Oh and if the implant is smart, it'll detect you're trying to find it and go dormant.
Even more good luck!
> On Jul 2, 2019, at 1:24 PM, Brian Brombacher <brian@planetunix.net> wrote:
>
> Hardware implants go beyond just sending packets out your network card. They have transceivers that let agents control or snoop the device from a distance using RF.
>
> You need to scan the hardware with RF equipment to be sure.
>
> Good luck!
>
>>> On Jul 2, 2019, at 12:27 PM, Misc User <OpenBSD@leviathanresearch.net> wrote:
>>>
>>> On 7/2/2019 12:43 AM, John Long wrote:
>>> On Tue, 2 Jul 2019 10:07:59 +0300
>>> Mihai Popescu <mihscu@gmail.com> wrote:
>>>> Hello,
>>>>
>>>> I keep finding articles about some government bans against some
>>>> hardware manufacturers related to some backdoor for espionage. I know
>>>> this is an old talk. Most China manufacturers are under the search:
>>>> Huawei, ZTE, Lenovo, etc.
>>> It seems painfully obvious what's driving all the bans and vilification
>>> of Chinese hardware and software is that the USA wants exclusive rights
>>> to spy on you and won't tolerate any competition.
>>> Does anybody think maybe the reason Google and Facebook don't pay taxes
>>> anywhere might have something to do with what they do with all that
>>> info they collect? Is the "new" talk about USA banning any meaningful
>>> encryption proof of how seriously they take security and privacy?
>>>> What do you think and do when using OpenBSD on this kind of hardware?
>>> Lemote boxes are kinda neat but they're not the fastest in the world.
>>> It beats the hell out of the alternatives if you can live with the
>>> limitations.
>>>> Do you prefer Dell, HP and Fujitsu?
>>> Your only choice is probably to pick the least objectionable entity to
>>> spy on you. If you buy Intel you know you're getting broken, insecure
>>> crap no matter whose box it comes in. Sure it runs fast, but... in that
>>> case everybody is going to spy on you.
>>> /jl
>>
>> Assume everything is compromised. Don't trust something because someone
>> else said it was good. Really, the only way to test if a machine is
>> spying on you, do some kind of packet capture to watch its traffic until
>> you are satisfied. But also put firewalls in front of your devices to
>> ensure that if someone is trying to spy on you, their command and
>> control packets don't make it to the compromised hardware.
>>
>> Besides, subverting a supply a hardware supply chain is a difficult and
>> expensive process. And if there is one thing I've learned in my career
>> as a security consultant, its that no matter how malevolent or
>> benevolent a government is, they are still, above all, cheap and lazy.
>> And in a world where everything is built with the first priority is
>> making the ship date, there are going to be so many security flaws to be
>> exploited. So much cheaper and easier to let Intel rush a design to
>> market or Red Hat push an OS release without doing thorough testing and
>> exploit the inevitable remote execution flaws.
>>
>> Or intelligence agencies can take advantage of the average person's tendency to laziness and cheapness by just asking organizations like Google, Facebook, Comcast, Amazon to just hand over the data they gathered in the name of building an advertising profile.
>>
>
No comments:
Post a Comment