Huawei HKSP trying to push exploit code into Linux upstream
InceptionHosting
Hosting ProviderOG
Spotted this on the nixcraft twitter. (which you should follow if you don't already, IT humour to the max at times)
The full article: https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
The article does explain that:
It is not a backdoor or an attempted backdoor, the term does not appear elsewhere in this blog at all; any suggestion of the sort was fabricated by irresponsible journalists who did not contact us and do not speak for us.
There is no chance this code would have passed review and be merged. No one can push or force code upstream.
Al the same, it feels like maybe they were just poking the bear to see what would happen, testing its resilience.
As if they don't already have a bad enough rep and enough controversy, to begin with.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Comments
Huawei corporate has also distanced themselves from it, saying it was the independent actions of a single dev (although pretty high up)
Well yeah, I would expect them to say that, it would have always had built-in plausible deniability, but that is part of the problem I suppose, even if it was true no one would believe them at this stage.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Thank you.
paranoid much?
so say we all
Agree, though all this is not limited to software, but stretches from software, to hardware to IP rights to company shares to loans to international boundaries. Software is just one thing we consumers notice/see on the surface.
Just to be clear, I am not targeting some(I know what you imagined) regime here, most of our countries are involved in this, one way or another, some less some more.
My Personal Blog 🌟🌟 Backups for $1 🔥🚀
this is fake news, spender from grsec is a great guy but I think he was trapped in this western propaganda crap, let me paste again what he said, some people may actually read it this time:
**Nowhere did we claim this was anything more than a trivially exploitable vulnerability. It is not a backdoor or an an attempted backdoor, the term does not appear elsewhere in this blog at all; any suggestion of the sort was fabricated by irresponsible journalists who did not contact us and do not speak for us.
**
anti-China news is catching many clicks during this period because well, 'they infected us' and now they need to pay (go Boris!)
yeah it's not 'fake news' though, bad title maybe.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
yeah, its not actually fake news, but let me ask you this, how many 'vulnerabilities' were included by mistake in the the Linux kernel over the years and nobody mentioned them in the mainstream media?
anyway, all I am saying is I would take this in the current context, everybody wants to get rid of Huawei for years now (see sanctions for 5G), so even if its true, it is promoted because they want to turn people into propaganda tools, not because they care about our safety
fair point well made.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.