> http://www.reuters.com/article/2015 /02/17/us-usa-cyber

Hey it looks like RMS was right about proprietary software

Again

No, you've wasted your life.

Linus sold his soul to the US government in exchange for citizenship for himself, his wife and kids.

>>46600719
We've been discussing this over at /pol/
>>>/pol/spying

>>46600730
Where can I get a machine with no proprietary software on it that's like somewhat usable?

HAHAHAHA AMERICA IS FUCKED!!!!!!!!!!!

This is at the hardware level now idiots.

only remaining option is custom hardware

>>46600796
The thinkpad T60/X60 supports coreboot so it's stallman approved. As for hard drives that don't have propriertary firmware- I'm not sure even stallman goes that far.
But old hard drives are likely to not have backdoors. Because back then the NSA didn't know that they could just get away with whatever the fuck they wanted.
Seriously, everything they are doing is being blown open and no-one gives a shit. No-one was jailed, no-one was fined, nothing.
30 or so years ago a president spied on 3 journalists in a hotel and there was a massive fucking outroar. He was impeached.
Nowadays the president is spying on every journalist in the world, all the time AND NO-ONE GIVES A SHIT

>>46600719
>The disclosure could hurt the NSA's surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden. Snowden's revelations have upset some U.S. allies and slowed the sales of U.S. technology products abroad.

>The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.

>USA literally shooting itself in the foot again and again

top kek

>>46600719
At this point I don't even care anymore.

>>46600918
I like how the attitude is usually 'blame snowden for telling them that we can't be trusted' instead of 'we shouldn't have been so fucking untrustworthy'.
Keep the backdoors secret instead of not doing them is how you get people to trust you.

>The NSA declined to comment on any allegations in the Kaspersky report. Vines said the agency complies with the law and White House directives to protect the United States and its allies "from a wide array of serious threats."

tip top lel

>>46600837
No, America IS a fuck.
They're less free than North Korea at this stage.

>>46600854
I've been saying surveilance is done at the hardware level for years, and you fools were just like "you're being overly paranoid"

>>46600891
Nixon resigned. And back then the espionage was to gain political leverage.
Nobody cared about the public then, nobody does now.

>>46600949
If you actually believe that hyperbole you're retarded. And hyperbole like that is a nice strawman for people to knock over and reinforce their delusion that nothing is wrong.

>>46600854
It's always been at the hardware level, but it's easier at the software level so that's where the most of the focus is. This is a niche application.
These kind of things are fun to use but it's a real pain to manage. Mine only works for seagate drives since I'm not really bright enough to make something as complicated as this. For me it's just pointless project to waste my time on.
>>46600948
They sent a statement to Ars.
>>46600956
Anyone who actually tried it themselves knew but most of /g/ obviously can't.

File: 12341234.jpg (182KB, 498x338px) Image search: [Google]

182KB, 498x338px

>>46600964
North Koreans know their govt is fucking them over and they care.
Americans just carry the fuck on as per usual.
Muh distractions.

>>46600956
I don't think anybody disagreed with you, anon. It's just that everybody thought the hardware backdoors were limited to CPUs. Turns out literally everything in your computer is communicating with the botnet independently.

>>46600949
marjuana is 100% legal in north korea

NK 1 : USA 0

>>46600962
And then nixon got let off the hook by the next president.
Same shit happened to W Bush. Lied about WMD in iraq (I know, old story, but he straight up lied), and obama came into power and did fucking nothing. No investigations, nothing.
He's from the opposite party, but he's motivated to not damage the other party?
Sounds like something is a little fishy.

It's like everything is one big circlejerk funded by corporations.

File: theinternetofthings.jpg (283KB, 1300x780px) Image search: [Google]

283KB, 1300x780px

>>46600984
>Turns out literally everything in your computer is communicating with the botnet independently.

>>46600980
>North Koreans know their govt is fucking them over and they care.
actually, I think the whole point of a personality cult is to distract the people from how dire other more pressing issues actually are. that and NK badmouthing the rest of the world through their press and press releases makes me think you're pulling this out of your ass.
>>46600991
>POELTIKS RIGG GUBMEN IS EH SHAM
just turning 13, huh?

>>46601012
>Distracting from the real issues
>Badmouthing other countries
Wow.

>researchers lay claim to finding this info about these so-called hardware backdoors
>profess almost immediately "we can't even tell which hard drives are infected with this malware because it's so cleverly hidden"
>says they found something, then immediately says "we can't find it..."
>this smacks of some fucked up logic
>reminds me of Jesse Helms: "I may not be able to define porn, but I know it when I see it..."
>"we can't find this malware, but we know it's there..."

I smell some pretty serious bullshit going on, folks.

>>46601001
>in the near future even your fucking shoes will be part of the botnet

>>46601032
>NK portrays other countries as being hellholes so their cesspool of starvation and cruelty doesn't seem so bad
something the matter, officer?>>46601042
>>46601042
no shit. reuters is clickbait.

>>46601012
>just turning 13, huh?
Go vote for the next Obama, shitstain.

did the last big thread 404? that had its good moments

File: shoebotnet.jpg (43KB, 531x411px) Image search: [Google]

43KB, 531x411px

>>46601048
>implying shoes haven't been part of the botnet since the 70's

>>46601059
Do you really think you've figured out U.S. politics?
I don't see you holding anarchistic rallies or assassinating political figures

>also for your conspiracy hording pleasure
>the floods in Thailand a few years ago did not hurt the hard drive industry as everyone was led to believe
>the NSA needed a few hundred million hard drives to get that new data center in Utah up and running - yes, I'm serious, several HUNDRED million hard drives
>they depleted the world's supply of hard drives in the process for several months
>think I'm fucking crazy to say this
>do your research on shipping from Thailand to the ports of Los Angeles, San Francisco, and San Diego during that several months long period of time
>you'll find a pattern of container ships coming from Thailand with no declared purpose
>the purpose was fulfilling the secretly ordered manifests for a few hundred million hard drives
>all the info is out there, people

>>46600991
>he's from the opposite party
I seriously hope you guys don't believe this

File: Ubuntu-Logo.png (219KB, 1600x1600px) Image search: [Google]

219KB, 1600x1600px

>>46600730

>>46600991
>W Bush. Lied about WMD in iraq
[citation needed]

File: 456456456.jpg (117KB, 640x480px) Image search: [Google]

117KB, 640x480px

>>46600719
>russian researchers

I stopped reading there

>>46601087
Oh sorry, I said 'he' but I was talking about obama.
My thought process skipped a step.

