Kokos 💠
cR0wI don't know, I'm beginning to think the bans are not really about security... 
https://therecord.media/fcc-pushes-ban-on-updates-to-foreign-routers-drones-2029
ℂ𝕖𝕝𝕖𝕤𝕥𝕖@rogue_cells There seems to be a lot of actions taken against their own people.
RootWyrm 🇺🇦
@rogue_cells @cR0w it is. There's somebody with more than 3 brain cells behind the scenes who knows they can use this to implement China-scale censorship and surveillance.
You want to sell your gear in the US? You block what they say when they say it and send everything to this place without asking any questions.
You want to sell your gear in the US? You block what they say when they say it and send everything to this place without asking any questions.
@rogue_cells @cR0w they've already made it part of mergers and acquisitions. You want the government's blessing, then you will censor what they tell you to and say what they tell you to. Or they will block it and make your life a living hell.
renegadespork@cR0w Isn't basically every router "foreign made"? I don't think any router is 100% US made.
Seems like they just don't want those NSA zero-days patched.
"Miss Movie Masochist"@cR0w Funny how that's a year after the next pres election.
Kusuriya (kk7hut)@socketwench thats assuming we have another election in the US, I mean the way things are going right now Im sort of sus that that will actually happen. @cR0w
Zimmie@cR0w > The agency also extended a deadline for foreign-made drones to continue receiving software and firmware updates to January 1, 2029 from January 1, 2027.
First, I remain curious why so many people write sentences like that which go backwards in time as you progress through the sentence. Financial news is always like that, too. “Price target adjusted to ____ from ____”. Ridiculous.
Second, that reads like the FCC is saying drones *must* receive software updates until at least 2029? My understanding is the opposite.
@bob_zim I skipped the stuff about the drones because I just don't care enough but I would not be surprised if there are contradictions in there. That seems to be the way of this regime.
@cR0w The FCC notice is painful to read. This is my interpretation of it:
2025-12-22: The FCC changes rules to prohibit import of foreign-made UAVs.
2026-01-21: Waivers are issued to allow UAV vendors to continue updating devices already in the US. These waivers expire on 2027-01-01.
2026-03-23: The FCC changes rule to prohibit import of foreign-made routers. Waivers are issued to allow vendors to keep updating routers until 2027-01-01.
2026-05-08: All the waivers’ expiration is pushed back until 2029-01-01, and the division of the FCC which issued them (the OET) is recommending the rules be changed to allow updates forever without a waiver.
AA
Vivante Kobold
Nick W.Do you know the history of Huawei? They were one of the first companies that triggered warnings over a decade ago about people embedded inside the Chinese government and also associated with Huawei installing software-based backdoors accessible via commonly used ports on Huawei routers. The effort by the US federal government to stop this has further branched out to blocking the import of chips manufactured in China for American-designed IoT devices and routers.
At the present time in cybersecurity with a haphazard US government plugging as many leaks in the form of global and domestic crises and overburdening itself with respect to the Iran War and the situation in the Middle East — two disparate but related elements within the US government can be mutually exclusive — unfortunately. My view about this is they need to form a plan and stick to the plan through using political mechanisms.
The FCC doesn't want back doors around. They are citing existing Import/Export controls [1] and they want to protect (or would /prefer/ to protect, rather) America's intellectual property from being exfiltrated through the software back doors. The White House is for the most part now detached from public reality, sadly. Although the article says that the trump admin is supporting this effort and it does really matter in the end what Donald Trump understands about technology. The President holds the veto pen in Congress.
[1] - "U.S. Commerce Department's Bureau of Industry and Security (BIS) maintains the "Entity List" of blacklisted firms under export control restrictions. This list has grown nine-fold over the last decade to nearly 1,200 entities, as hundreds of companies from China's #Huawei to Russia's Gazprom were added. Executive Order 13783 added Huawei and 68 Huawei affiliates across 26 destinations to the Entity List in May 2019"
@iamnickw You sure seem to give the regime a lot of benefit of the doubt. But this bit made me actually LOL:
The FCC doesn't want back doors around.
The FCC DGAF about that. Do you really think they would have let the telecoms sweep the Typhoons under the rug like they did if they cared about anything security related?
@cR0w I am Gen X. I think you're younger and your immaturity is showing a little right here. I'm done now.
Pauliehedron ✅ 
Viss
Kg. Madee Ⅱ.
cafeinux
Two? foxes in a trench coat@iamnickw @cR0w Do you know the history of Cisco? It's an usa firm. They repeatedly put hardcoded credentials into their software the user can't change and can't normally see, security researcher finds it and then they patch those "bugs" (or not, if the product is past its EoL).
