Daily Archives: 2023-09-19

Snowden leak: Cavium networking hardware may contain NSA backdoor

Source: Hacker News

Article note: Interesting. Also weird that it went unreported for so long. I can't quite tell what the exploit is from the provided context. Was it algorithm substitution with a backdoored version that will interoperate with the real one? Was it a bad RNG (see: Dual_EC_DRBG)? As someone in the HN pointed out, one of the big markets for this stuff is HSMs (Hardware Security Modules: think co-processors that do the "security stuff" for a larger system) in hosted environments like clouds. Last I looked Cavium->Marvell's CloudHSM product was pretty big in the "It's totally secure to do your work on our computer" market.
Posted in News | Leave a comment