Huawei HKSP trying to push exploit code into Linux upstream

AnthonySmithAnthonySmith AdministratorHosting Provider
edited May 22 in Industry News

Spotted this on the nixcraft twitter. (which you should follow if you don't already, IT humour to the max at times)

The full article: https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability

The article does explain that:

It is not a backdoor or an attempted backdoor, the term does not appear elsewhere in this blog at all; any suggestion of the sort was fabricated by irresponsible journalists who did not contact us and do not speak for us.

There is no chance this code would have passed review and be merged. No one can push or force code upstream.

Al the same, it feels like maybe they were just poking the bear to see what would happen, testing its resilience.

As if they don't already have a bad enough rep and enough controversy, to begin with.

Inception Hosting - 256MB OpenVZ VPS back in stock for €8.00 p/year - DEDICATED IP4 + /64 IPv6 https://clients.inceptionhosting.com/cart.php?a=add&pid=177
Please do not use the PM system here for Inception Hosting support issues.

Thanked by (3)AlwaysSkint Pwner someTom

Comments

  • Huawei corporate has also distanced themselves from it, saying it was the independent actions of a single dev (although pretty high up)

  • AnthonySmithAnthonySmith AdministratorHosting Provider

    @seanho said:
    Huawei corporate has also distanced themselves from it, saying it was the independent actions of a single dev (although pretty high up)

    Well yeah, I would expect them to say that, it would have always had built-in plausible deniability, but that is part of the problem I suppose, even if it was true no one would believe them at this stage.

    Thanked by (2)bikegremlin someTom

    Inception Hosting - 256MB OpenVZ VPS back in stock for €8.00 p/year - DEDICATED IP4 + /64 IPv6 https://clients.inceptionhosting.com/cart.php?a=add&pid=177
    Please do not use the PM system here for Inception Hosting support issues.

  • paranoid much?

  • @AnthonySmith said: Al the same, it feels like maybe they were just poking the bear to see what would happen, testing its resilience.

    Agree, though all this is not limited to software, but stretches from software, to hardware to IP rights to company shares to loans to international boundaries. Software is just one thing we consumers notice/see on the surface.

    Just to be clear, I am not targeting some(I know what you imagined) regime here, most of our countries are involved in this, one way or another, some less some more.

    Thanked by (1)bikegremlin

    Awesome Hosts: InceptionHosting, BuyVM, Hetzner, MrVM
    Awesome Shared Hosts: BuyShared, SmallWeb, MyW.pt (untried but in whitelist: https://lowendboxes.review/the-whitelist/)

  • tgltgl OG

    this is fake news, spender from grsec is a great guy but I think he was trapped in this western propaganda crap, let me paste again what he said, some people may actually read it this time:

    **Nowhere did we claim this was anything more than a trivially exploitable vulnerability. It is not a backdoor or an an attempted backdoor, the term does not appear elsewhere in this blog at all; any suggestion of the sort was fabricated by irresponsible journalists who did not contact us and do not speak for us.
    **

    anti-China news is catching many clicks during this period because well, 'they infected us' and now they need to pay (go Boris!)

  • AnthonySmithAnthonySmith AdministratorHosting Provider

    yeah it's not 'fake news' though, bad title maybe.

    Inception Hosting - 256MB OpenVZ VPS back in stock for €8.00 p/year - DEDICATED IP4 + /64 IPv6 https://clients.inceptionhosting.com/cart.php?a=add&pid=177
    Please do not use the PM system here for Inception Hosting support issues.

  • tgltgl OG

    @AnthonySmith said:
    yeah it's not 'fake news' though, bad title maybe.

    yeah, its not actually fake news, but let me ask you this, how many 'vulnerabilities' were included by mistake in the the Linux kernel over the years and nobody mentioned them in the mainstream media?

    anyway, all I am saying is I would take this in the current context, everybody wants to get rid of Huawei for years now (see sanctions for 5G), so even if its true, it is promoted because they want to turn people into propaganda tools, not because they care about our safety

  • AnthonySmithAnthonySmith AdministratorHosting Provider

    @tgl said: yeah, its not actually fake news, but let me ask you this, how many 'vulnerabilities' were included by mistake in the the Linux kernel over the years and nobody mentioned them in the mainstream media?

    fair point well made.

    Inception Hosting - 256MB OpenVZ VPS back in stock for €8.00 p/year - DEDICATED IP4 + /64 IPv6 https://clients.inceptionhosting.com/cart.php?a=add&pid=177
    Please do not use the PM system here for Inception Hosting support issues.

Sign In or Register to comment.