So basically I discovered that encrypting your HDD/SSD is pointless if it's firmware has been infected with spyware...

And the chinks who build your board also installed firmware that duplicates all your network controller data and sends it to they're monitoring server.

Go to sleep dad.

Time to bring up a new open architecture.

Welcome to a year ago.

Its been something of a suspicion within the security researchers for years

I use whatever xubuntu uses by default which i think is good enough. The question is though, what if the drive itself is backdoored

why even waste your time encrypting? if the government have any reason to suspect there is evidence for a crime on your hard drive they can hold you in a cell until you tell them the password, your expectations for encryption is a lot like thinking that because you lock your door police cant enter your home under any circumstances because 'privacy'

Who says its just for the police? I dont want niggers stealing my shit

This is basically a battle you can't win. If the firmware is infected it can pretend to be wiped, while not actually being wiped were you to attempt to install open source firmware.
You could buy a new hard drive, but what if that's delivered infected?

Regardless, not much point in hard drive encryption from the government in my eyes, unless you're doing something illegal and there's a chance your drive will be seized. As long as your computer is on, hard drive encryption does nothing and that's when most anyone is gonna try to attack you. Why infect your firmware if they can just lift the files directly from your computer?

keep it all on the cloud :^)

>not keeping a cellphone detonatable thermite grenade in your laptop
They can't find evidence that doesn't exist.

I'd definitely be more concerned about the chinks.Even with the whole firmware thing put aside, they are relentless with their attempts to get into everything attached to the internet. Who knows what their government sponsored agencies are capable of.I don't trust anything entirely,in terms of security,to protect my shit anymore.

>You're not worth their time.
>The NSA catalogs and stores petabytes of worthless data.

Why would compute be on

>brute force their way in in minutes
Yeah AES256 isn't a couple of minutes kind of encryption

It depends, device specific or vendor encryption is compromised by nsa. But open source tool like veracrypt/dm crypt are ok. If these tools are used together with full disk encryption (maybe even os running live) then even backdoored firmware has no effect.

Sure, just get the guaranteed 10+ years in the pen for destruction of evidence, attempted murder of a federal agent etc etc.

>tfw intel ssds (EVEN THE OLDEST ONES) are NOT affected
I was telling you guys to get Intel. You said no because MUH SAMSHIT. Now enjoy your firmware viruses.
Kek

a petabyte isn't very much theses days, grandad.

I wonder if an encrypted VM system could be devised where,upon entering a password on the main OS,the virtual machine is silently destroyed in the background? Say you have encryption on the main OS,it has the password apple for normal unlocking,and the password apple1 to unlock the OS AND destroy the VM.Something like this would be useful,imho.

Actually zettabytes of data.

No it wouldnt because it makes no sense. If it runs in ram (vm) then it cannot be encrypted. If main os is running but locked, fbi/nsa will copy contents of ram and with that also encryption/decryption keys

You're sort of Not Even Wrong.

Points:
- NSA cannot crack strong encryption, your stuff about "mirror"/"brute-force" is bullshit, unless you choose a weak passphrase - use at least 100 bits of real entropy and you're good, try Diceware
- can try to work around encryption: coldboot/remanance/NONSTOP
- Possible paths any really determined attacker could try to take to inject malware: SPI Flash/UEFI/BIOS/Intel ME/CPU microcode (); PCI/PCIe device option ROMs (NIC is a solid favourite, see BULLDOZER); bootloader on modified HDD/SSD used as a boot drive, except with Secure Boot with non-default keys (IRATEMONK, installed via TWISTEDKILT); modified RAM (e.g. WOLF SPIDER, lab only); Thunderbolt/Firewire DMA (unless range-protected with VT-d); keyboard devices, e.g. USB, if you are logged on/can type, or keylog (e.g. COPPERHEAD, COTTONMOUTH, WILDIDOL)
- all of these are tested but most of them are crazy talk when 99% of targets just open invoice.docm.pdf.scr
- also, even if you are a diplomatic target it would probably be much cheaper and less hassle to roofie you or just flash tits and get you very very drunk
- but trying several different techniques at once is SOP for major intel orgs
- libreboot is not a supported platform for implant dev, most of the paths are fruitless - sign your bootloader and encrypt your hard disk and you're more or less golden against HDD firmware
- disk encryption modes don't provide authentication, so malleability attacks remain possible for those with persistent or repeated access

tl;dr: You're being needlessly paranoid, which can make for an interesting topic of discussion but not a very fruitful one. Tailor your defences to your actual threat model, which is, I quote "niggers stealing your shit". It's a Thinkpad T400, not a Macbook. You're probably good against that anyway. UV mark it with your address, encrypt the drive, you're probably good.

