So basically I discovered that encrypting your HDD/SSD is pointless if it's firmware has been infected with spyware from the NSA. Is it possible to completely erase the firmware and put an opensource version on there? I know that trying to protect your PC against the NSA is pretty much pointless (they can just mirror your HD on a million other drives and brute force their way in in minutes) but I'd rather try to close all backdoors present in hardware. I already use libreboot on my T400 and gentoo so I'm on the right track
the nsa does not give a fuck about you. The only way they could get access to your encrypted data is if it was worth millions. You're not worth their time.
Connor Edwards
Why?
Isaac Martin
I know that they don't care about me. It's just me being autistic probably. I'm just asking if it's been proven possible yes or no and if yes, how to do it.
Gavin Edwards
Okay cool. Well I don't know, but I'm curious now too. It sounds like it should be possible, anything is possible, right? With hardware it just involves slightly more dicking about.
Jason Reyes
I am sorry that you don't think my life is interesting, but that doesn't give you the right to invade my privacy. If people on this board who does stuff like that for fun, can't get privacy, how is people who actually need it going to?
Liam Campbell
caring about privacy is about principles, not practicality
people make a big deal about privacy not because they themselves need it, but to create the tools so that it is available to other people who do need it
Jaxson Butler
Your post screams you dont know shit about encryption AND backdoors (firmwares either)
Xavier Clark
And the chinks who build your board also installed firmware that duplicates all your network controller data and sends it to they're monitoring server.
Go to sleep dad.
Austin Thompson
Time to bring up a new open architecture.
Owen Carter
Welcome to a year ago.
Its been something of a suspicion within the security researchers for years
John Young
I use whatever xubuntu uses by default which i think is good enough. The question is though, what if the drive itself is backdoored
Jason Torres
why even waste your time encrypting? if the government have any reason to suspect there is evidence for a crime on your hard drive they can hold you in a cell until you tell them the password, your expectations for encryption is a lot like thinking that because you lock your door police cant enter your home under any circumstances because 'privacy'
Cameron Miller
Who says its just for the police? I dont want niggers stealing my shit
Tyler Martinez
This is basically a battle you can't win. If the firmware is infected it can pretend to be wiped, while not actually being wiped were you to attempt to install open source firmware. You could buy a new hard drive, but what if that's delivered infected?
Regardless, not much point in hard drive encryption from the government in my eyes, unless you're doing something illegal and there's a chance your drive will be seized. As long as your computer is on, hard drive encryption does nothing and that's when most anyone is gonna try to attack you. Why infect your firmware if they can just lift the files directly from your computer?
Camden Ross
keep it all on the cloud :^)
Anthony Carter
>not keeping a cellphone detonatable thermite grenade in your laptop They can't find evidence that doesn't exist.
Cooper Rivera
I'd definitely be more concerned about the chinks.Even with the whole firmware thing put aside, they are relentless with their attempts to get into everything attached to the internet. Who knows what their government sponsored agencies are capable of.I don't trust anything entirely,in terms of security,to protect my shit anymore.
Sebastian Price
>You're not worth their time. >The NSA catalogs and stores petabytes of worthless data.
Joshua Gutierrez
Why would compute be on
Connor Wood
>brute force their way in in minutes Yeah AES256 isn't a couple of minutes kind of encryption
Zachary Davis
It depends, device specific or vendor encryption is compromised by nsa. But open source tool like veracrypt/dm crypt are ok. If these tools are used together with full disk encryption (maybe even os running live) then even backdoored firmware has no effect.
Daniel Miller
Sure, just get the guaranteed 10+ years in the pen for destruction of evidence, attempted murder of a federal agent etc etc.
Dylan Walker
>tfw intel ssds (EVEN THE OLDEST ONES) are NOT affected I was telling you guys to get Intel. You said no because MUH SAMSHIT. Now enjoy your firmware viruses. Kek
Dylan Scott
a petabyte isn't very much theses days, grandad.
