<div id="compose" contenteditable="true" style="padding-left: 16px; padding-right: 16px; padding-bottom: 8px;"><div><br><br><div class="acompli_signature">Sent from <a href="https://aka.ms/qtex0l">Outlook Mobile</a></div><br></div></div>
    <div class="gmail_quote">_____________________________<br>From: John Gilmore <<a dir="ltr" href="mailto:gnu@toad.com" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="1">gnu@toad.com</a>><br>Sent: Tuesday, December 8, 2015 5:11 PM<br>Subject: Re: [Cryptography] Who needs NSA implants?<br>To: Jerry Leichter <<a dir="ltr" href="mailto:leichter@lrw.com" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="4">leichter@lrw.com</a>><br>Cc: Cryptography <<a dir="ltr" href="mailto:cryptography@metzdowd.com" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="5">cryptography@metzdowd.com</a>><br><br><br>> Dell, Toshiba, and Lenovo PC's come with full remote access vulnerabilities out of the box.  Why bother diverting them?  They're already spiked.<br>> <a dir="ltr" href="http://techreport.com/news/29410/dell-toshiba-and-lenovo-utilities-expose-pcs-to-more-attacks" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="6">http://techreport.com/news/29410/dell-toshiba-and-lenovo-utilities-expose-pcs-to-more-attacks</a>                                                        -- Jerry<br><br>Because diverting them will let NSA flash BIOS trojans (or hard drive<br>firmware trojans).  All three of the issues that you mentioned are<br>resolved if you merely wipe the hard drive upon reciept.  NSA prefers<br>exploits that survive hard drive erasure and installation of a fresh<br>OS of your choice.<br><br>      John<br>_______________________________________________<br>The cryptography mailing list<br><a dir="ltr" href="mailto:cryptography@metzdowd.com" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="7">cryptography@metzdowd.com</a><br><a dir="ltr" href="http://www.metzdowd.com/mailman/listinfo/cryptography" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="8">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br><br></div><div class="gmail_quote">You have to divert the dells.etc or else folk could use Diversion as an oracle for has vulnerability</div><div class="gmail_quote">Seems qnap is secure..,</div>