[Cryptography] Who needs NSA implants?

Ray Dillinger bear at sonic.net
Wed Dec 9 16:40:54 EST 2015

On 12/09/2015 04:05 AM, Jerry Leichter wrote:
>>> Because diverting them will let NSA flash BIOS trojans (or hard drive
>>> firmware trojans).  All three of the issues that you mentioned are
>>> resolved if you merely wipe the hard drive upon reciept.  NSA prefers
>>> exploits that survive hard drive erasure and installation of a fresh
>>> OS of your choice.
>> Yes, but Jerry's point was that the original vulnerabilities are not
>> accidental. Does getting admin privilege on such a system allow for
>> installation of malware that survives a hard disk erasure in some
>> places or is physical access ultimately necessary to do that?
> Sure, I'll take credit for making that point.  :-)

FWIW, the hard drive trojan can be remotely installed if given
admin privileges on a Linux box.  I presume the same is true of
Windows, given that the drivers use the same underlying mechanisms
to dispatch requests.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151209/1dddf34b/attachment.sig>

More information about the cryptography mailing list