Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
What Huawei, ZTE Must Do To Regain Trust
Oldest First  |  Newest First  |  Threaded View
vuil
50%
50%
vuil,
User Rank: Apprentice
10/17/2012 | 10:54:20 PM
re: What Huawei, ZTE Must Do To Regain Trust
When reading this article one can't help feeling soft violins should be playing in the background. Here's Claburn asking how a company that has ransacked and stolen ideas and intellectual property from the major network equipment houses (and even found guilty in a Chinese court) and Claburn wonders how they can be rehabilitated.

Well what about a less politically correct article saying we want nothing to do with Huawei and ZTE otherwise we are simply rewarding bad behavior.

There is still strong evidence that China is using network technology to spy on all and sundry both inside and outside China. Indeed there is evidence that there have been instances when China has rerouted network traffic for who knows what purpose.

Consider the following article:

http://www.nationaldefensemaga...

Come on Thomas, stop being so politically correct, grow some balls and state the reality as it is. You cannot trust these Chinese network companies.

ANON1255554460131
50%
50%
ANON1255554460131,
User Rank: Apprentice
10/19/2012 | 7:56:37 PM
re: What Huawei, ZTE Must Do To Regain Trust
Western countries have been known to initiate Cyber attack of other countries' facilities. China is using a lion share of US companies hardware and software (HP, Windows, INTEL, AMD,etc). On security grounds China could ban western hardware and software products. How many western companies do not have veterans working for them? Also which IT company has not been involved in intellectual properties (pattern) disputes?
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
10/22/2012 | 4:05:32 PM
re: What Huawei, ZTE Must Do To Regain Trust
Sounds like fodder to justify import/export negotiations or help american firms. Almost all the vendors (Chinese and Western alike) build in backdoors. Publicly the answer is for technical support of their product, but only the naive wouldn't suspect there is the possibility for it to be used for other purposes, repurposed for causes such as law enforcement (remember Govt requests for monitoring and backdoor access), or misused. Govts need to err on the side of caution and consider it as a fact that happens in a competitive, free enterprise economy not as a vague possibility and that China, with greater govt control of its industries, uses it to achieve their national objectives.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...