http://www.kaspersky.com/about/news/virus/2015/Equation-Group-The-Crown-Creator-of-Cyber-Espionage http://tinyurl.com/osdhxs8
A week ago, I merely worried that hard drive manufacturers could insert backdoors into the disk firmware on the assembly line. According to this Kapersky Lab report, it is worse than that. Hard drives shipped to 30 target countries can have backdoors in the hard drive firmware. Software on USB drives and CDs (such as those provided at conferences) can also add backdoors by exploiting firmware vulnerabilities in the drives. Without open hardware designs, verifiable by third parties down to the chip transistor level, software security ... isn't. If you don't own the schematic, and occasionally tear a chip down to the transistors to look for deviations from that schematic, you are trusting the chip manufacturer too much. The even more frightening thing is that a transistor level chip designer like me can add "analog hacks" that are invisible to gate level logical analysis, but can be subtly triggered to have logic-level outcomes. Bits are a myth. The EVEN MORE frightening thing ... well, I won't go there in a public forum, but you want continuous and verifiable live security camera surveillance, and surprise inspections, during some phases of wafer manufacturing, so the fab should be "open", too. If you have superb software security procedures, and pay no attention to the electronics, it is like adding a steel bank vault door to the front of a tissue paper tent. Keith -- Keith Lofstrom kei...@keithl.com _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug