US Nuclear Lab Removes Chinese Tech 125
Rambo Tribble writes "Reuters reports that Los Almos National Laboratory has removed switches produced by Chinese firm H3C, which once had ties to Huawei. This appears to be a step taken to placate a nervous Congress, rather in response to any detected security issues. From the article: 'Switches are used to manage data traffic on computer networks. The exact number of Chinese-made switches installed at Los Alamos, how or when they were acquired, and whether they were placed in sensitive systems or pose any security risks, remains unclear. The laboratory - where the first atomic bomb was designed - is responsible for maintaining America's arsenal of nuclear weapons.
A spokesman for the Los Alamos lab referred inquiries to the Department of Energy's National Nuclear Security Administration, or NNSA, which declined to comment.'"
What's the replacement going to be? (Score:5, Insightful)
If they don't want made-in-China equipment, what are the alternatives? I don't think that doing without is much of an option.
Re:What's the replacement going to be? (Score:4, Insightful)
Re:What's the replacement going to be? (Score:4, Insightful)
And the 10x the cost is worth every penny. Cisco and Juniper routers and switches are the backbone of many serious enterprises. Serious about security and performance. I don't know of any Chinese product that is worth spending money on.
Re:What's the replacement going to be? (Score:5, Insightful)
Cisco is made in China. They just charge Made in America prices and pocket the difference.
Re: (Score:3)
+1
Re: (Score:3)
Why not just have a "home grown" firewall that doesn't allow communication to anything but specific controlled sites? I mean, the data has to go out of the building somewhere and they can control which destinations are acceptable. Even if the someone happened to slip in some code to "spy" on specific data it would have no way outside the network besides that firewall. Unless of course they embed some wireless communication chips in the switches, but that would require that someone in the building have a
Re: (Score:3)
The downstream routers are also Chinese. It wouldn't be hard to tag a packet in some way to be copied quietly back to a listening post once it is well past the firewall. Dedicated lines all the way are the only way to be sure.
Not that this isn't anything but paranoia...
Re:What's the replacement going to be? (Score:5, Informative)
The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback. /s
[citation needed]
/. and hyperbole is the order of the day. Rational discussions? Supported by actual facts? Pffffff....
...crickets...
The reality, of course, is nowhere near the numbers you suggest, but hey, who's counting. This is
Re: (Score:1)
Re: (Score:2)
Re:What's the replacement going to be? (Score:5, Interesting)
The option would be to have a US company build them for 10X the cost plus the usual 1000% kickback.
I've heard the cost difference between Chinese vs. American manufacturing is about 15% for an iPhone (or presumably something like it). Don't have a good source for that, though.
Re:What's the replacement going to be? (Score:5, Insightful)
I've heard similar figures as well. The overhead for building in the US isn't as huge as you'd think. Actually, the overhead for many alternatives to cost-saving measures (like illegal immigrant workers in lieu of Americans) isn't as high as we've all been lead to believe.
Re: (Score:2)
Don't go ruining corporate propaganda with facts. That would mean the whole race to the bottom this country has been waging on workers since Reagan has all been a scam to take money from the poor and middle class and give it to the rich. That would never happen--not in The Greatest Country on Earth (TM).
Re: (Score:2)
Just make sure they aren't the counterfeit Cisco switches circa 2008...which were from...China.
http://www.homelandsecuritynewswire.com/china-may-have-back-door-us-military-computer-networks [homelandse...wswire.com]
Re:What's the replacement going to be? (Score:4, Insightful)
Hardened Cisco switches.
Most Cisco switches are made by Foxconn in China and Mexico. They are also opening a factory in Russia.
Re:What's the replacement going to be? (Score:5, Informative)
Re:What's the replacement going to be? (Score:5, Interesting)
I know of a couple alternatives from gossip with industrial controls type people. Please don't secure your nations nuclear secrets based on my /. post.
Google for "Garrett" they make industrial switches. Industrial as in weird DC voltages (for railroad, telco, etc) and supposedly good rep WRT interference protection. Like if you're running on the factory floor and the network goes bonkers when someone arc welds, rewire the run to a garrett and supposedly that'll fix it most of the time. The reputation of the prices is high, but when you need ethernet connectivity to the PLCs on a railroad engine or whatever, well...
