[Cryptography] Who needs NSA implants?

Ralf Senderek crypto at senderek.ie
Wed Dec 9 01:33:21 EST 2015

On Tue, 8 Dec 2015 John Gilmore writes:

>> (quoting Jerry Leichter)
>> Dell, Toshiba, and Lenovo PC's come with full remote access vulnerabilities out of the box.
>> Why bother diverting them?  They're already spiked.
>> http://techreport.com/news/29410/dell-toshiba-and-lenovo-utilities-expose-pcs-to-more-attacks
>> -- Jerry
> Because diverting them will let NSA flash BIOS trojans (or hard drive
> firmware trojans).  All three of the issues that you mentioned are
> resolved if you merely wipe the hard drive upon reciept.  NSA prefers
> exploits that survive hard drive erasure and installation of a fresh
> OS of your choice.

Yes, but Jerry's point was that the original vulnerabilities are not
accidental. Does getting admin privilege on such a system allow for
installation of malware that survives a hard disk erasure in some
places or is physical access ultimately necessary to do that?


More information about the cryptography mailing list