>>46601076
I'm not even american, so there's my excuse for being slow.
But american foriegn policy is incredibly influential in global politics. When America collapses under the weight of its own military spending, it's going to take the rest of the world down with it.

>>46601125
>When America collapses under the weight of it's own freedom, it's going to take the rest of the world down with it.
FTFY

>>46601110
Do you not remember the whole hullabaloo? Bush was recorded to say, in speeches, that WMDs were in iraq.
Then they couldn't even find enough evidence to fake that there were WMDs there. They said "whoops sorry guys" and nothing happened.

>>46601052
>reuters is clickbait

HAHAHAHHAHAHAHAHAHA

DENIAL IS A RIVER IN EGYPT

>>46601138
being wrong doesn't mean he was lying

>>46601136
Freedom isn't free, it costs half of your GDP

>>46601125
I know, I meant democrats and republicans are the same

>>46600719
>Is my Linus Machine safe?
no that's the point, it works OS independent

>>46601154
you do realize his stupidity was an act to make him more relatable to the everyman, right?

>>46600730
No. He never is right.

>>46601166
>dodging the issue

Man, APTs are fast becoming a daily threat. We really are getting the cyberpunk future Gibson promised us.

A year ago Stuxnet stood out as the only major (discovered) targeted attack of it's caliber. Now Kaspersky have published details of both this and the Carbanak bank attack within days of each other.

The stunning thing is the tools that they're using now have nice C&C interfaces too, like something you'd build for any old client.

>>46601174
I was just pointing that out, also the reason we knew they had wmds is because we're the ones that supplied them

>>46601180
We're already living in a cyberpunk future, just not the one Gibson had imagined.

>>46601154
Then he should get punished for being wrong. Do you have any feel for how many billions of dollars of your money, how many american lives he pissed away on being wrong?
You think there should be some sort of mechanism so that he'd actually double check if there were WMDs there, before killing thousands of americans and running up a tab of hundreds of billions of dollars, and stirring up the hornets nest that is the middle east.
Something just to act as a disincentive to not be wrong again.
"It's not murder your honor, it's manslaughter"

If the backdoor is disclosed how do they stop malware using it now?

Or was the detection method something like "if we put blank machines at targeted locations any with these hard drive models are infected by an unknown exploit"

Presumably if you could place test machines at russian and iranian networks that are targeted you could slowly replace 1 part at a time to determine which hardware allows the malware to propegate but still not know how the exploit works.

>>46601122
kek

>>46601308
there is no escape

big brother is watching you, always, protecting you, keeping you safe under his watchful eyes

privacy is terrorism

surveillance is freedom

Remember if your neighbor wants to keep his life private, you should be scared of him. Always be scared of your neighbors. They are the enemy.

>Russian researchers

>valuable sauce

kek

>>46601350
Most people don't really like freedom.

>>46601373
Yes, don't trust those filthy reds. Trust us, the US government, who just wants to protect you from terrorists/gays/communists/chinese/japs/spics! We're spying on you for your freedom, to keep you safe! So you can go to bed at night, with that lovely wife of yours, without a care in the world.

>>46600719

I feel like my macbook is safe.

Am I wrong /g/?

>>46601417
It just werks.

File: 4bf6f6703a.jpg (32KB, 580x360px) Image search: [Google]

32KB, 580x360px

So humanity, it appears that Horus has defected and is trying to portray the Imperial administration as malevolent and overbearing.

How can you not trust us? Have we not protected you? Have we not kept the Orkish hordes at bay long enough for you to live out your pathetic little lives? Do we not give you the freedom to fornicate as you please and choose what style of pigpen you live in?

Our power must be expanded in order for you to maintain the standard of living that you are accustomed to. Our systems of administration will become increasingly complex. Those of you who are not software engineers are already unable to understand how we watch you and what we are going to do with the information.

Quis custodiet ipsos custodes?

No one. We are above the law and we are above you. We are the Illuminati. Most of you have become fat and soft. Your testosterone levels are at an all time low. You are the most docile subjects that any Imperator has ruled.

You know you will go quietly. You know that when the key is turned on this tyrrany you will not protest. You will be too busy enjoying the thousands of simple and complex pleasures we have made for you in this wasteland. You will amuse yourselves to death as we shackle you.

Those of you young enough to read this will not be that alarmed by the changes to come in your lifetimes. Public institutions have been run as tyrannies for generations and a substantial minority of you come from countries that already have despotism. You have already been conditioned to accept what is coming.

But is there any one thus intended by nature to be a slave, and for whom such a condition is expedient and right, or rather is not all slavery a violation of nature?

There is no difficulty in answering this question, on grounds both of reason and of fact. For that some should rule and others be ruled is a thing not only necessary, but expedient; from the hour of their birth, some are marked out for subjection, others for rule.

>>46601161
but that's more or less impossible
the WHOLE POINT of the OS is that it provides an unified interface (within its environment) between different devices
you can't just write a section of binary code that says "send this chunk of data to the output memory section of the device connected to the internet", for a variety of reasons:
- which of the 10 usb/PCI slots is the internet service device connected to?
- If we know device X is connected to the internet, what are the opcodes and formats for the device? Interrupts? How do you "interpret the device"?
- Running a program from the hard drive without using RAM space is impossible - even page files eventually need to be loaded into the RAM to be accessed by the CPU, how does this program avoid its memory section being viewable in the OS, or worse yet - come into concurrency problems with it?
I mean I know I only have a bachelors but this shit stinks. It's possible that the hard drive itself has a pre-loaded OS that behaves as a middle-man between the OS you install and your computer, which would also happen to explain some of the weird shit that everyone complains about (for starters we might have a reason for "why is my terabyte hard drive not really 1024GB" beyond costcutting assholes), but then you would have to somehow conceal boot sector data and that's a whole other can of worms.

Anyhow I'm just excited because of the implications for this. If America had concrete evidence for chinese corporate espionage and have done nothing to stop it while holding full monitoring capabilities (i,e. they could've stopped it but they chose not to), it could only mean that America WANTS china to steal its technological advances and become a rivaling superpower.
That would be HUGE.