Google for a place called "wideband" if you want a local. Low to mid end office gear. Really not that expensive, like a couple billable consultant hours for a switch or about three 3rd party wiring calls. My point is complaining about something from wideband costing $800 vs noname for $600 or Cisco for probably about $1000 is kind of pointless for a $100K/yr network admin and $50/hr electrician and all that, but for home its going to be hard to slip a $800 purchase by for a 24 port managed switch. I have no rep info on this although I've heard they work.
You need like ten centuries of switch*years before reports about reliability and such change from "anecdote" to "information" so onesie-twosie stories about "I heard of one that worked" isn't terribly useful.
Re:What's the replacement going to be? (Score:5, Informative)
Good thought, but check out the GarrettCom backdoor that was discovered by a curious researcher in 2012:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf
Looks like in some cases the 'american company' is worse! And why did it take this researcher named in the advisory to dicsover it? Why didn't any of the major corporations or government agencies who rely on this equipment discover it?
Re: (Score:2)
The same reason why you don't discover all the flaws with your software and hardware rather than hearing about security researchers finding them; neither they nor you have the time or budget to hire full time security people to thoroughly go through every piece of hardware, firmware and software in use.
Re: (Score:2)
For a government doing stuff in name of national security, cost shouldn't be an issue. Just look at the cost they spent on "regime change" in Iraq and Afghanistan, just to name some. Hiring a few of the brightest security experts to thoroughly test their equipment is just peanuts compared to that.
The only reason I can think of why they do not do that is political: wars are much more visible, and electors like to see results.
Re: (Score:1)
It would be more accurate to say they don't want switches made by $enemy_of_the_us. Once that was the Soviet bloc, then when that collapsed it became Iraq, then al-Qaeda. The latter has been decimated by drone strikes and a long grinding war, so now the Neo Cons need a new bad guy and China fits the bill.
The Chinese are in many ways the perfect Enemy of the US(TM). Funny looking and speaking an incomprehensible/angry sounding language, over a billion of them and happy to do all the necessary posturing and m
Re:What's the replacement going to be? (Score:5, Insightful)
for a successful and perpetually unwinnable cold war.
The last cold war was winnable. We know because the US-side won it (and squandered that victory in a way that probably will be talked about for centuries). But while I pointed that out, it's not the point of a cold war. The point of a cold war is to slowly resolve conflicts without sinking into a hot, nuclear war.
Re: (Score:3)
If you mean "won by default because the Soviet Union collapsed" then yeah, we won.
The point of a cold was is to scare the shit out of your citizens and spend lots of money on the military. Come on, everyone knows that.
Re: (Score:2)
If you mean "won by default because the Soviet Union collapsed" then yeah, we won.
Oh we gonna redefine 'win' now? For many centuries if your opponent defaults... that is a win. Time honored tradition in chess which is older than most of western civilization.
No it is not a clear a win as having your boot on the opponent's throat, but hey that must be an intelligent opponent, who recognizes that, 1( victory is not possible. 2(Surrender is not acceptable. 3) Capitulation is the best way out.
L: Ok so we just stop this nonsense. Yes? :(
W: Yuuuush!! We Wiii... :D
L: Unless you desire bloo
what about the iPhones in the organization? (Score:2)
Screw the switches, think about all of the iPhone floating around LANL (and Congress)!
Re: (Score:2)
Screw the switches, think about all of the iPhone floating around LANL (and Congress)!
Probably 0. Hopefully 0. These facilities have lockers where you are supposed to leave all phones, cameras, and anything else that could be used to steal data. You're not supposed to be able to get in without emptying your pockets. You're even supposed to leave your car keys, etc, in the locker.
Re: (Score:3)
Seriously, You know this? How?
As recently as 2007 this was clearly not the case.
It was only after several years on the job that she was caught with bomb designs in her trailer and fired. But the investigation reveals that Quintana had taken her cell phone into a vault filled with secret documents where she worked — another major security violation. She also had access to a high-speed classified printer, even though such access was "not required by her job," and used the device to run off hundreds of copies of classified documents that she also brought home.
