If you don’t mind saying, can you say if you are a US citizen?  (Probably)

Do you work on an open source project like TOR?  Do you think they do that because you do development?

I’d love if we build a profile of who they actively perform hardware attacks on.  They likely repeat this on categories of people (TOR devs, employees at CAs, etc.).   Even if you can give a vague category (crypto-currency vs open source file system encryption, etc.)

That one lady on twitter was a TOR dev.

I’d love us to deduce as many patterns as possible, so those people can be incredibly diligent.

Best,
-Bryan

Bryan Starbuck   |  Bryan@TheStarbucks.com

On Jul 19, 2014, at 5:25 PM, coderman <coderman@gmail.com> wrote:

On Sat, Jul 19, 2014 at 5:20 PM, Bryan Starbuck <bryan@thestarbucks.com> wrote:
I like buying a computer in a surprise visit to an apple store or a store
that sells windows computers.


agreed; on site ad-hoc cash purchases the best procurement technique.
not infallible by any means, but at least avoids some known problems
like this amusing scenario.

(shipments from the Seattle Amazon warehouse to Kansas before delivery
to Oregon was also funny.)


repeat for emphasis:
- keep chain of custody of sensitive hardware at all times
- never procure or ship through mail. at one point, priority same day
air would get a pass, but even this no longer suitable.


best regards,