On Wed, Mar 08, 2017 at 11:42:25PM +1100, Russell Coker wrote:
If they gain physical access to your system they can mess with you in other ways, like sniffing the hardware on your keyboard.
I think that for everyone here, if the CIA becomes so interested in you that they want to do an EFI based attack you have bigger problems than you can deal with. Making your system resistant to a low-priority drive-by attack or a widespread malware attack is a reasonable goal. Being resistant to a full- scale CIA attack isn't something you can expect to succeed in, at least not if you want to keep using computers in anything like a normal way.
Any organisation that can make people disappear is not one that you can fight head on.
One thing that works in our favor is that 0day attacks are very valuable. Every time a 0day is used there is a risk of it being discovered and fixed. I expect that no-one here is important enough that the CIA would risk losing a 0day on them.
Making your PC resistant to a full scale CIA attack is like making your home resistant to a tank attack. But it's probably more difficult to do.
I don't plan to make my system resistant to a full-scale CIA attack, but I do like having a BIOS that isn't a complete and buggy operating system in itself. I think reducing the attack surface is always a worthy goal.
http://laforge.gnumonks.org/blog/20160920-openmoko_10years/
This is worth reading.
Yeah, the state of things is really bad. I did the initial port of Replicant 6 to the i9100 last year, so I'm running that on my phone. It works well enough but I still use the compromised wi-fi blobs out of convenience. It's such a headache that at this point I'm considering avoiding using a phone for things other than calls and messages. Jookia.