>>46601391
>Yes, don't trust those filthy reds. Trust us, the US government

How about trusting neither of them, imbecile?

>>46601505
It would probably still target windows even if it is a hardware level exploit. Realistically every government is run by people too old and computer illiterate to understand how the potential issues with windows might impact security. I can't think of a single country that has managed to remove windows from all sensitive government networks.

As for China using the exploits it's probably the same, the NSA would know they can't convince every US department and contractor to dump windows for secured systems all they can do is limit the damage on the few sensitive things they can't let China know.

File: 1403571898758.png (443KB, 663x556px)

443KB, 663x556px

Daily reminder that USA and Obama is the biggest threat to mankind at the moment.

Boycott McBurger Country and the left-wing Obama government.

>>46601997
>implying the right wing isn't also a problem
2 sides of the same shekel

>>46601997
>blaming wings
>instead of the bird
Obama is just doing what bush did
Bush is just doing what clinton did
clinton is just doing what Bush Sr did
Bush Sr was just doing whatever the guy before him did

And whoever comes after obama will just keep on doing what obama was doing.

Obama platformed on 'change'. But the change that most people had in mind wasn't 'More of the same, but accelerated'

we need GPLed hardware

>>46600719
i have nothing to hide

are the free software cunts in this thread pretending to be retarded or are they actually this stupid?

File: 1423813284296.jpg (59KB, 500x509px)

59KB, 500x509px

suddenly feel awesome for using my ancient 12gb IDE drives

File: 1424109000001.jpg (84KB, 595x604px)

84KB, 595x604px

>Russian researchers

lol

https://www.youtube.com/watch?v=gtpmY96knkk

Good job reuters for putting "Russian" at the very beginning of an article dealing with the most advanced cyber-terrorism (this word has a completely new meaning now) devices known to man.

Privacy concerns my ass.
This is the nuke of this century. The way it is put it can deal with a large part of worldwide industrial automation.
All sorts of factories and plants worldwide at the mercy of an organization.
Pollute entire areas, poison water supplies and the likes. All from an armchair anywhere on the globe.

>>46600730
Rms or Saint an/gnu/cius warned us all along.

More tech jobs going to Asia and Europe thanks to the NSA.

All those people itt that don't want to stop the terrorists.

>>46600719
i've got 750 gig Hitachi
Am i safe, /g/?

>>46600719
We've made our bed, now we must lie on it.

Fortunately I have tons of DVD-R with me.

>>46601505
If They Would want to make China a rivaling superpower it Would be fucking 1984 which is totally ridiculous because America cares about freedom and is totally against everything communist

Wait

>>46600730
>tfw withouth his ideas no one would invent this

>says theres spyware in hdd firmware everywhere
>offers a tool to remove saída spyware
>tool actually infects hdds with eurasian spywares

I'm not falling for this

>>46600977
>links to other posts
>talks totaly diferent shit
are you a shillbot?

>>46600980
But us Americunts have to have our football, yo! Not that euro-soccer shit neither.

File: 1349846714423.png (258KB, 421x500px)

258KB, 421x500px

This makes me nervous /g/. All I have on my hdds is my Chinese cartoons and legally purchased vidya games.

What do I do /g/?

Is there a detection tool? Is re flashing possible?

Offline PC is the only way now.

>>46602989
Flash memories can also be infected and used to carry the virus to the offline computer, where it installs and gathers information which is sent back to the flash, so that when you later use it with an online computer, they can get all they want to know about your offline machine. Read up, it's in the article.

>>46600719
>All Hard Drives have trojans in their firmware?
No?

Did you even read it? It's pretty scary, but not every hard drive has a built-in trojan you retard.

>>46603036
Yes, I know that, I should've write about physical isolation too.

>>46602694
Nice punctuation, you fucking inbred piece of shit.

>>46600719
If you don't want to be spied on, please destroy all of your electronics and live in a cave.

File: 540730a73c0e1bc8feef5def.jpg (178KB, 1174x796px)

178KB, 1174x796px

>>46603036
Nowhere to run, nowhere to hide.

Time to go full Amish.

>>46602180
Most all of the tools that have been found are passive tools that either gather intelligence or steal money etc.

Malware that creates effects are relatively rare, and the ones that do are incredibly purpose built. We aren't quite ready yet for the "sky is falling" rhetoric when it comes to kinetic cyber effects. That isn't to say that those in charge of ICS systems and other critical infrastructure shouldn't be taking a very hard look at their security.

>>46603073
http://youtu.be/lOfZLb33uCg

Honestly? Why not be more AFK since all hardware and software sucks?

>>46600719
I really have no idea how people didn't realize that this was going on before these discoveries. There is a ubiquity of work out there around firmware-embedded malware; DMA allows firmware to do basically anything to the exposed system.

>come on /g/

File: hmmmmmm.gif (22KB, 299x381px)

22KB, 299x381px

So the question on everyone's mind is:

Is there someway around this?

>>46603127
back to punch cards

>>46602982
See >>46602853

>>46603127
>>46602989

>>46603136
Don't see jack shit besides the meme arrows.

>>46603127
firewall
If this were common, it would be noticed right away by anyone competent.

>>46603113
Then all this talk about free software, linux and freedums on this board is pure horseshit, since all hard drives already have firmware backdoors.

You guys are like arguing over which HTML preprocessors are best and respect your freedums, when you're getting backdoored with stuff written in assembly.

>>46603144
How often do you actually go through your firewall/routing logs?

>>46603127
Yes, Face-2-face comms & OTP with a good authentication/handshake system.

>>46603141
It's a ruse. Don't fall for it. It's the oldest trick in the book.

File: average aryan girl.jpg (120KB, 800x1200px)

120KB, 800x1200px

guys, does this mean NASA knows i have music files on my computer that i don't hold a copyright license to? am i going to die?

>>46603148
>you guys
>like /g/ is one person

In some cases specialist software can detect (but may not be able to remove) this type of malicious software.

The firmware can, in most cases, block any further updates to itself coming from the host system.

>>46603079
I read a book on Stuxnet the other week. It described a test in the US. They (NSA I think it said, but FBI and CIA also did this stuff) did a demonstration in front of Whitehouse officials where they caused a massive generator the size of a shipping container to wrench itself apart. Over the internet.

