Oh and if the implant is smart, it’ll detect you’re trying to find it and go dormant.
Even more good luck! > On Jul 2, 2019, at 1:24 PM, Brian Brombacher <br...@planetunix.net> wrote: > > Hardware implants go beyond just sending packets out your network card. They > have transceivers that let agents control or snoop the device from a distance > using RF. > > You need to scan the hardware with RF equipment to be sure. > > Good luck! > >>> On Jul 2, 2019, at 12:27 PM, Misc User <open...@leviathanresearch.net> >>> wrote: >>> >>> On 7/2/2019 12:43 AM, John Long wrote: >>> On Tue, 2 Jul 2019 10:07:59 +0300 >>> Mihai Popescu <mih...@gmail.com> wrote: >>>> Hello, >>>> >>>> I keep finding articles about some government bans against some >>>> hardware manufacturers related to some backdoor for espionage. I know >>>> this is an old talk. Most China manufacturers are under the search: >>>> Huawei, ZTE, Lenovo, etc. >>> It seems painfully obvious what's driving all the bans and vilification >>> of Chinese hardware and software is that the USA wants exclusive rights >>> to spy on you and won't tolerate any competition. >>> Does anybody think maybe the reason Google and Facebook don't pay taxes >>> anywhere might have something to do with what they do with all that >>> info they collect? Is the "new" talk about USA banning any meaningful >>> encryption proof of how seriously they take security and privacy? >>>> What do you think and do when using OpenBSD on this kind of hardware? >>> Lemote boxes are kinda neat but they're not the fastest in the world. >>> It beats the hell out of the alternatives if you can live with the >>> limitations. >>>> Do you prefer Dell, HP and Fujitsu? >>> Your only choice is probably to pick the least objectionable entity to >>> spy on you. If you buy Intel you know you're getting broken, insecure >>> crap no matter whose box it comes in. Sure it runs fast, but... in that >>> case everybody is going to spy on you. >>> /jl >> >> Assume everything is compromised. Don't trust something because someone >> else said it was good. Really, the only way to test if a machine is >> spying on you, do some kind of packet capture to watch its traffic until >> you are satisfied. But also put firewalls in front of your devices to >> ensure that if someone is trying to spy on you, their command and >> control packets don't make it to the compromised hardware. >> >> Besides, subverting a supply a hardware supply chain is a difficult and >> expensive process. And if there is one thing I've learned in my career >> as a security consultant, its that no matter how malevolent or >> benevolent a government is, they are still, above all, cheap and lazy. >> And in a world where everything is built with the first priority is >> making the ship date, there are going to be so many security flaws to be >> exploited. So much cheaper and easier to let Intel rush a design to >> market or Red Hat push an OS release without doing thorough testing and >> exploit the inevitable remote execution flaws. >> >> Or intelligence agencies can take advantage of the average person's tendency >> to laziness and cheapness by just asking organizations like Google, >> Facebook, Comcast, Amazon to just hand over the data they gathered in the >> name of building an advertising profile. >> >