Here are a few of them, all high or critical severity:
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20180328-xesc.html
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-csm-rce-8gjUz9fW.html
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20151104-mse-cred.html
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-ise-aws-static-cred-FPMjUcm7.html
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20190313-cspcscv.html
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-cssm-sc-Jd42D4Tq.html
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-on-prem-static-cred-sL8rDs8.html
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-rv110w-static-cred-BMTWBWTy.html
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20160629-fp.html
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20170607-dcnm2.html
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9
Like - there are 76 of those when you search for "Static Credential Vulnerability" at search.cisco.com and narrow it down to bug info category - starting at 2011, ending at 13 February 2026.
How many times could a company reasonably forget about putting hardcoded credentials in their software? Once? Twice? Fuckin' 76 times and probably counting? Doesn't that look dodgy in the slightest? If it doesn't ring a bell, don't really know what would.
Cisco IOS XE Software Static Credential Vulnerability
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Dan
Nu Modular@cR0w Putting the squeeze on #RootInfractructure by #TechBros and their #USpol cronies, goes hand-in-hand/Venn's to major trade routes like China, and other artificially manufactured opposition. Further entrenchment of false amplification of direct opposition, keeps subservience in place to serve #Capitalism #greed.
Break the fake. Graduate the #brainwashing. Replace #AbusivePower with ethical #RootInfrastructure #scientists.
The Turtle@cR0w 2027 was too soon for trump to figure out how to siphon money off of this somehow.
@the_turtle You're giving the individual too much credit. It's a whole class of people doing it.
@cR0w he's s a convenient figurehead, or figureanus.
@the_turtle That's kind of mean to butts, don't you think?
Bee O'Problem 
@cR0w @the_turtle they both spew hot gas and shite 🤷
@beeoproblem @the_turtle That's fair. But one is funny and the other is cringe.
Panderito 
@the_turtle @cR0w THIS, for every single thing. Giving too much credit to a decaying, old, orangey common thief trying to set up his family by common bribery.
The people taking advantage of the situation by using their bribe-rights, those are the ones messing all up.
@alfabravoteam @cR0w yeah trump hisself is amateurish, but he paves the way for more, better corrupts who are smart enough to at least try not to get caught. Kinda like how Nixon showed Reagan/Bush the way, indirectly.
AlgoCompSynth by znmeb 🇺🇦@cR0w So what you're saying is that we all have to buy our own US made SBCs and run our own ***routers*** now? I DID NOT VOTE FOR THIS AND NEITHER DID MY SENATORS!!
FurryBeta@cR0w If they were serious, they’d be banning the cheap WiFi cameras. My MiL bought us a bird feeder with an AICam and requires an app. Everything goes thru China, except the subscription payments (Shopify, iirc) and even that might.
The Eufy security cam I bought was better in that it talks to US AWS servers, but still an update could easily send it all back to China.
These things could easily do DDoS attacks and much more
@cR0w As far as where the data goes (US or China), I’m just about in the “they’re the same picture” stage. The US has laws, but as we’re finding out, the laws are woefully outdated as far as tech goes.
@FurryBeta They aren't the same to me. US is much more prevalent in my risk model than CN is because I'm in the US.
Troed SångbergThe CRA in the EU, when it goes live, will do this. All those products have known security exploits and you won't be allowed to sell products that has that.
... if things work out as we hope ...
@FurryBeta @cR0w "These things could easily do DDoS attacks and much more"
*coughMiraicough*
Fritz Adalis@cR0w
I dunno, deferring implementation of something is done in security all the time.
I dunno, deferring implementation of something is done in security all the time.
Robert [KJ5ELX] @cR0w .... and I quote myself "WTAF".
Sraars@cR0w real odd that I had never heard from netgear in years (old orbi system) and then I did after they were “approved”.
crispy branzino ☭ (sold out forever)@cR0w "The router deadline, originally slated for March 1, 2027, has been pushed back to at least January 1, 2029, according to the announcement from the FCC’s Office of Engineering and Technology (OET).
The agency also extended a deadline for foreign-made drones to continue receiving software and firmware updates to January 1, 2029 from January 1, 2027."
This is largely about a fading empire doing anything it can to desperately assert some means of "control" over an otherwise completely non domestic market it has lost for decades with no hope of regaining.
The agency also extended a deadline for foreign-made drones to continue receiving software and firmware updates to January 1, 2029 from January 1, 2027."
This is largely about a fading empire doing anything it can to desperately assert some means of "control" over an otherwise completely non domestic market it has lost for decades with no hope of regaining.
tekhedd@cR0w But that's so ... cynical! In order to suspect something like that, you'd have to believe that the CIA and NSA would want backdoors so they can spy on their own people. And what evidence have you ever seen suggesting that that they have ever done this, or would want to now?
