Huawei denies that it provides backdoors in its networking equipment
Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
April 28, 2014
Chinese hardware maker Huawei said today that allegations the company provides backdoors for espionage in its communications equipment
remain unproven and would be commercial suicide.
“The hypothesis that our equipment could be used for espionage by the Chinese government has never been proven,” spokesman Scott Sykes
said at the company’s annual global analyst event in Shenzen.
“If it were ever proven, we would lose 65 percent of our business overnight. That would be corporate suicide,” he added.
As the world’s third largest networking equipment supplier, Huawei has raised several concerns in the internet community.
For instance, Huawei was banned from bidding for contracts for the Australian national data backbone.
But documents disclosed by Edward Snowden this year suggest that Huawei may be more sinned against than sinner. The United States
National Security Agency’s ‘Tailored Access Operations’ managed to break into Huawei’s corporate servers, and by 2010 was reading
corporate email and examining the source code used in Huawei’s products.
“We currently have good access and so much data that we don’t know what to do with it,” boasted one NSA briefing. Worse, the slides
also disclose the NSA intended to plant its own backdoors in Huawei firmware.
A report by Britain’s Intelligent and Security Committee in 2013 was critical of British Telecom, which uses Huawei for its C21
network, for not informing ministers of its decision to use the supplier for what it regards as critical national infrastructure.
But like the U.S. Senate’s report the previous year, the committee offered no evidence of existing back doors.
“The Security Service had already told us in early 2008 that, theoretically, China may be able to exploit any vulnerabilities in Huawei’s
equipment in order to gain some access to the BT network, which would provide them with an attractive espionage opportunity”, the
Overall, Huawei now works with second and third tier phone companies in the United States. It abandoned an attempt to purchase
3Com and says that it doesn’t plan on making any acquisitions in the next ten years.
“Broadly, we have an impeccable track record with 500 telcos in over 150 countries. There's never been a security issue of any
kind,” Sykes told the press. “We wouldn't be a $40 billion company if we're not good at building secure networks. It simply would not
be possible. About sixty-five percent of our business is outside China,” he added.
In other IT news
Oracle has been accused of unfair competition and of breaking U.S. anti-trust laws over its Solaris support division.
The claims are made in a counter-lawsuit lodged by the Solaris Support Group, Terix, which had previously been dragged into
court by Oracle for allegedly stealing the database giant's copyrighted code.
The Terix suit claims that Oracle violated California's unfair competition laws and that it attempted to operate an illegal
monopoly in violation of Section 2 of the U.S. Sherman Act.
It was the same Sherman Act that the U.S. Department of Justice accused Microsoft of violating over the bundling of Windows and Internet
Explorer during that company's antitrust case during the 1990s.
Terix's case has been lodged in the Northern District of California, San Jose Davison. The Terix claim states-- "Oracle's
efforts include (among other things) the use of Oracle's natural monopoly over Solaris patches (including error corrections,
security fixes, and other updates) and Oracle's natural monopoly over firmware for Sun/Oracle hardware to force customers to
purchase software and hardware support from Oracle, even in the many instances when those customers could and would otherwise
obtain superior software and hardware support from third-part service providers such as TERiX at a significantly lower cost."
"Senior Oracle personnel have not only admitted but in fact touted Oracle's intent. Indeed, at a press briefing on the day Oracle
acquired Sun, Oracle's executive vice president of global customer services announced-- "We believe we should be the ones to support
our customers. If you're a third-party support provider offering multivendor support, we're coming to get you," the complaint read.
According to Terix, Oracle has succeeded in undermining and weakening third party providers of software and hardware support,
including Terix, by forcing customers to sign up only with Oracle.
Oracle unleashed its case against Terix and Maintech in July 2013 saying they'd stolen its copyrighted code-- Solaris patches,
updates and bug fixes through their work with customers.
Oracle also accused the two companies of mis-representing themselves to customers by claiming they are allowed to support Solaris.
Oracle wants unspecified damages over copyright infringement, false advertising, breach of contract, intentional interference with
prospective economic relations, and unfair competition.
Oracle saw part of its case thrown out by the judge in January, as the court ruled Terix and Maintech had not duped users by
saying they were allowed to fix and update Solaris.
In other IT news
Micron said late yesterday that it's now offering a middle-of-the-road flash drive for servers.
The M-500DC uses 20nm MLC NAND, and comes in 120 GB, 240 GB, 480 GB and 800 GB storage capacities. It seems to be a reworked
version of the M-500 and M-550 personal SSD products, however.
The M-500DC comes with a 6 Gbit/s SATA interface, not the fastest in these 12 Gbit/s days but still good enough for most
If we tabulate the performance of these three SSDs we can see what Micron has done to make the M-500/550 server-ready.
The M-550 is an upgrade to the M-500. The M-500-DC is downgraded from the M-500 and M-550 in raw performance terms so that it
can have a longer life.
That’s the optimisation that Micron has carried out as the M-500-DC has significantly slower random IOPS and sequential I/O performance
than its forebears.
The M-500-DC (server version) comes in both 1.8-inch and 2.5-inch form factors. Micron says it has “EXPERT features including adaptive
read management (ARM/OR), data path protection, redundant array of independent NAND (RAID), reduced command access latency (ReCAL), and
Micron says the M-500-DC is designed to withstand 24/7/365 heavy duty cycles, and can sustain two drive fills a day, every day
for five years. But we don't have the MTBF (mean time between failure) rating yet.
It looks like a competently designed mid-range server SSD, and is termed affordable by Micron, although no prices have been
revealed as of yet. The M-500-DC SSD is available now from Micron's channel partners.
In other IT news
Earlier today, HP has warned its customers that one of its firmware updates can accidentally crash the network interface cards (NICs) in 100 Series
ProLiant Server models. The Service Pack for ProLiant 2014.02.0 can potentially kill HP Broadcom-based network adapters in G2 to G7 series servers, HP
A machine relying on a dead NIC is not much use at all and may very well require a motherboard swap to fix if the slain silicon is a
built-in component. The affected adapters range from PCIe cards to integrated controllers.
HP's online support centre admitted that applying the firmware upgrade on some vulnerable systems could have a disastrous effect, rendering
the server useless in communicating with the outside world.
"On certain HP ProLiant servers, certain HP Broadcom-based network adapters listed may become non-operational when they are updated with
the Comprehensive Configuration Management firmware Version 7.8.21 using our firmware smart component, HP Smart Update Manager or the HP Service
Pack for ProLiant 2014.2.0," HP warned.
It also added that, in extreme cases, such a network adapter may require a hardware replacement to fully recover the NIC.
System admins who download and install the patch on a vulnerable machine will shortly discover that the server cannot detect its own
network adapter, which will be an issue to fix correctly, especially when trying to subsequently load in the replacement firmware.
For some admins, the warning HP tacked onto the service pack's web page came too late in the day-- the firmware was released on April 18, giving
unsuspecting IT departments plenty of time to crash the affected servers.
Richard Brain, technical director at security firm ProCheckup says that he was advised by HP to swap out a bug-hit motherboard-- the
network adapter is embedded on it, but this was not a cheap nor a quick solution to the problem.
Get the most dependable SMTP server for your company. You will congratulate yourself!
Share on Twitter.
Need to know more about the cloud? Sign up for your free Cloud Hosting White Paper.