If you think that a 3-letter agency is making a concerted effort to tamper with your personal computers, then you basically can't trust anything about your computers at all, forever. What makes you think that your SSD actually got overwritten? How do you really know that the firmware you flashed actually has the correct signature?
Extra hardware could be hidden inside connectors, or packaged into re-labelled chips that look exactly like what you're supposed to find. The only end to it is if you:
1. stop using computers or depending on them to control anything about your life,
2. or build a computer (and all the necessary tools, etc.) entirely from resources which you either already trust or that you circularly prove are trustworthy (you'll have to do this in a totally secure workshop so that you know nobody tampers with your work before it's complete and you've sealed the computer shut),
3. or just give up on having total trust in your computers.
I'd suggest looking around to see if you can find what procedures the alphabet soup guys are doing to their own hardware (some of it is public, some through Snowden). If they're building in backdoor, they will take steps to remove/mitigate it from their own systems.
One thing to point out, that yes, the exploits could be mass produced, but that doesn't mean your machine will be their target. So the people saying that they aren't important enough to be targeted are still kind of right.
If you're worried about three letter agencies you're really out of luck. Tampering at the factory is the least of your problems. The more tinfoil conspiracies include backdoors in processor hypervisors and possibly in silicon itself. Or possibly even backdoors in common crypto algorithms, like the defaults we use for elliptic curves. If you want paranoia levels of protection from everything you're going to need to break out VHDL and write your own cpu to run your bespoke crypto algorithms on.
avhon1|1 year ago
Extra hardware could be hidden inside connectors, or packaged into re-labelled chips that look exactly like what you're supposed to find. The only end to it is if you:
1. stop using computers or depending on them to control anything about your life,
2. or build a computer (and all the necessary tools, etc.) entirely from resources which you either already trust or that you circularly prove are trustworthy (you'll have to do this in a totally secure workshop so that you know nobody tampers with your work before it's complete and you've sealed the computer shut),
3. or just give up on having total trust in your computers.
giantg2|1 year ago
One thing to point out, that yes, the exploits could be mass produced, but that doesn't mean your machine will be their target. So the people saying that they aren't important enough to be targeted are still kind of right.
JSDevOps|1 year ago
https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa...
EricRiese|1 year ago
mecsred|1 year ago