I think Stuxnet is the only live example of physical harm being done to hardware, and that was so targeted that it's almost easy to ignore the implications. But it's not just physical harm, look at Carbanak, news that broke just this past week of a billion dollars being stolen. Simply by RDPing into bank teller's work stations and pressing the "dispense ATM money" button. No exploit, just debug functions, which were gained access to by an old Outlook vulnerability and email phishing.

2 years ago I didn't take cyber warfare seriously, it sounded like a dumb Hollywood term. I thought it would be limited to information gathering. With the growing "Internet of Things" (just look at https://www.shodan.io/), it's not hard to envisage a dystopian cyberpunk future where this stuff can affect us directly.

Government entities hoard zero days, and create easy to use Command & Control software. With zero days acting like homing missiles, and patched vulnerabilities acting like cheap ammo for scattershot untargeted attacks on unpatched machines, you add your fancy payload and you have a weaponised, easily deployable cyber attack that you can control and change on the fly.

>>46603182
>In some cases specialist software can detect (but may not be able to remove) this type of malicious software.

atleast 12 years it was going un-noticed.
so yeah no.

>>46603183
>read a book on Stuxnet
Was the book you read "Countdown to Zero Day"?

Just wondering because I thought that book mischaracterized a lot about the way zero day trading is done.

>>46603182
What kind of specialist software? Stuff made in-house by IT security companies for their own use?

>>46603183
>I think Stuxnet is the only live example of physical harm being done to hardware, and that was so targeted that it's almost easy to ignore the implications.

Is this what you tell yourself at night?

http://youtu.be/SMy2_qNO2Y0?t=1m49s


:^)

>>46603211
>so yeah no.
Did you even read the article? Kaspersky has written software that was able to detect some types of this malware.

>>46603218
See above

>>46603234
after 12 years yes.
they might already have deployed new malware that is not detectable by that tool

we were told, but we did nothing

I always wondered why hard drives had so many platters...

>>46603234
On the other hand... Kaspersky is a Russian company. Do you really think this disclosure is not part of an intelligence warfare between the Russian agency FSB and the USA?

Because lately Russia has been hit hard by economic sanctions initiated by the EU and USA, so this could very well be Russia's way of retorting by using a "private" Russian company to disclose how the US is spying on the rest of the world. It' can't be a coincidence that they are disclosing this just now.

Also, Snowden can't be a stranger from this disclosure. A former NSA employee which took refuge in Russia, where Kaspersky's headquarters are... Everything fits together more than nicely.

>>46603265
>not detectable by that tool
I can tell you have little understanding of how malware analysis actually works, so I'll make this simple.

Just because a piece of malware is not known to security researchers does not make it undetectable. Work is constantly being done by organizations like Kaspersky to continue to detect threats like these.

>>46603303
go back to /pol/ plz

>>46603303
It looks like the Kaspersky chief is linked with the FSB, the former KGB:

http://rt.com/news/kaspersky-most-dangerous-people-606/

>“A longtime ally of Russia's secret security services, Kaspersky supplies technical expertise to the FSB, the successor to the KGB. His researchers train their agents in computer forensics.”

>The blog alleges that the alliance sent FSB agents “to the rescue” when the mogul’s son was abducted in April 2011.

>The magazine also claims Kaspersky sponsored Russia’s bill which banned a wide range of websites and “introduced new surveillance techniques for Russian telecom firms.”

>>46603334

Not that anon, but its a valid point. Not much happens in Russia with some level of govt involvement. Any type of Anti-American news would be encouraged.

>>46603217
That's the one yeah. I'm interested to learn how zero day trading really happens though, if that was inaccurate. It _sounded_ plausible enough, to a layman anyway.

I'm only coming from a web background so desktop security is all new to me. Besides from reading kaspersky et al's reports occasionally, my security experience starts at XSS and ends at CSRF. I find this all fascinating but a lot of it goes above my head.

>>46603324
i fully understand how it works.
you just ignoring the fact that it has been FUD for quite some time.
they can just change the malware to make it undetecable again.

heck maybe your pc is already infected, maybe mine is.

by using methods like a running custom tcp/ip stack, so the traffic is not detected.
granted i do not have much knowledge about networking.

anyways this is wat kaspersky had to say for them selfs;

"The discovery of the Equation Group is significant because this omnipotent cyber espionage entity managed to stay under the radar for almost 15 years, if not more," Raiu said. "Their incredible skills and high tech abilities, such as infecting hard drive firmware on a dozen different brands, are unique across all the actors we have seen and second to none. As we discover more and more advanced threat actors, we understand just how little we know. It also makes us reflect about how many other things remain hidden or unknown."

now read the last line again and again and again.
maybe you'll understand, this does not mean EVERYTHING is detectable just yet.

>>46603303
Lol, believing the sanctions are hurting russia.

Temporary, perhaps. But in the long run, Putin is killing the petroldollar. get rekt USA.

File: Bubbl-Board.jpg (149KB, 830x552px)

149KB, 830x552px

welp, going back to VAX

File: Capture.png (285KB, 736x543px)

285KB, 736x543px

<==== the guy who runs Kaspersky.

This pic shows him when he was in the KGB cryptography program.

Do you trust this guy is telling you the truth? Or do you think his main interest is to say 20% of the truth in such a way that USA looks bad and you don't really know what's going on. Maybe the Russians have their own backdoor software which is installed on your computer, and this is just the tip of the iceberg, just one stage in a stealthy war between intelligence agencies in USA and Russia. This is just speculation right now, but really you can't believe a Russian private company wants your good, especially when it's run by a former (?) KGB trainee.

T-tin foil hat!!!!

Honest g-guys!

Going by the article, they were only targeting high-priority targets in foreign governments, which I imagine violates quite a few international laws.
They had to be careful not to get too reckless since, if someone found out it, would cause hell for the US electronics economy. Now that the news is public, they're only going to be using it more aggressively.

Under the cover of "protecting the country", anyone is a target.

>>46603457
But one should believe that the US government is any different?

>>46603470
No, I'm from Europe, I don't even pick sides here. I'm saying we're caught between 2 intelligence agencies from USA and Russia waging an informational war. Both sides are bad, that's what I'm saying, and we're losing to both, instead of having any way to escape their shit.

>>46603457
Yes, I'd trust that guy.

>>46603482
don't forget, other agencies (read other countries) are doing the same, only they seem to be behind.

Hey, Americans, get your fucking government in order and stop spying on me you assholes!!