Bentley Hall
I wonder if an encrypted VM system could be devised where,upon entering a password on the main OS,the virtual machine is silently destroyed in the background? Say you have encryption on the main OS,it has the password apple for normal unlocking,and the password apple1 to unlock the OS AND destroy the VM.Something like this would be useful,imho.
Christopher Perry
Actually zettabytes of data.
Evan Moore
No it wouldnt because it makes no sense. If it runs in ram (vm) then it cannot be encrypted. If main os is running but locked, fbi/nsa will copy contents of ram and with that also encryption/decryption keys
Michael Scott
You're sort of Not Even Wrong.
Points: - NSA cannot crack strong encryption, your stuff about "mirror"/"brute-force" is bullshit, unless you choose a weak passphrase - use at least 100 bits of real entropy and you're good, try Diceware - can try to work around encryption: coldboot/remanance/NONSTOP - Possible paths any really determined attacker could try to take to inject malware: SPI Flash/UEFI/BIOS/Intel ME/CPU microcode (); PCI/PCIe device option ROMs (NIC is a solid favourite, see BULLDOZER); bootloader on modified HDD/SSD used as a boot drive, except with Secure Boot with non-default keys (IRATEMONK, installed via TWISTEDKILT); modified RAM (e.g. WOLF SPIDER, lab only); Thunderbolt/Firewire DMA (unless range-protected with VT-d); keyboard devices, e.g. USB, if you are logged on/can type, or keylog (e.g. COPPERHEAD, COTTONMOUTH, WILDIDOL) - all of these are tested but most of them are crazy talk when 99% of targets just open invoice.docm.pdf.scr - also, even if you are a diplomatic target it would probably be much cheaper and less hassle to roofie you or just flash tits and get you very very drunk - but trying several different techniques at once is SOP for major intel orgs - libreboot is not a supported platform for implant dev, most of the paths are fruitless - sign your bootloader and encrypt your hard disk and you're more or less golden against HDD firmware - disk encryption modes don't provide authentication, so malleability attacks remain possible for those with persistent or repeated access
tl;dr: You're being needlessly paranoid, which can make for an interesting topic of discussion but not a very fruitful one. Tailor your defences to your actual threat model, which is, I quote "niggers stealing your shit". It's a Thinkpad T400, not a Macbook. You're probably good against that anyway. UV mark it with your address, encrypt the drive, you're probably good.
Carson Jenkins
Still better than indefinitely
Robert Brown
How about you just never allow a device with an active internet connection to interface with your NSA secure HDD or SSD?
Mason Howard
that's the whole point of OP's post
source? if you don't provide a reliable source you're just another shill
This may seem like a good option, but how can I shitpost on Sup Forums then?
Carson White
bump
Carter Lewis
Libreboot
Cooper Murphy
>Libreboot has support for fam15h AMD hardware (~2012 gen) and some older Intel platforms (~2006-2009 gen). We also have support for some ARM chipsets (rk3288) Great.
Adam Moore
He asked how. He never specified anything other than that. Libreboot would work, and not at all be optimal. Depends on how bad you want the end result.
Andrew Stewart
>This may seem like a good option, but how can I shitpost on Sup Forums then? SSH through a line you trust (preferably one on your home network) onto a computer who's sole responsibility is to interface to the internet, and wait for the NSA to get tired of your shit and just cave in your door
Camden Perry
did any of you guys even read the article? this affects windows only..
Carson Rodriguez
>just leave your front door unlocked or opened, we guarantee thieves won't give a fuck about you
Sebastian Bennett
SURELY REMOTE-DETONATED THERMITE GRENADES ARE COMPLETELY LEGAL. 10/10 would reccomend
Lincoln Gray
D A T A D I O D E S A T A D I O D E S
Hunter Campbell
What does it even matter if the firmware is infected? It's still going to write the bytes to the drive. How would it be smart enough to know "Oh now he's writing random data to wipe stuff instead of meaningful data. I'd better not write this data, just pretend to."? Same goes for encryption. Or am I being an asshat?