See: http://www.time.com/time/nation/article/0,8599,1612912,00.html [time.com]
Re:what about the iPhones in the organization? (Score:5, Informative)
Seriously, You know this? How?
As recently as 2007 this was clearly not the case.
Because I've worked in a facility like this before. Not Los Alamos, but with classified data.
It was only after several years on the job that she was caught with bomb designs in her trailer and fired. But the investigation reveals that Quintana had taken her cell phone into a vault filled with secret documents where she worked — another major security violation. She also had access to a high-speed classified printer, even though such access was "not required by her job," and used the device to run off hundreds of copies of classified documents that she also brought home.
See? She violated security protocol by bringing her phone into the vault. It says so right there in your own quote. So as I said there should be 0 iPhones around there. Whether people actually follow the rules is up to the site security officer, but the rules clearly state no cell phones.
See: http://www.time.com/time/nation/article/0,8599,1612912,00.html [time.com]
Re: (Score:3)
Read the NISPOM and JFAN security guides. No external devices can be brought in to secured areas. No USB sticks, no media without a lengthy process to scan and check in the data. Nothing leaves the secured area without being shredded. We had some hefty machinery built to munch up everything from memory and CD/DVD media to hard drives and LTO tapes.
So "congress"? Yes, but we already know that cesspool for what it is. Secured areas like LANL? Not a chance.
Re: (Score:2)
Please just Google Los Alamos and Security Breach, or, I don't know, maybe click the link in the message you replied to?
Don't pontificate about standards that appear to be honored only in the breach.
Re: (Score:2)
Read the NISPOM and JFAN security guides. No external devices can be brought in to secured areas. No USB sticks, no media without a lengthy process to scan and check in the data. Nothing leaves the secured area without being shredded. We had some hefty machinery built to munch up everything from memory and CD/DVD media to hard drives and LTO tapes.
So "congress"? Yes, but we already know that cesspool for what it is. Secured areas like LANL? Not a chance.
Times have changed. Dunno about LANL, but at LLNL:
https://csp-training.llnl.gov/CS0149-W/non-gov_respons.html [llnl.gov]
Re: (Score:1)
I guess they mean designed in China vs designed in the US. Huawei chips designed in China could have all sorts of backdoor functions built in. At least the CIA knows about the Cisco backdoors.
Re:What's the replacement going to be? (Score:4, Insightful)
If they don't want made-in-China equipment, what are the alternatives? I don't think that doing without is much of an option.
I think the concern was specifically with Huawei and the recent hubub surrounding that outfit. Probably only for the reason you are alluding to. If there are any switches manufactured in the US, then I think it would be prudent to use those for high value operations like this one. Actually, if there weren't any - I think the needs of this particular operation would warrant the government manufacturing their own. Control of our nuclear arsenal is somewhat important ;).
Comment removed (Score:3)
Rebadged H3C / 3Com (Score:2)
Most HP A-Series switches are just rebadged H3C hardware. Some still come direct from HP with the H3C badge on.
Given that the A-Series firmware is present across even the HP badged hardware, are they going to throw out all HP A-Series switches?
Re: (Score:3)
Most HP A-Series switches are just rebadged H3C hardware. Some still come direct from HP with the H3C badge on.
Given that the A-Series firmware is present across even the HP badged hardware, are they going to throw out all HP A-Series switches?
They'd have to have HP-made switches in the first place...I recall HP's market penetration, and from what I recall, neither of HP's customers are a National Laboratory...(snicker)
time to build tech in America (Score:4, Informative)
Re: (Score:1)
It would be cheaper, simpler, and "fairer" to enforce US EPA, FCC, FDA, and OSHA laws on the foreigners and then see who's more productive...
Re: (Score:3, Interesting)
Ok, I'll bite vim. How can we enforce the rules of those agencies on Chinese manufacturers? The bunk beds Foxconn stacked their workers in were an OSHA violation before they even started their work day.
I would recommend we sythesize your and jsepetas theories. We tax imports based on an estimated cost of the imported product if the company in question were to be OSHA, EPA, FDA, and FCC rule compliant, and as they come into compliance with each we drop that portion of the tax.