File: 1423295967864.png (119KB, 480x232px)

119KB, 480x232px

>China spies on it's citizens via software and hardware....

Well it is China so it is fine.

>Russia and China hack information from every business you use. They most likely have all of your information name, address, DOB, SSN, etc...

Oh, that is fine because they are just hackers what could they do with it?

Why is anyone surprised or bothered by this anymore?

There is no such thing as true privacy anymore. If it isn't the NSA it will be the FSB or the MSS.

File: 1416785853920.jpg (177KB, 899x605px)

177KB, 899x605px

Damn, sucks to be a yuro, getting fucked by the NSA and paying 19% ProblematicWhiteMaleShitlordValueAdded taxes on top of already high prices on top of already low wages

File: Putin-young-784894.img_assist_custom.jpg (7KB, 230x345px)

7KB, 230x345px

>>46603457
That dead look on his face

>>46603508
At least China is open about what they do.

America is just shady as fuck.

>>46603521
He looks like an emokid.

Deep inside Putin is probably emo as fuck, he would cut his veins on My Dying Bride after applying a dark makeup.

>>46603457

>implying he had any choice in communist russia

refusing communism got you thrown into gulag and killed

hundreds of million people died because of communism, so people had to "go with the flow" and live, even if they hated communism

>>46601505
The whole point of the hard drive firmware backdoors is that they let you conceal data on hard drives and rewrite data as you please. Hackers have published papers on doing this, so it's not absurd to think that the NSA can do it as well.

Use that technique to conceal a hypervisor rootkit and you're fucking invisible with full control over ever finger and toe of the system. There are techniques to discover bluepills like that but IIRC they all have countermeasures.

>>46603036
You can select flash memory that doesn't have this problem, or transfer data via tape/DVD.

This also has no effect if your system never gets compromised. OpenBSD ftw.

>>46603552
Intelligence agencies didn't really force you to recruit you. Not even in communism. Most likely he wanted to go up on the social scale, so he joined the KGB.

But the point is, once you're KGB you're part of the community. I don't think you ever cease being one of them. I really think Kaspersky is working in the interests of the Russian intelligence now. Why did they disclose this now, right after the Minsk summit on the Ukraine shit? Maybe they're trying to keep the public opinion focused on this while something else is happening? Idk, intelligence agencies work with stuff like this.

>>46603515
I wish I paid as low as 19% sales tax

>>46603353
The enemy of my enemy is not my friend, but he can sure be useful sometimes.

File: leutenant3.jpg (21KB, 194x270px)

21KB, 194x270px

>Comrade do you have that virus i asked you for?

ok, ill ask the elephant in the room question

How the fuck does a firmware thing on a hard drive help them when they need the OS or the CPU+Network Card to actually send information?

>>46603642
yes, dimitri.
I make you good virus.

>>46603653
>pc boots
>pc selects hardrive to boot from
>harddrive injects malware into mbr and boots the OS
>pwnd

>>46603676
Do you have any idea how difficult that would be to do without an extremely specific target

File: GrayFish-boot-steps-640x1043.png (499KB, 640x1043px)

499KB, 640x1043px

>>46603676
to beter understand here a picture

>>46603692
read this: http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/\

and ask questions after please.

>>46603665

В coвeтcкoй Рoccии , виpyc coздaeт вac

>>46603653

How to inject code in hdd firmware:
http://spritesmods.com/?art=hddhack&page=4

>>46603693
>>46603711
>windows

>>46603719
CYKA BLYAT
i cant into russian :(

>>46603732
it's been rumored that it can also infect MACs
and if that is the case (seeming as MAC's are unix based) linux/unix should be possible too.

>>46603732
It's not OSs which are backdoored here, it's firmware.

So, it can work with any OS. The only thing that would be different is the instructions packed with the bootloader.

>>46603732
>Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.

>>46601122
>implying that some of the most intelligent human beings that have ever lived weren't russians
check yo self before you wreck yo self

>>46603761
So the best way is to stay offline?

>>46603515

>USA retard thinks he doesnt pay tax just because you need to pay it seperatly.

WAKE UP SHEEPLE

>>46603942
only if no other internet devices are close by and you never use a usb stick or some thing else to put things on your pc.

>>46603073
One day we'll have breeds of horses giving your crop information to Monsanto so they can demand you over your non-free "self grown" corn.

>>46603457
There is no such thing as "former KGB". The only way one can leave KGB is by dying.

>>46603413
With all due respect to everyone else ITT, this faglord is literally shilling for Russia. What's the next step of Putin's master plan after crashing the ruble with no survivors?

>>46603303
Kaspersky is going to side with Russia and their intelligence community, yes, but they provided objective information and didn't make any unfounded speculations in this report.

Plus, it would permanently harm their credibility if they actually made up facts just to appease their nation's propaganda machine.

I work in the malware analysis field and I can affirm the report looks totally legit.

File: Screenshot_2015-02-17-14-09-51.png (333KB, 720x1280px)

333KB, 720x1280px

As long as you don't use windows, osx or are a Muslim, you're probably not even a target.

>>46600964
Is this bait?

>>46604730

White, male Linux users than live at home inherent the planet.

>>46603127
Don't be one of the few high profile targets of the US that were being spied on. Pretty simple. And no, chinese cartoons, supporting libertarian ideals, owning guns, looking at loli, and/or browsing 4chan don't make you a high profile enemy.

>>46604649
You seem to be forgetting about the reports Kaspersky did outing the Russian government.

>>46603303
No, this is not part of intelligence warfare between the US and Russia. That warfare is occuring, but its not ever going public. Kaspersky is a company trying to make money. If they prove they can catch people like the FSB and the NSA, and they also stoke the fear that the NSA is out there hacking everybody, the more products they sell.

How would the Russians even benefit in the long term from something like this? The Russians are smart as hell when it comes to intelligence. They wouldn't tip their hand and let us know what they know about NSA techniques. This has literally zero benefit for the Russians.

Not everything is a conspiracy or needs to be read into. Some things are just exactly like they appear.

>>46600891
Stallman does not approve of proprietary firmware, and, as far as I know, does not use any in his current laptop.

File: Stallman Euphoria.jpg (38KB, 424x345px)

38KB, 424x345px

>>46605002

>He writes his own firmware

>>46604896
>You seem to be forgetting about the reports Kaspersky did outing the Russian government.

