Reply to post: Trust?

Fortinet tries to explain weird SSH 'backdoor' discovered in firewalls

thames
Unhappy

Trust?

Let's not forget how Cisco are setting up dead drop addresses to try to stop the NSA intercepting their hardware in transit and installing back doors. Can anyone seriously keep a straight face when they say that any American IT product is safe to use?

I can't think of any realistic solution other than that all security related software and firmware be open source so that hiding back doors isn't so easy, and that customers install it themselves after downloading it from known good sources and verifying the hashes.

There are people who say that "you have to trust someone". However, ask a security professional what they mean by "trust", and they will tell you that a "trusted party" is simply someone who is able to break your security if they are so inclined. I'm not sure I'm ready to "trust" a foreign government, especially one who has a record of hacking into everything in sight.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon