Catalog of NSA compromised equipments
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Thu Jan 2 19:40:07 UTC 2014
On Wed, Jan 01, 2014 at 11:13:59PM -0500, D. Hugh Redelmeier wrote:
> Terrorism is a big distraction. It isn't really important in the scheme
> of things, as long as you exclude self-inflicted wounds (what I liken to
> an auto-immune disease). 3000 people were killed in the horrible
> September 11 event. As I understand it, order-of-magnitude a million
> people are involved in US spying etc. Seems disproportionate.
>
> More than 10 times as many people are killed each year in the US in
> traffic accidents.
> <http://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year>
> Do they put 10 million traffic cops on the case?
> Oh, but wait, Sept 11 was a dozen years ago. So I guess that the
> comparable figure would be 120 million traffic cops.
>
> Fear of terrorism is used to elect politicians, to build empires, and to
> justify all sorts of things I think of as wrong. All the way up to
> intrusive copyright enforcement (I'm not joking about that -- it happened
> in Canada with our equivalent to the USA PATRIOT act).
Oh absolutely. It's all about appearing to be doing something about
the scary terrorists, not about doing something about real problems.
> I think I saw something for an iphone; too lazy to check.
Yes iphone is mentioned.
> In that era, Apple computers were fairly uncommon. (As are Linux
> desktops.)
>
> Why do you conclude this? Juniper products seemed to be
> disproportionately mentioned, for example. I doubt that Vendors whole
> chain of command would be in on any subversion.
Juniper makes large routers, and hence good targets. Being x86 PC
hardware inside with intel CPUs with SMM support with freebsd running
on them probably just makes them easy targets too.
> Not my area. But in theory many different exploits could turn into
> BIOS flashings (notice that you don't need to flick a switch to enable
> flashing?). Those subversions would be persistent. SMM (System
> Management Mode) provides an easy way to make the result omnipotent
> and hard to observe.
SMM is an absolute disaster. Stupid thing to have invented, all just
to save a few cents per box in hardware. Makes winmodems seem like a
good idea in comparison.
--
Len Sorensen
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list