic missiles armed with nuclear weapons, on the list? No, China. . . make that the People's Republic of China, one of the few remaining Communist dictatorships on earth, is unique in that regard. Isn't that clear? China is reforming economically much faster than politically, although that is coming along in small fits and starts. But fundamentally, China is still a dictatorship run by the Chinese Communist Party.
Which equipment the Stuxnet virus targeted?
That was SCADA controllers made by Siemens, a German company, being used by Iran - a Shia lead theocratic government imposing Sharia law in Iran while they seek hegemony in the region. Iran is using that equipment to run centrifuges to develop highly enriched Uranium, and has been discovered to be engaged in activities applicable to only nuclear weapons development [nytimes.com]. Iran tries to intimidate its neighbors, is a state sponsor of terrorism [cfr.org] world-wide [washingtonpost.com], fund, trains, and arms Hezbollah with tens of thousands of rockets and missiles to control Lebanon and attack Israel until it can make good on it barely veiled threats of genocide against Israel, and general threats against Europe and the United States. Until the Islamic revolution in Iran in 1979, Iran and Israel had been on good terms. It is the theocratic government in Iran that has declared them to be enemies - the conflict isn't Israel's fault - Iran was not part of the Arab-Israeli wars. And yet some people take the bankrupt position that it is Iran that needs protection from Israel. Stuxnet and its kin may be the only reason the world isn't in a shooting war in the region now.
It's easy to bash China - as China has become the poster boy for bashing orgy - from Presidential debate to this one in Slashdot - but I do expect MORE from those who come to Slashdot. Unlike the tweedledee and tweedeldum on the presidential debate, you guys do have brains. It's time you use your brain to think, rather than letting others doing the thinking for you.
Some people use their powers of reason to understand the facts above and their implications, others use their reason to rationalize away uncomfortable facts, like those above.
In much of the West, the well educated have been taught to believe that they can know nothing and that they can draw no independent conclusions about truth, unless they cite a study and "experts" have affirmed it. "Studies show" is to the modern secular college graduate what "Scripture says" is to the religious fundamentalist. -- Dennis Prager