shipment interdiction [was: BadBIOS forensics]
Bryan Starbuck
bryan at thestarbucks.com
Sat Jul 19 18:42:12 PDT 2014
If you don’t mind saying, can you say if you are a US citizen? (Probably)
Do you work on an open source project like TOR? Do you think they do that because you do development?
I’d love if we build a profile of who they actively perform hardware attacks on. They likely repeat this on categories of people (TOR devs, employees at CAs, etc.). Even if you can give a vague category (crypto-currency vs open source file system encryption, etc.)
That one lady on twitter was a TOR dev.
I’d love us to deduce as many patterns as possible, so those people can be incredibly diligent.
Best,
-Bryan
Bryan Starbuck | Bryan at TheStarbucks.com
On Jul 19, 2014, at 5:25 PM, coderman <coderman at gmail.com> wrote:
> On Sat, Jul 19, 2014 at 5:20 PM, Bryan Starbuck <bryan at thestarbucks.com> wrote:
>> I like buying a computer in a surprise visit to an apple store or a store
>> that sells windows computers.
>
>
> agreed; on site ad-hoc cash purchases the best procurement technique.
> not infallible by any means, but at least avoids some known problems
> like this amusing scenario.
>
> (shipments from the Seattle Amazon warehouse to Kansas before delivery
> to Oregon was also funny.)
>
>
> repeat for emphasis:
> - keep chain of custody of sensitive hardware at all times
> - never procure or ship through mail. at one point, priority same day
> air would get a pass, but even this no longer suitable.
>
>
> best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3522 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20140719/3f7a9984/attachment.txt>
More information about the Testlist
mailing list