Aside from enormous difficult
Re: (Score:2)
Aside from enormous difficulty of managing the import taxation-register and verifying compliance, what do you think?
Only enforce on companies larger than X personnel or Y sales volume or something like that?
I think people overestimate how common inspection is in our homeland. Unless the boss committed a political offense, its rare to be inspected for anything more than once every couple years for anything, unless someone gets hurt on the job or an anonymous report is made. I'm guessing that the inspection cost will not be very high.
Another interesting way to save money is to provide an industry standard assumption. If
Re: (Score:1)
USA employers solve this by requiring workers to find their own damned accomodation.
Any real incentive to "buy american" went away when the social contract inherent in the New Deal was torn up.
Re: (Score:1, Funny)
There would also be more pollution in the environment. Keep it in China. That way it's not in the environment.
Re:time to build tech in America (Score:4, Funny)
There would also be more pollution in the environment. Keep it in China. That way it's not in the environment.
Just which planet do you live on anyway?
Re: (Score:3)
If congress instituted taxes on foreign made goods to help fund jobs in America, we'd be safer.
Like the way Smoot-Hawley kept us out of WWII?
Re:time to build tech in America (Score:4, Interesting)
Even if we assume for a moment that Smoot-Hawley caused the great depression (laughable given the size of imports/exports in relation to GDP) the Versailles treaty was going to shit long before it and the great depression ... France had already invaded the Ruhr 7 years earlier, initiating hyperinflation.
Re: (Score:3, Insightful)
Sure, break all the WTO agreements and see if SA keeps buying US bonds ... a country with energy and food independence can do whatever the fuck it wants with it's trade policies, the US not so much.
Re: (Score:2)
"If congress instituted taxes on foreign made goods to help fund jobs in America, we'd be safer."
No, you'd just be naked and gadgetless and the WTO would grant China the right to copy all the movies and music they want and sell it at will.
The WTO already gave Antigua and Barbuda the go-ahead to punish the US by violating copyrights and trademarks.
Trusted Foundry (Score:5, Insightful)
They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.
"Reasonably."
Re:Trusted Foundry (Score:5, Insightful)
They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.
"Reasonably."
There's another factor in this. A company like Huawei (founded by former members of the PRA, specifically ones from their cyber warfare capability) or H3C (owned by HP as a subsidiary, but otherwise entirely Chinese, top-to-bottom) can easily be argued to have interests that align with China. Cisco, on the other hand, is an American-founded company with American management.
If a Chinese national in China puts some nastiness into a switch/router/espresso machine that is then deployed in a sensitive location in the USA, well, it'll make a stink, but nobody will be all THAT shocked either, as the people behind it will be acting in their own nation's interests. Furthermore, they do not have the same market position in the West, and thus have less to lose economically. But if Cisco does this, they are really in deep trouble. I guarantee that the upper and middle management would have to prove their lack of knowledge of it. And that's a losing proposition right there: either you can't prove you knew about/controlled it (in which case you are now on the hook for espionage and other nasty things) or you successfully prove that you have no real control over your own products. At that point, you've proven either that you will screw your own customers AND countrymen, or that you really have no way of keeping your underlings from doing the same. So Cisco has an enormous incentive to make sure that no hanky-panky goes on at their manufacturing facilities, wherever they may be.
Re:Trusted Foundry (Score:5, Insightful)
Re: (Score:3)
"Safer" is a pretty relative term. A home user may be "safer", in the sense that their online traffic data would only go to the Chinese, who wouldn't really care about what they're doing online. For a government user, sending a copy of their traffic to China is not safer. Likewise, for a government user they don't really care if all of their traffic is being sent to the NSA, because they're the NSA. But for a home user, you probably don't want all of your traffic going to the NSA. Home users might be s
Re: (Score:3)
A company like Huawei (founded by former members of the PRA
People's Riberation Army? :p
Re: (Score:2)
A company like Huawei (founded by former members of the PRA
People's Riberation Army? :p
(grin)
I was hoping someone would catch that :)
Re: (Score:2)
They will most likely be replaced with equipment provided by vendors who are on the U.S. military's "Trusted Foundry" schedule. It doesn't matter if half the chips in those "Trusted Foundry" switches are manufactured in China - as a result of careful research, you can be "reasonably" sure they don't contain backdoors or malicious code.