Did you even read the article? The second link clearly shows someone hacking into a linux machine using hacked firmware in his HDD
Colton Flores
That's really cool, and scary. Thanks for the read.
Landon Foster
They can't force you to tell them your password, you need to read a fucking book, or at least do a Google search.
Robert Butler
more like >someone could possibly break in my house better go live in a bunker forever If the nsa wants your data bad enough they're going to get it. 99% of people using encryption are not worth the effort it takes to decrypt
Juan Wood
Enjoy your indefinite detention when you don't give up your password.
Austin Johnson
In the US, as long as the structure is not burned (cuz then it's arson), and you have no more than 0.25 oz useable explosive it's all good. And unless they claim it as evidence first, I can't see how they could do shit.
Nichrome wire ignites magnesium starter, which sets off thermite, of an amount which will render the harddrive useless, but not burn the place to the ground. Zero explosives.
Henry Barnes
The times have come, when it's better to not have any private data on a computer that's connected to any network and have a computer disconnected from everything to store some private data if you really have to. It all goes down to trust to another human - in this case to the people who built and programmed your computer. Do you trust them? I have no reason to do so. It's really simple when you think about it. Looking for a good security implementation is futile. I think it's better to think what cool things can you do with a computer instead. Drop the security obsession, it's toxic and stops you from doing other things.
Don't use passwords or encryption. Use a stateless browser.
Keep everything in da cloud.
Fucking judge going to order you to give passwords for shit they don't even know you use? lel
Jackson Williams
I think you are missing the point, if your firmware has malware it doesn't matter what you do with the content.
Btw: blackhat usa memory sinkhole x86 really cool one
Also remember those kids who rm -rf their bios? Being able to write your bios in the latest msi laptops screams i like to be backdoored?
Nicholas Smith
who fucking cares? no one here has firmware infected by the fucking nsa
jesus christ you people are fucking retarded
Zachary Murphy
Just encrypt individual folders or files.
Bentley Murphy
Lmao, are you fucking retarded? Thats not even a doubt, everything is compromised or have security holes tm(software, so's,firmware), are you so fucking braindead?
Memory sinkhole x86, easily oberwritten bios in latest stuff, also microsoft botnet everywhere, you are a fucking ignorant.
Liam Gomez
>LOL MUH BOTNET
you are literally a Sup Forums tool. whatever helps you fit in here i guess.
here is a fucking tip: if the nsa actually cared about you nothing would stop them. grow a fucking brain you child
Mason Cruz
they can steal your encryption key and keylog your password, but they would still need physical access for your disk encryption to actually matter. you don't understand the threat model.
Jason Cruz
You just proved my point, if the nsa cared nothing would stop them, intense debate kek
Adam Hall
If your firmware is compromissed they already have access, they don't even nees keyloggers... why people who don't know shit give their worthless opinions?
Robert Carter
And then what? They still need physical access otherwise they upload your data and since retards like you have no concept of logging.
Trying to look smart is not working.
Chase Barnes
Who said anything about them uploading it anywhere? Why on earth would they do that? Do you see how limited are you, and even worse, project your own logical flaws on others?
Looking smart? To impress you? Lmao, yeah bro they will all remember that red pilled user, and oh wait, we are anons, idgaf of what your worthless opinion about me is
Jonathan Smith
So then they need physical access to the drive. In which case you wouldn't last one night in jail anyways you fucking turbo nerd.
Go back to your linux shill threads.
Robert Evans
How paranoid are you people ffs
Levi Cooper
Not paranoid enough.
Dominic Rogers
The only way to be sure of your computer integrity is to build your own hardware.
That's a pain so instead I simulate a computer in Dwarf Fortress that runs on water wheels and screw pumps. Which in turn runs a copy of Minecraft that is simulating it's own computer.
Autism Inception.
