Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Should You Buy From Huawei?
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
vuil
50%
50%
vuil,
User Rank: Apprentice
10/20/2012 | 7:14:22 PM
re: Should You Buy From Huawei?
"Craig is an internationally recognized expert on wireless communications and mobile computing technologies."

But not, as far as I can see, an expert on the internals of large telecommunication routers and switches and the possibility of Huawei and ZTE containing potential spying code. Of course, if you have a political inclination (and coming from MA I'd wager he favors the left side of the aisle) it never stops you from expressing your opinion on such technical matters.

After all the objective is to slag the House of Representatives rather than truly caring for the US as a sovereign nation. Any sensible person would err on the side of caution. After all these Chinese companies are not struggling for business.

Us, lesser beings, step aside on technical matters outside our direct experience. Not Craig who often spouts forth at conferences on everything with the gusto, often of the ignorant.

Guess you lefty poli-sci prof would be proud of you hey Craig.
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
10/19/2012 | 5:53:26 AM
re: Should You Buy From Huawei?
I think the devices should be avoided because they are of questionable quality running decades old code that does not jive with today's security standards. I think it is more a matter of cluelessness and carelessness than any malicious intent.
edarr432
50%
50%
edarr432,
User Rank: Apprentice
10/18/2012 | 11:34:04 PM
re: Should You Buy From Huawei?
Craig you're trying very hard not to get it, but don't despair, Charlie doesn't get it either. The issue is security. While we might be able to find software hacks, we're not going to have the luxury of reverse engineering every piece of telecom hardware we buy from Chinese companies. There is a communist party committee in each of those companies. They can't refuse to do what that committee tells them. They play hardball.
dbartlett329
50%
50%
dbartlett329,
User Rank: Apprentice
10/18/2012 | 5:11:39 PM
re: Should You Buy From Huawei?
Okay, all here understand the technology, but that is only the media. With ChinaGs (and others) past record of overt and covert behavior and their disdain for our people as a whole, why would we even consider continuing to allow suspect companies as these to operate inside our semi-secure architecture and play below our radar?
Craig Mathias
50%
50%
Craig Mathias,
User Rank: Apprentice
10/17/2012 | 5:37:17 PM
re: Should You Buy From Huawei?
OK, I knew this would be controversial, but, as usual, the commentary is straying from the real issues at hand. The most important of these is whether the US government should be recommending against buying the products of a given firm based on allegations and innuendo. Again, the facts are lacking here, and I consider what Congress did too be very dangerous indeed. As I said, absolutely, the US government should buy American. It's hard to do in the case of cellular infrastructure, but I'm very sensitive to the issues here regardless. And at no time here have I recommended buying from Huawei or anyone else. If you don't want to buy from Huawei or anyone else based on, as I wrote, technical, business, or financial (or, really, any other) reasons, don't. But I view the slope as created by Congress as slippery and dangerous, highly political, provocative, and even naive and hypocritical.

And the whole issue is bigger still - see my blog at http://www.networkworld.com/co... for more.
TSRL
50%
50%
TSRL,
User Rank: Apprentice
10/17/2012 | 4:18:46 PM
re: Should You Buy From Huawei?
Craig,

If you are convinced that Huawei are completely on the up-and-up, why don't you buy their equipment for your telcom and networking needs. After all, it is cheaper and that's what the bottom line is all about.

Having spent a significant amount of time in China and having dealt with their telcom folks I can tell you two things: life is cheap and all IP is the property of the government (including whatever IP they can "appropriate" from any other source). I will never deal with those folks again.
saburgan
50%
50%
saburgan,
User Rank: Apprentice
10/17/2012 | 1:58:00 PM
re: Should You Buy From Huawei?
Craig, you silly guy. You have no clue.
ANON1255554460131
50%
50%
ANON1255554460131,
User Rank: Apprentice
10/16/2012 | 11:25:33 PM
re: Should You Buy From Huawei?
I wonder what happen if all countries in the world do the same. The Chinese government forbid all American made software and hardware. India do the same so do all BRICK nations and every other country in the world. I wonder how does it affect global economy?
CLAFOUNTAIN100
50%
50%
CLAFOUNTAIN100,
User Rank: Apprentice
10/16/2012 | 10:29:41 PM
re: Should You Buy From Huawei?
My analysis however, which looks at the core issue, is that the technology was originally developed by Chinese Nationals, for Chinese market. -The troubles with highly educated Chinese hardware and software developement teams likely is in finding qualified translators who can translate Chinese into English, and vise-versa.

Likely the answers being furnished are through the marketing department who markets and sells the product for use. -I have performed this work before, typically with companies in India. -

My main guess is that the report was created without a proper translation with the proper teams at huawei. -Translating English specifications to English (between multiple groups) and prioritization of software functions requires a team itself!

Cisco definitely seems to have trouble with this; their head engineers left to head their R&D departments. -It's great technology based on the white papers available online, and Cisco's cut backs in R&D over the years are showing. -Cisco acquired Scientific Atlanta, a set-top box manufacturer for cable. -They were recently sued by TiVo for infringing of patents AGAIN in the past 6 months. There's an article at Reuters, where Cisco then counter-sued for TiVo not marketing and making TiVo's patents available. Basically, Cisco outsourced R&D to an existing product line manufactured by a competitor, then sued for the right to market it. Pretty interesting R&D strategy!

If Cisco has issue with this, they should be on the same Industry Standards Committees and Groups as Huawei so they have a product that is compatible, ready for sale, and competitively priced.
CLAFOUNTAIN100
50%
50%
CLAFOUNTAIN100,
User Rank: Apprentice
10/16/2012 | 10:24:02 PM
re: Should You Buy From Huawei?
Great insight, and I appreciate it.

In my estimation however, is that the hooks in the firmware were originally placed to fill a requirement, likely for foreign law. Think Patriot Act requirements or similar. Likely without the required additional hardware, which it seems your company didn't purchase, the software still functioned.

My guess again is that the Chinese software development team didn't acquire a full spec document which specifically requested removal of this functionality. Everyone remembers VISTA. It was slow because the kernel processed too much information; similar with Windows 98.

This happens from time to time. Hopefully that hardware wouldn't need to be purchased in a few years when Patriot Act is sunsetted; not renewed.
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.