Still better than indefinitely

How about you just never allow a device with an active internet connection to interface with your NSA secure HDD or SSD?

that's the whole point of OP's post

source? if you don't provide a reliable source you're just another shill

This may seem like a good option, but how can I shitpost on Sup Forums then?

bump

Libreboot

>Libreboot has support for fam15h AMD hardware (~2012 gen) and some older Intel platforms (~2006-2009 gen). We also have support for some ARM chipsets (rk3288)
Great.

He asked how. He never specified anything other than that. Libreboot would work, and not at all be optimal. Depends on how bad you want the end result.

>This may seem like a good option, but how can I shitpost on Sup Forums then?
SSH through a line you trust (preferably one on your home network) onto a computer who's sole responsibility is to interface to the internet, and wait for the NSA to get tired of your shit and just cave in your door

did any of you guys even read the article? this affects windows only..

>just leave your front door unlocked or opened, we guarantee thieves won't give a fuck about you

SURELY REMOTE-DETONATED THERMITE GRENADES ARE COMPLETELY LEGAL. 10/10 would reccomend

D A T A D I O D E S
A
T
A
D
I
O
D
E
S

What does it even matter if the firmware is infected? It's still going to write the bytes to the drive. How would it be smart enough to know "Oh now he's writing random data to wipe stuff instead of meaningful data. I'd better not write this data, just pretend to."? Same goes for encryption. Or am I being an asshat?

It's possible
securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

Did you even read the article? The second link clearly shows someone hacking into a linux machine using hacked firmware in his HDD

That's really cool, and scary. Thanks for the read.

They can't force you to tell them your password, you need to read a fucking book, or at least do a Google search.

more like
>someone could possibly break in my house better go live in a bunker forever
If the nsa wants your data bad enough they're going to get it. 99% of people using encryption are not worth the effort it takes to decrypt

Enjoy your indefinite detention when you don't give up your password.

In the US, as long as the structure is not burned (cuz then it's arson), and you have no more than 0.25 oz useable explosive it's all good. And unless they claim it as evidence first, I can't see how they could do shit.

Nichrome wire ignites magnesium starter, which sets off thermite, of an amount which will render the harddrive useless, but not burn the place to the ground. Zero explosives.

The times have come, when it's better to not have any private data on a computer that's connected to any network and have a computer disconnected from everything to store some private data if you really have to. It all goes down to trust to another human - in this case to the people who built and programmed your computer. Do you trust them? I have no reason to do so. It's really simple when you think about it. Looking for a good security implementation is futile. I think it's better to think what cool things can you do with a computer instead. Drop the security obsession, it's toxic and stops you from doing other things.

nakedsecurity.sophos.com/2016/04/28/suspect-who-wont-decrypt-hard-drives-jailed-indefinitely/

well thanks for proving my point buddy

Bump

Don't use passwords or encryption.
Use a stateless browser.

Keep everything in da cloud.

Fucking judge going to order you to give passwords for shit they don't even know you use? lel

I think you are missing the point, if your firmware has malware it doesn't matter what you do with the content.

Btw: blackhat usa memory sinkhole x86 really cool one

Also remember those kids who rm -rf their bios? Being able to write your bios in the latest msi laptops screams i like to be backdoored?

who fucking cares? no one here has firmware infected by the fucking nsa

jesus christ you people are fucking retarded

Just encrypt individual folders or files.

Lmao, are you fucking retarded?
Thats not even a doubt, everything is compromised or have security holes tm(software, so's,firmware), are you so fucking braindead?

Memory sinkhole x86, easily oberwritten bios in latest stuff, also microsoft botnet everywhere, you are a fucking ignorant.

>LOL MUH BOTNET

you are literally a Sup Forums tool. whatever helps you fit in here i guess.

here is a fucking tip: if the nsa actually cared about you nothing would stop them. grow a fucking brain you child

they can steal your encryption key and keylog your password, but they would still need physical access for your disk encryption to actually matter. you don't understand the threat model.

You just proved my point, if the nsa cared nothing would stop them, intense debate kek

If your firmware is compromissed they already have access, they don't even nees keyloggers... why people who don't know shit give their worthless opinions?