"Reasonably."
They put a quark in it.
Re: (Score:2)
Re: (Score:2)
Great, now you gave away their super-secret naming convention.
You terrorist.
Re: (Score:2)
One interesting topic discussed in that very wikipedia article is you can create an economic hit on your enemy merely by plausibly claiming they have defective equipment. So China just cost the USA one zillion bucks to replace all that stuff, even if the story is just make believe.
Re: (Score:3)
China actually has nothing to do with this at all.
Computer network threatens nuclear lab? (Score:5, Informative)
A nuclear lab is, as I would imagine, a place where radioactive materials are researched in order to produce destructive levels of energy. Information generated, processed and researched in this lab should be ideally completely cut off from the rest of the World. It makes zero sense to connect this network of computing devices to the outside world and the internet, so that researchers can post to Facebook or play networked Solitaire. Security should be achieved by completely isolating this network from the rest of the World.
I do not know of any 'networking' devices from any country or vendor that does not have any vulnerabilities, or is completely immune to hacking. To imagine that non-Chinese networking devices are more 'secure' is to totally miss the point.
Re: (Score:2)
An air gap certainly makes sense in places like this, (and far more secretive places).
But that particular lab has a horrible history with security issues. Just Google Security Breach Los Alamos.
Its been far too easy to foreign nationals employed there, and security has always been pretty lax.
However one must entertain the idea that not everyone working there is entirely clueless, and they have some evidence of rogue network traffic, or some other evidence of breach, or potential for same.
After all LANL has
Re: (Score:1)
That misses the point though; can you imagine if switches were installed in such a lab with a stuxnet-style attack built in and waiting for a certain type of network traffic to pass over them to trigger?
At that point, it doesn't really matter if data is exfiltrated or if there's no way to remotely access the switches. This seems like what they're attempting to protect against, and is the kind of attack unlikely to originate from home-grown hardware. Of course, most "home grown" hardware these days has chi
Re: (Score:3)
Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems
This, coming from a nation that once rigged Zerox machines to covertly capture soviet documents, and rigged a SCADA controller to turn a gas pipeline into a 3 kiloton bomb in siberia.
Yeah, I think that's the point. It's not hypocrisy, it's making sure our own methods aren't used against us. I think you missed that point entirely. Also worth noting is that it's one thing when a country you have entirely embargoed, with only specific exceptions, steals technology from you which you then sabotage to piss in their canteen. It's another entirely when your largest economic trading partner abuses that relationship, by sabotaging the very items they worked hard to get you to buy in the firs
We know everything! (Score:3, Funny)
Dear Sirmadam President,
You might have removed our Glorious People's Technology from your nuclear reactors, but we know everything that happened in there now. The nuke codes, the aliens, the frat parties you held above the spent-fuel pool with that "Lohan" girl because the glow was supposedly aphrodisiac...pah! We're way ahead of you there! [wikipedia.org]
We have better nukes. Scalier aliens. Even more of your tech. And when we call in your debts...we'll have the blackmail videos from the party to make you pay! I hear some of your Cabinet members were...deeply embedded that day! Haaa hahaha*continues to laugh and cough all Sephiroth-like*...
On behalf of the People's Republic,
[signature]
Big Hoojie [wikipedia.org]
PS: YES WE SPELLED "SCALIER" CORRECTLY. Our aliens are like fucking Draconians, not those starved green bean dolls with potato heads and shit.
Re: (Score:2)
This should tell you something about the USA's mental health and it's constant war on everything.
FUD about Chinese networking equipment (Score:1, Flamebait)
This FUD is just weird. Why is there a FUD campaign being waged against Huawei? And who is behind it? And what's Slashdot's motive for getting involved?
(Maybe Huawei is doing exactly what the FUDsters fear, BTW. I have no idea. I just think the FUD campaign is curious.)
Re: (Score:1)
Which campaign? Huawei has documented ties to the Chinese cyber-espionage program. A foreign power likely to be a target of such a program has removed their products from sensitive locations. I don't see anyone saying "DON'T BUY FROM Huawei!!! They'll steal your WoW account to steal your gold!" or anything of the sort.
