shipment interdiction [was: BadBIOS forensics]

[bryan@thestarbucks.com (Bryan Starbuck)]

If you donâ??t mind saying, can you say if you are a US citizen?  (Probably)

Do you work on an open source project like TOR?  Do you think they do that because you do development?

Iâ??d love if we build a profile of who they actively perform hardware attacks on.  They likely repeat this on categories of people (TOR devs, employees at CAs, etc.).   Even if you can give a vague category (crypto-currency vs open source file system encryption, etc.)

That one lady on twitter was a TOR dev.

Iâ??d love us to deduce as many patterns as possible, so those people can be incredibly diligent.

Best,
-Bryan

Bryan Starbuck   |  Bryan@TheStarbucks.com

On Jul 19, 2014, at 5:25 PM, coderman <coderman@gmail.com> wrote:

> On Sat, Jul 19, 2014 at 5:20 PM, Bryan Starbuck <bryan@thestarbucks.com> wrote:
>> I like buying a computer in a surprise visit to an apple store or a store
>> that sells windows computers.
> 
> 
> agreed; on site ad-hoc cash purchases the best procurement technique.
> not infallible by any means, but at least avoids some known problems
> like this amusing scenario.
> 
> (shipments from the Seattle Amazon warehouse to Kansas before delivery
> to Oregon was also funny.)
> 
> 
> repeat for emphasis:
> - keep chain of custody of sensitive hardware at all times
> - never procure or ship through mail. at one point, priority same day
> air would get a pass, but even this no longer suitable.
> 
> 
> best regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140719/3f7a9984/attachment.html>