[Cryptech Tech] Fwd: USPS Shipment Info for CJ465517007US

Okubo, Tomofumi tomokubo at verisign.com
Tue Jan 20 13:20:23 UTC 2015


Not sure if this helps but if we are worried about the transit between the
production line, a classic way to protect an HSM is to place it in tamper
evident bag and confirm the serial number out-of-band.

Not to mention, this won¹t help if the production line is compromised but
if we can assume that the production line is secured, I believe it will
give us some peace of mind.

Cheers,
Tomofumi


On 1/17/15, 8:51 PM, "bunnie" <bunnie at bunniestudios.com> wrote:

>The board is made in Fremont, CA, actually.
>
>You're right, the wifi module is probably one of the easiest bits to
>swap out and it has an RF shield to hide everything. The other known
>spot is the ethernet jacks are replaced with equivalents that have stuff
>inside the RF shield.
>
>I suppose since the board is made in CA, the feds could also just walk
>onto the production line and say "here use these chips" but that doesn't
>seem to have happened. I've got a pretty good relationship with the CM
>and I have guys on the inside not connected to the board or management
>who would tip me off.
>
>-b.
>
>On 01/18/2015 06:43 AM, Bernd Paysan wrote:
>> Am Sonntag, 18. Januar 2015, 07:34:00 schrieb Randy Bush:
>>>>> and then i wonder if we can also get boards which have not entered
>>>>> five eyes, so we get only pla injections?
>>>>
>>>> Where is it actually made?
>>>
>>> i presume where is everything made these days, shenzhen.
>> 
>> If that's the case, I could hand-carry one when I visit my girlfriend
>>next 
>> time; she lives on the other side of the Perl river.
>> 
>> The board is quite loaded with stuff... there are ample opportunities
>>to bug 
>> it.  The easiest thing for bugging it is probably the Wifi card; which
>>is a 
>> pretty standard part, and the bugged NSA version very likely just has a
>> slightly different firmware.
>> 
>
>-- 
>^`'~*-,._.^`'~*-,._.^`'~*-,._.^`'~*-,._.^`'~*-,._.^`'~*-,._.^`'~*-,._.^`'
>_______________________________________________
>Tech mailing list
>Tech at cryptech.is
>https://lists.cryptech.is/listinfo/tech



More information about the Tech mailing list