There are times when UD (Uncertainty and Doubt) are useful measures when making product decisions. I don't see anyone (other than perhaps politicians) entering into the F part.
Re: (Score:1)
The phrase "documented ties to" sounds like guilt by association. How about making a specific allegation?
If this was the only instance of anti-Huawei FUD, you would have a point. But I've been seeing it for years, related to cellphone base stations and all manner of networking equipment for civilian applications. The Heritage Foundation wrote a scare report years ago ( http://www.heritage.org/research/reports/2008/02/trojan-dragon-chinas-cyber-threat [heritage.org] ) for some reason.
This effort is being led by someone,
Re: (Score:1)
Does this answer those questions at all?
http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/Huawei-ZTE%20Investigative%20Report%20(FINAL).pdf [house.gov]
(Dated October 8, 2012)
It's Richard Nixon's fault (Score:4, Insightful)
for opening up China to trade. (granted he thought he was doing good by dividing the Communist bloc and weakening the Soviets)
Free unrestricted trade is NOT a 100% universally good thing, no matter how much our glorious corporations and econ professors tell us so.
Related story (Score:3)
Re: (Score:3)
Anything which won't be known to be a problem before you can cash out your options and stock isn't a problem. Someone lower on the totem pole rocking the boat by researching whether there are problems on the horizon is an immediate problem to be solved.
In other words (Score:3)
Cisco or Juniper just received a big contract to supply Chinese made goods from a US Brand name Manufacturer.
It just goes to show how screwed up our government is, really. If somebody in the NSA would dissect one of these systems and say "there's where the security hole is" it would be of real benefit to the rest of us who support lots of shops with a variety of gear. If there isn't anything to worry about then just tell those idiots on capitol hill to STFU! Oh wait, we're talking congress right? Never mind.
In other news... (Score:2)
Yeah? And replace with what? (Score:3)
Cisco switches are made in China, with chinese-made components - that is, the nice ASICs put in the switches, the perfect place to put the backdoors.
L-o-o-o-ng overdue (Score:5, Insightful)
Hardware and chips are about the most obvious attack vector for USA defense hardware there is. I seriously doubt that more than half of our radio transmission equipment would work 15 minutes into a conflict with China, since this too is an obvious weak point. I expect that hardware generated viruses would take out quite a bit of our tactical grids as well. It's what I would do, if I were them.
Bottom line. We can't buy *ANY* defense equipment from overseas, directly or indirectly, without increasing security risks significantly.
Not that anyone cares, of course. Politicians just want to reduce costs. So do contractors and subcontractors. Monitoring all this costs money and nobody wants to be accused of "regulation" or being against globalization, and so we seal our own eventual military doom.
Re: (Score:1)
The choices are:
Conventional precision strikes on major transformers (the same ones everyone's worrying which would be knocked out in a major solar flare)
A suitable yield stratospheric nuclear airburst - why create masses of fallout and civilian deaths when you can simply wipe out half a continent's worth of electrical grid in one go with a good-si
Re: (Score:2)
And why bother with a bomb when you can do it with a SCADA virus?
Re: (Score:1)
For all the USA military is sabre rattling about cyber-attacks. any such attack on a foreign nation which has ample resources to retaliate is a non-starter. It's much easier to simply arrange for top tier carriers to blackhole the ASNs involved.
This is already done routinely, although the usual target is hijacked netblocks and the ASNs advertising their
Reuters reports removed Red routers. (Score:2)
Alliteration.
Open Source Hardware (Score:4, Informative)
Re: (Score:2)
object White Rabbit kill all the camera and door locks.
Re: (Score:1)
Re: (Score:1)
Would they do that for all possible data transmission standards (SATA, firewire...) and all possible pins in all FPGA families? I agree at some point you have to trust someone, and this is a point I would be comfortable with.
But there are security issues! (Score:2)
This appears to be a step taken to placate a nervous Congress, rather in response to any detected security issues.
But there *are* glaring security issues, with at least some of their products.
https://www.computerworld.com/s/article/9229785/Hackers_reveal_critical_vulnerabilities_in_Huawei_routers_at_Defcon [computerworld.com]