They're not going to do anything that's too exposing of the government, if only for their own security.

Eugene Kaspersky has heavy historical Russian intelligence ties.

>>46604896
>How would the Russians even benefit in the long term from something like this? The Russians are smart as hell when it comes to intelligence. They wouldn't tip their hand and let us know what they know about NSA techniques. This has literally zero benefit for the Russians.

I agree this release probably wasn't influenced by FSB, but I disagree with your assessment. DoD has pushed private US companies to release information about Chinese APTs, probably as a strategy to humiliate them and give tons of options to put political pressure on them.

Now, Russia can cite specific NSA operations and actors during negotiations and press releases.

There are pros and cons to exposing info about foreign intelligence and militaries; in this case, NSA obviously knows large parts of their operations were compromised by Snowden, so FSB would know their tactics are going to change whether they release this or not, so might as well release it.

>>46604896
So you're saying a "former" KGB trainee just "happens" to disclose NSA spying, it has nothing to do with any Russian intelligence interests.

Such as saying negative stuff about the USA as part of a campaign to discredit one of the countries which deployed economic sanctions against Russia, sanctions which will affect private companies too.

So much coincidence. Kaspersky is such an altruistic company working for the greater good, telling it how it is to the global media, so that.. who looks bad in this story? Russia? The USA obviously, which has the potential again to turn its own citizens and companies against the US govt. Cmon.. I mean the CEOs from Google, Yahoo and Facebook refuse to meet Obama exactly because they got blamed for disclosing private data of their users, and you think this Kaspersky disclosure is not going to make things worse between the US govt and the American public?

You're the one who's naive.

>>46605090
No they're a fucking corporation working to make money. So they want Russian/Chinese/Whateverfuckistan to hire them to check their shit, not for some neckbeards all over the world to be paranoid about.

>>46605116
>China trusting a former KGB agent to check their security

Makes alot of sense. THey can't find enough brains to do that among their bilion plus population.

>>46605116
So basically this is the KGB/FSB company advertising their services to the rest of the world. They want you to clean up your NSA shit by letting them install their own backdoors in your systems.

Yep, completely trust Russians to do that.

>>46605212
They're not going to be so brazen as to backdoor their AV product, if only because their company would essentially go bankrupt as soon as the backdoor is discovered.

They are a capitalist company above all else, and they employ some of the top security researchers in the world.

That said, you should definitely take things they say with a grain of salt and examine only objective claims, not speculations.

>>46605212
>letting them install their own backdoors in your systems.
Except they can't demand hardware schematics/source code and force US companies to use their "improved" designs.

>>46605257
Look you're speculating that they can actually counter this stuff. At this point, they just disclosed firmware backdooring, that's all. It's just a media event, they're not offering anything, so nope, the purpose of this disclosure is not them making a buck, since they don't have anything to counter it at the moment.

In fact, they admit that there is probably a lot more they don't know. Meaning, the main purpose of this media disclosure was to freak out the civilians about how the USA govt is spying on them. It just fits Putin's interests so well...

>>46605090
>>46605084

I never said Kaspersky was an altruistic company. I just don't think that they are doing this on behalf of the Russian government. They are doing this to make money and win more contracts. They have outed many major governments around the world. I agree that Russia tries to discredit the US in many ways, but this is not the way they typically go about it. They don't usually expose their understanding of our intelligence gathering apparatus, because as soon as they do, we change it, which makes it harder for them. In fact, this is pretty standard procedure for most countries.

China and the US is a bit of a different story. The Chinese don't use many sophisticated methods for their industrial espionage campaign, which is the campaign being outed in the media by the US government. You will notice though that barely any of the public statements focus on normal government on government spying. Outing the threat that the Chinese pose is likely the only tactic that will work because of the way they target non government related entities. Getting companies like Mandiant to write reports on them is intended to raise awareness within corporate security offices so they can stem the progression of the Chinese industrial espionage malware.

Comparing the US/Chinese relationship with the US/Russia relationship is not a good comparison. The US relationship with both countries is quite different, as are their intelligence priorities and their level of sophistication.

> Now, Russia can cite specific NSA operations and actors during negotiations and press releases.
I doubt we will see very much from the Russians on this front. It is possible they will try to take advantage of it now that its out though, but that doesn't prove any motivation or support for the release of this information.

>>46605327
>the purpose of this disclosure is not them making a buck
>implying free advertisement isn't going to help them sell their antivirus

File: 1403684299663.jpg (12KB, 205x246px)

12KB, 205x246px

>>46602080
kek, guy in the middle

>>46605368
>Antiviruses can remove firmware viruses

>HDD randomly spins up
I fucking knew it

>>46605327
NSA deployed the firmware malware in very, very limited cases against specific targets. The malware still is not undetectable though, just extremely persistent and difficult to remove.

It's just nonsense to think an AV company is actually going to backdoor their product.

And yes, obviously it fits Russia's interests. Mandiant, FireEye, and Crowdstrike are US security companies that frequently reveal information about Chinese and Russian intelligence agency groups. That doesn't mean they're on the government's payroll or are backdooring their products to help foreign surveillance. It does mean they probably got permission from the government to publish the info though, which is probably what Kaspersky did too.

>>46605361
>I doubt we will see very much from the Russians on this front. It is possible they will try to take advantage of it now that its out though, but that doesn't prove any motivation or support for the release of this information.

They've referenced NSA surveillance before, and there's no reason why they wouldn't in the future.

You're right that Chinese are much more brazen and do way more economic espionage, but NSA does their fair share of economic espionage too.

Intelligence is a very very complex field, and there are plenty of valid reasons why FSB would want this info published. They may have had no involvement, but the fact the info was published does not preclude their involvement whatsoever.

>>46605388
It doesn't matter, people will be more willing to buy security from a company that found about this and made it public.

>>46605390
>have an ssd

oh fuck, now i cant tell....

>>46605002
What hard drive is he using then?

>>46601505
Probably something along the lines of:
Hard drive with cuhrayzee backdoor code in it sees a file with an elf header. (or just using filesystem executable flags)
hard drive then inserts a very small bit of code into that file. code is executed when the OS runs the file.
OS doesnt even notice. its just a standard executable file. so what if it opens some ports, many things do that.

>>46605393
> They've referenced NSA surveillance before, and there's no reason why they wouldn't in the future.
They have but it is typically after the fact. They know how to take advantage of a situation, and they have a top notch information operations department.

