top | item 47084551

(no title)

anonym29 | 9 days ago

How confident or certain are you of what CSME or PSP or some code in TrustZone is doing? How certain are you that not a single piece of software on your machine, be it in the kernel, userland, drivers, is performing some type of surreptitious communication with CSME or PSP or program running in TrustZone?

Do you know for sure whether PSP or CSME has ever done DMA, or fingerprinted stack/heap allocation patterns and timing, or inspected the contents of your disk (after FDE was done being decrypted, of course), to evaluate whether common packet capture software is installed, or even whether it's currently running?

Detecting spyware is one thing. Detecting surreptitious nation-state spyware that behaves differently when it's being observed is a different challenge entirely.

discuss

inventor7777|8 days ago

In my case, I don't currently have any capture software on my main computer at all.

Our routers are Asus, and so I'm able to install tcpdump and log traffic directly without the source device itself knowing anything. This makes it really easy to monitor the traffic of any device, albeit not knowing exactly what it is being sent.

But it is true that I really can't know much more than what tcpdump shows.

anonym29|8 days ago

Now, how confident are you of all of the above, but instead of for your computer, for your router?