Jason Reyes
>no effect If the encryption is somehow done in the drive firmware or the drive controller has direct memory access then maybe. Otherwise all it can do is send your encrypted-by-not-the-drive data to the NSA. And even they can't crack AES256.
>Rewriting BIOS because of the efivars bug All they could do is change a few config options the EFI exposed to the OS, not the entire firmware.
Julian Russell
How do you jump from them not uploading it to phisical access? Lmfao, never shilled anything related to linux
Xavier Barnes
kek
Tyler Phillips
>you just said maybe, rest is irrelevant If you and me can come with a maybe in a 2 minute discussion just as I wope up, imagine NSA with millions of shekels
>All they could do is change a few config options the EFI exposed to the OS, not the entire firmware. thanks for the info, then again, the specific vuln is nothing but an example
Jace Richardson
>having all these knowledge regarding explosives Nice, you just set yourself up for investigation
Robert Davis
Don't worry, he seems ready. kek
Zachary Roberts
>Knowledge regarding explosives Or y'know, paid attention & got blinded in 8th grade science. The laws part comes from reading the NFA. When the ATF can figure out how to entrap people who aren't literally retarded, arresting people because "shoestrings r masheengunz, and copper wool iz a suppressor", or hell, manage to park correctly, then I might consider them a hazard to anything other than a neighbors dog.
Colton Bell
The problem is, they probably can, but they can't legally prove it, it is a very tricky part of the equation that most people overlook, the thing is, by the time they want to use it, it will be late. I just want to avoid not being in control, which is impossible in [current year] and will become harder and harder.
It is an interesting topic, about how police often use illegal means to internally prove it, and then find for a legal way to prove you are guilty, once you know who did what, you can find other ways of incriminating them.
Adrian Gutierrez
Have you read what those fuckwits do? they set up a "sting shop" for months, can't catch so much as a dumbass gangster, so to save face they charged the actual mental deficient they hired to stock shelves. That or they harass people for months on end to try to get someone to say "fuck it, if I do what you say will you leave me alone" then slap them with conspiracy to commit tax evasion, if they didn't actually do it. If they actually make something illegal, then its tax evasion & whatever else they can come up with (Selling/producing title II items without a licence). If they can come up with anything, they break in and leave a statue of a hand flipping the bird.
Connor Morales
>The only way to be sure of your computer integrity is to build your own hardware. This, but we'd have to start from scratch. I'm sure there are anons ou there doing this, ofcourse they wouldn't reveal it to the world or they'd be infected by NSA spyware in no time. Let's just hope that one day, if they've finished their computer and it's ready to be massproduced, we can finally live in freedom >inb4 the NSA finds out anyway and we'll allways be their puppet
David Lee
If only we could have affordable FPGA's that could handle multicore and hit a decent clockspeed.
Parker Wood
really all that needs to happen is to repeal the unconstitutional patriot act. Unfortunately if Hillary becomes president and she will, she has said her goal is to crate laws that get around the second amendment. If things keep following this pattern the president after her will create laws that take away the first amendment and then whats left? we just have to get used to being the governments bitch. because if the right to assemble and have free speech is gone we might as well live in a dictatorship. we'll be like every other shitbag country and all that our forefathers had fought for will be lost. It will lead to a very nasty cavil war against people that were just a few years ago perfectly upstanding citizens. the liberals against anyone that isnt a far left fascist.
Robert Fisher
>far left >fascist
Owen Jenkins
the chinks only care about your money, the NSA wants you to accept your fate as a pawn of the government
Andrew Butler
Only if you use standard solutions.
Change a couple details in the implementation, compile everything yourself, and suddenly NSA can't get to you.
You wouldn't imagine how easily you can keep hackers away by renaming all basic terminal tools, switching the order of parameters, and making a couple basic modifications to compilers so only you can make proper code they'll accept. Come up with your own norm which you use everywhere, and suddenly people will be completely unable to do anything.