I'm more than aware of the complexity involved in intelligence, and I'm extremely familiar with the way in which the Russians conduct themselves. If Russia were pushing for this information to be published, it would wildly uncharacteristic. Taking advantage of leaked information after the fact, however, would not be.

China steals information and gives it directly to companies, the US does not do that.

>>46605484
>China steals information and gives it directly to companies, the US does not do that.

It's a gray area. NSA was caught red handed spying on oil companies, and presumably that information would only be useful if given to energy sector executives. It's possible they were only interested in it for geopolitical purposes and did not give it to anyone in the private sector, but it's impossible to know that, especially when ethical lines are crossed every day by thousands of people.

I'm not quite sure how you can definitively say what FSB's plans are unless you actually work there. Even if you're going by history, tactics are being changed rapidly due to the growth of real cyberwarfare, so it very well could be a new strategy for them. I know they are usually very silent and secretive on these matters, but they could have a good reason for wanting this released; perhaps they want to tip off specific NSA surveillance targets with plausible deniability, for example.

>>46605393
You're forgetting one thing:

Everyone who made big bucks in Russia after 1990 (oligarchs) came or was linked with the former KGB. Big business in Russia became big for one reason: they had relations in power they could use to grab big contracts with the state. I don't know any big company in Russia which really made it on their own. It's just how business works in Russia, it's not really capitalism, it's state-linked capitalism.

So, don't use your Western mentality to think about how capitalism works in Russia, because there's no such clear separation between big private interests and state interests in Russia.

>>46605641
That's a valid point.

In the end it doesn't really matter though. Even if it is part of a propaganda operation, the details themselves are legitimate and are quite scary.

>>46605580
> I'm not quite sure how you can definitively say what FSB's plans are
I'm not, I'm saying it is very unlikely and would be highly uncharacteristic. I don't think the FSB is behind it, but that doesn't mean it isn't possible. It certainly is one of the less likely explanations for this even though. I think it is much more likely that Kaspersky is doing this with the intention of making more money.

>>46605641
VK?
mail.ru?

>>46605730
Out of curiosity, do you actually have an intelligence background or are you an "armchair analyst"?

Guys, one way to save ourselves from the hackers. We must reverse engineer the IBM 5100

>>46605815
I have a significant intelligence background.

>>46605641
I didn't read what you were responding to, but I just wanted to say that is how it works in America too. Actual businesses are fucked over, while state favored ones are given priority.

>>46605917

Military / Civilian ?

>>46605930
Both

>>46605917
I work in infosec and do "threat intelligence" myself, but that's just a very watered down version of nation-state intelligence.

I've always been interested in a real intelligence career, but I have too many ethical holdups to ever work for CIA or NSA.

>>46605937

Wanted to go into that area but the options here are limited.

Is it as exciting work as we all think it is ?

>>46605928
I doubt it. For example:

Check how a US presidency candidate begs for money from private companies.

I don't think in Russia political candidates beg for money to organise a proper campaign and have better chances at being elected. It's the other way around: the current president decides who will take the power next, and companies are asked to pay for the campaign... or bust.

Also, as you can see big capital in the US can criticise the US president and can even refuse to meet him. In Russia, things will end up badly for you if you do this. At best you get into prison (see the Khodorkovsky case).

>>46600719
its only in a few major US hardrives

SORRY WESTERN DIGITAL

Hitachi is safe

so are some of the offbrand SSD companies

>>46601122
it was Kaspersky's lab

>>46605985
Look at the military contracts that are given out, the bail out of the auto companies and banks during the 2008 crisis (banks count as a business). Beyond that, many politicians give priority to family owned (their family) to get contracts that could be better done by someone else, or wouldn't be done at all without their interference.

The US is very very far from a free market, or a free society. Princeton argues the US is an oligarchy.

We may be arguing the same thing honestly.

>>46605966
> I have too many ethical holdups to ever work for CIA or NSA
You should give it a shot. I think you'll find that the public view of the military/CIA/NSA and other intelligence agencies is less than accurate. I worked in the private sector for a long time and I found most large companies to be the ones without ethics. Following the laws set forth is a very big deal in intelligence agencies, and everyone is very serious about it. Don't believe me though, believe the media, leakers, the occasional politician and the internet, they've never been known to misrepresent anything, ever.

If you really want to know, you should find out for yourself, instead of believe me, the internet, the news or whoever. That's what I did, and I was surprised. Now when I watch the news everyday, I see how wrong all of it is on most all subjects, and it saddens me.

>>46605974
It is very interesting and exciting (not in the movie way though). It is extremely challenging which is exciting. It can be exciting in other ways too, but it depends on the job. I don't know where you are, but if you really want to do it, why not try? Limited options are still options.

All in all, working for the government I've found that I was wrong about a lot of things, and the groups of people I've worked with have been some of the smartest, most thoughtful, most dedicated, and most truly patriotic people I've ever dealt with.

Okay nerds so this is horrifying and all so how are you going to make my computer safe from the NSA finding out about my pirated anime soundtracks? Please don't tell me I have to use Linux.

>>46606078
No, you must endure a much greater suffering:
downloading jewtube soundtracks instead!

>>46606068

Two intelligence options here: Police & Army
Too old for Army.
Police: Very selective. But hey, could be worth a shot

>>46606163
wow you're right, little bit limited. What country (if you don't mind)?

File: 1423994822268.jpg (27KB, 499x499px)

27KB, 499x499px

>thinking the government cares about you

>>46600940
Thing is, everyone is doing it and everyone needs to do it to stay alive.

>>46606068
>If you really want to know, you should find out for yourself, instead of believe me, the internet, the news or whoever. That's what I did, and I was surprised. Now when I watch the news everyday, I see how wrong all of it is on most all subjects, and it saddens me.

I definitely don't trust the news, but I also definitely don't trust the US intelligence community.

I am not a conspiracy theorist and I am not necessarily against the US government. I also have several friends who work in the intelligence community. I fundamentally agree with NSA's goals and mission, and I have no issue with many of their operations, but I disagree with many of their tactics.

Bad things happen when any one organization or person becomes too powerful. Even if you go into something with the best intentions in mind, you will inevitably grow more corrupted as you gain more power. And I think that's where NSA is headed.

