[Cryptography] Who needs NSA implants?
Ralf Senderek
crypto at senderek.ie
Wed Dec 9 01:33:21 EST 2015
On Tue, 8 Dec 2015 John Gilmore writes:
>> (quoting Jerry Leichter)
>> Dell, Toshiba, and Lenovo PC's come with full remote access vulnerabilities out of the box.
>> Why bother diverting them? They're already spiked.
>>
>> http://techreport.com/news/29410/dell-toshiba-and-lenovo-utilities-expose-pcs-to-more-attacks
>> -- Jerry
>
> Because diverting them will let NSA flash BIOS trojans (or hard drive
> firmware trojans). All three of the issues that you mentioned are
> resolved if you merely wipe the hard drive upon reciept. NSA prefers
> exploits that survive hard drive erasure and installation of a fresh
> OS of your choice.
Yes, but Jerry's point was that the original vulnerabilities are not
accidental. Does getting admin privilege on such a system allow for
installation of malware that survives a hard disk erasure in some
places or is physical access ultimately necessary to do that?
--ralf
More information about the cryptography
mailing list