And then what? They still need physical access otherwise they upload your data and since retards like you have no concept of logging.

Trying to look smart is not working.

Who said anything about them uploading it anywhere? Why on earth would they do that? Do you see how limited are you, and even worse, project your own logical flaws on others?

Looking smart? To impress you? Lmao, yeah bro they will all remember that red pilled user, and oh wait, we are anons, idgaf of what your worthless opinion about me is

So then they need physical access to the drive. In which case you wouldn't last one night in jail anyways you fucking turbo nerd.

Go back to your linux shill threads.

How paranoid are you people ffs

Not paranoid enough.

The only way to be sure of your computer integrity is to build your own hardware.

That's a pain so instead I simulate a computer in Dwarf Fortress that runs on water wheels and screw pumps. Which in turn runs a copy of Minecraft that is simulating it's own computer.

Autism Inception.

>no effect
If the encryption is somehow done in the drive firmware or the drive controller has direct memory access then maybe. Otherwise all it can do is send your encrypted-by-not-the-drive data to the NSA. And even they can't crack AES256.

>Rewriting BIOS because of the efivars bug
All they could do is change a few config options the EFI exposed to the OS, not the entire firmware.

How do you jump from them not uploading it to phisical access? Lmfao, never shilled anything related to linux

kek

>you just said maybe, rest is irrelevant
If you and me can come with a maybe in a 2 minute discussion just as I wope up, imagine NSA with millions of shekels

>All they could do is change a few config options the EFI exposed to the OS, not the entire firmware.
thanks for the info, then again, the specific vuln is nothing but an example

>having all these knowledge regarding explosives
Nice, you just set yourself up for investigation

Don't worry, he seems ready. kek

>Knowledge regarding explosives
Or y'know, paid attention & got blinded in 8th grade science. The laws part comes from reading the NFA.
When the ATF can figure out how to entrap people who aren't literally retarded, arresting people because "shoestrings r masheengunz, and copper wool iz a suppressor", or hell, manage to park correctly, then I might consider them a hazard to anything other than a neighbors dog.

The problem is, they probably can, but they can't legally prove it, it is a very tricky part of the equation that most people overlook, the thing is, by the time they want to use it, it will be late. I just want to avoid not being in control, which is impossible in [current year] and will become harder and harder.

It is an interesting topic, about how police often use illegal means to internally prove it, and then find for a legal way to prove you are guilty, once you know who did what, you can find other ways of incriminating them.

Have you read what those fuckwits do? they set up a "sting shop" for months, can't catch so much as a dumbass gangster, so to save face they charged the actual mental deficient they hired to stock shelves.
That or they harass people for months on end to try to get someone to say "fuck it, if I do what you say will you leave me alone" then slap them with conspiracy to commit tax evasion, if they didn't actually do it. If they actually make something illegal, then its tax evasion & whatever else they can come up with (Selling/producing title II items without a licence).
If they can come up with anything, they break in and leave a statue of a hand flipping the bird.

>The only way to be sure of your computer integrity is to build your own hardware.
This, but we'd have to start from scratch. I'm sure there are anons ou there doing this, ofcourse they wouldn't reveal it to the world or they'd be infected by NSA spyware in no time. Let's just hope that one day, if they've finished their computer and it's ready to be massproduced, we can finally live in freedom
>inb4 the NSA finds out anyway and we'll allways be their puppet

If only we could have affordable FPGA's that could handle multicore and hit a decent clockspeed.

really all that needs to happen is to repeal the unconstitutional patriot act. Unfortunately if Hillary becomes president and she will, she has said her goal is to crate laws that get around the second amendment. If things keep following this pattern the president after her will create laws that take away the first amendment and then whats left? we just have to get used to being the governments bitch. because if the right to assemble and have free speech is gone we might as well live in a dictatorship. we'll be like every other shitbag country and all that our forefathers had fought for will be lost. It will lead to a very nasty cavil war against people that were just a few years ago perfectly upstanding citizens. the liberals against anyone that isnt a far left fascist.

>far left
>fascist

the chinks only care about your money, the NSA wants you to accept your fate as a pawn of the government

Only if you use standard solutions.

Change a couple details in the implementation, compile everything yourself, and suddenly NSA can't get to you.

You wouldn't imagine how easily you can keep hackers away by renaming all basic terminal tools, switching the order of parameters, and making a couple basic modifications to compilers so only you can make proper code they'll accept. Come up with your own norm which you use everywhere, and suddenly people will be completely unable to do anything.