And I also know private companies are no better, but most private companies (thankfully) do not have access to the kind of information the government does. If they want to grow in power or collect information, they have to stay within the law, which limits them greatly.

There's also the issue of doing important work but not knowing how that work will be used or what it's really for. Blind obedience to a job while knowing nothing about the end goal or intentions of that job doesn't sit well with me.

If I am building a weapon, I want to have full knowledge and control over it. That's why I find, write, and utilize 0-days alone and on my own terms, and use them in a manner that I think is ethical and beneficial to others. I could not say the same if I was doing exploit dev or CNA/CNE work for NSA.

>>46601080
and how would i go about doing such research? what website shows me what is shipped into the United States and where

if this is true
how would someone look for the trojan and use it against them or use it like they would to get female nudes?
what would I need? where should I look?

>>46606212

>2015
>still thinking they do not

>>46606232
So I keep hearing about all this "power" the NSA has, but strangely I never ever see it. Sure, I see incredibly advanced capabilities, but I also see pretty tight regulation and limited resources. The power lies within the political bodies of the US government, and people think they are misusing the power via the capabilities offered by intelligence services, they should vote for someone that more closely represents their principles.

> If they want to grow in power or collect information, they have to stay within the law, which limits them greatly
This is true for companies and for intelligence organizations. I realize that there is a lot being said to the contrary, but most of it is being misrepresented.

> Blind obedience to a job while knowing nothing about the end goal or intentions of that job doesn't sit well with me.
I don't know where you got that idea, but it isn't true. I am not blindly obedient, and I've never met anyone else that was either. I may not know every single scenario, but I'm okay with that, not because I'm blindly obedient, but because I have faith in my leadership's demonstrated competence.

> That's why I find, write, and utilize 0-days alone and on my own terms, and use them in a manner that I think is ethical and beneficial to others
That being the case, it is understandable why you don't want to work for anyone, and that's fine. I used to think the same way until I realized that what is or isn't ethical varies from one person to the next, and that unilaterally effecting others based solely upon my own ethical viewpoints was just as bad, if not worse, than a government or corporation forcing its will on others.

>>46601042
The logic is sound, although not for this issue. "We can't find the bug but we know it is there."

>>46603741
"In Soviet Russia the virus makes you". He said.
>>46605212
>So basically this is the KGB/FSB company
So the Internet working with TCP/IP must be the CIA botnet in this way. Putin, what are you doing on my 4chan, you must to raise the Russia from knees!

>>46601080
http://en.wikipedia.org/wiki/2011_Thailand_floods

Yeah, because the floods didn't actually happen.
Fucking conspiracy nuts tell you to do the research or that the info is out there. Didn't actually read anything themselves.

Show us the papers for all these undeclared shipping containers from Thailand. What train took them to Utah?

Spy on me, I don't give a fuck, just don't turn on my cam when I'm jerking off cause that would be embarassing.

I use a lenovo thinkpad. am I effected by this?

File: 1381121208246.png (24KB, 344x389px)

24KB, 344x389px

I've pretty much accepted the botnet.

My phone knows where I'm driving to and tells me that I'm 14 minutes from work and it's right. My computer knows what I'm going to search before I search it. My TV knows what programs I watch and gives me ideas for new shows that I usually enjoy. My grocery store knows to print out coupons upon checking out of the self service checkout line for products that they know I like, and I end up using the coupons to save a few bucks. My life is a big fucking botnet and I wouldn't even know where to begin to unplug myself, so I just roll with it.

>>46605436
magnetic core memory doesn't have backdoors

>>46606533
True. no way to escape

>>46606426
>That being the case, it is understandable why you don't want to work for anyone, and that's fine. I used to think the same way until I realized that what is or isn't ethical varies from one person to the next, and that unilaterally effecting others based solely upon my own ethical viewpoints was just as bad, if not worse, than a government or corporation forcing its will on others.

I mean, I could probably debate that point for hours. In some senses it can be a lot better, some a lot worse. If I'm acting 100% alone then I get no checks or balances or second opinions, but if my checks and balances are improper or lacking in severity then you create a potential "Lawful Evil" situation where you are nominally obeying a code of conduct and convince yourself you are following regulations and laws, but in practice you may be committing great ethical offenses. I will say I do personally defer to other people before ever making a decision to infringe on someone's privacy, and I trust my own ethical code over a vague unknown ethical code that may or may not be followed by those whom I am helping weaponize.

(1/2)

>>46606660
I do not think the NSA's current checks and balances are sufficient. Yes, sure, they technically (try to) stay within the law, but those laws are only enforced in secret courts with secret rulings, and FISA judges will almost always side with the government. Yes, an analyst needs to go through a special process to see information on a US citizen, but that information is already in storage and technically accessible by many people, with only a bureaucratic barrier to its access.

If you look through all of the Snowden-leaked documents (the documents and presentations themselves, not the reporting about them) it's absolutely undeniable that there is dragnet surveillance, that there is deep infiltration into private companies in allied countries (the breach into Belgium's Belgacom, for example), that there is in general an attitude of "scoop up everything, search for what you need on demand". That "scoop up everything" part sets a very bad precedent.

I think you also may be letting your own personal experiences color your entire perception of intelligence agencies. Even if we assume that 99% of employees are ethical and that 100% of people you've met there are ethical, there are still massive swaths of the organization you have no personal encounters with and may never know about.

I obviously do not think NSA employees are bad people, I just think the internal culture they're promoting (Keith Alexander's "Let's collect the whole haystack") is a precedent which needs to die before it spirals out of control.

(2/2)

>>46600719
the only people safe from the government are Amish people.

>>46603432
oh snap, i bet bubble memory has spy firmwares too

File: the-last-hermit-gq-magazine-september-2014-life-01.jpg (273KB, 628x434px)

273KB, 628x434px

There's always this option if you'd like to go off the grid and be truly free. However, you'd wanna do a little more planning than this guy did.

Long read but abso-fucking-lutely worth it.

http://www.gq.com/news-politics/newsmakers/201409/the-last-true-hermit

Alright, from what I've read, hard drives do NOT have trojans in their firmware.

IIRC, the NSA is using malware to infect hard drive firmware.

>>46603063
Gay Nigger detected
Enjoy your winfuck you fucking cunt

Why is it not completely logical for lawmakers to make it illegal to bundle secret backdoors (malicious or otherwise) into hardware and software?