On Wed, Feb 18, 2015 at 12:23 PM, Keith Lofstrom <kei...@gate.kl-ic.com> wrote: > http://www.kaspersky.com/about/news/virus/2015/Equation-Group-The-Crown-Creator-of-Cyber-Espionage > http://tinyurl.com/osdhxs8 > > A week ago, I merely worried that hard drive manufacturers > could insert backdoors into the disk firmware on the assembly > line. According to this Kapersky Lab report, it is worse than > that. Hard drives shipped to 30 target countries can have ....
On Wed, Feb 18, 2015 at 12:49:28PM -0800, Larry Brigman wrote: > Not just hard drives but the whole of the electronics coming out of china > in the near future. > http://www.zdnet.com/article/us-slams-new-chinese-rules-for-tech-firms/?utm_campaign=OpenStack+Now&utm_source=hs_email&utm_medium=email&utm_content=16098696&_hsenc=p2ANqtz-8xi16xIK3jwISc8800aWwOSL-U9XA5KTClYb16Hu8RWAAdEV_ORznb5jVFUHD6G1UQtVhEt4UTYTjyOQxRzbcYgu0tLQ&_hsmi=16098696 Indeed. Hard drives (and large solid state drives) are the worst, because they have the most room and can hide gigabytes of exploits for multiple OSes in the spare tracks. Chips are worse in a different way, less room for exploits but easier to hide more subtle exploits, because chips are black boxes without the expensive equipment to probe them deeply. The price of liberty is eternal vigilance. Since we are not vigilant individuals, we are not free. This is not something a responsible person can entirely delegate to others, though practically speaking we must divide the problem up into subdomains, with overlapping scrutiny and continuous re-testing. Hardware wise, I love taking physical objects apart and learning how they work. I would do the more often with chips, even huge chips such as Intel multicore processors, if there were enough people sharing the effort and expense to fill in the whole map. This is straying towards plug-talk territory, but only because the Linux community focuses on a far too narrow segment of the threat map, which actually spans from physics to psychology, raw materials to international organization. We need the source code for everything, not just the bits in a distro. Keith -- Keith Lofstrom kei...@keithl.com _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug