Huawei HKSP trying to push exploit code into Linux upstream

InceptionHostingInceptionHosting Hosting ProviderOG
edited May 2020 in Industry News

Spotted this on the nixcraft twitter. (which you should follow if you don't already, IT humour to the max at times)

The full article: https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability

The article does explain that:

It is not a backdoor or an attempted backdoor, the term does not appear elsewhere in this blog at all; any suggestion of the sort was fabricated by irresponsible journalists who did not contact us and do not speak for us.

There is no chance this code would have passed review and be merged. No one can push or force code upstream.

Al the same, it feels like maybe they were just poking the bear to see what would happen, testing its resilience.

As if they don't already have a bad enough rep and enough controversy, to begin with.

Thanked by (3)AlwaysSkint Pwner someTom

https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.

Comments

  • Huawei corporate has also distanced themselves from it, saying it was the independent actions of a single dev (although pretty high up)

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @seanho said:
    Huawei corporate has also distanced themselves from it, saying it was the independent actions of a single dev (although pretty high up)

    Well yeah, I would expect them to say that, it would have always had built-in plausible deniability, but that is part of the problem I suppose, even if it was true no one would believe them at this stage.

    Thanked by (2)bikegremlin someTom

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • paranoid much?

    so say we all

  • @AnthonySmith said: Al the same, it feels like maybe they were just poking the bear to see what would happen, testing its resilience.

    Agree, though all this is not limited to software, but stretches from software, to hardware to IP rights to company shares to loans to international boundaries. Software is just one thing we consumers notice/see on the surface.

    Just to be clear, I am not targeting some(I know what you imagined) regime here, most of our countries are involved in this, one way or another, some less some more.

    Thanked by (1)bikegremlin

    My Personal Blog | Currently Building LoadMyCode

  • this is fake news, spender from grsec is a great guy but I think he was trapped in this western propaganda crap, let me paste again what he said, some people may actually read it this time:

    **Nowhere did we claim this was anything more than a trivially exploitable vulnerability. It is not a backdoor or an an attempted backdoor, the term does not appear elsewhere in this blog at all; any suggestion of the sort was fabricated by irresponsible journalists who did not contact us and do not speak for us.
    **

    anti-China news is catching many clicks during this period because well, 'they infected us' and now they need to pay (go Boris!)

  • InceptionHostingInceptionHosting Hosting ProviderOG

    yeah it's not 'fake news' though, bad title maybe.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @AnthonySmith said:
    yeah it's not 'fake news' though, bad title maybe.

    yeah, its not actually fake news, but let me ask you this, how many 'vulnerabilities' were included by mistake in the the Linux kernel over the years and nobody mentioned them in the mainstream media?

    anyway, all I am saying is I would take this in the current context, everybody wants to get rid of Huawei for years now (see sanctions for 5G), so even if its true, it is promoted because they want to turn people into propaganda tools, not because they care about our safety

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @tgl said: yeah, its not actually fake news, but let me ask you this, how many 'vulnerabilities' were included by mistake in the the Linux kernel over the years and nobody mentioned them in the mainstream media?

    fair point well made.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

Sign In or Register to comment.