BadBIOS forensics
rysiek
rysiek at hackerspace.pl
Thu Jul 17 03:49:22 PDT 2014
Dnia środa, 16 lipca 2014 10:41:34 Steve Furlong pisze:
> On Wed, Jul 16, 2014 at 7:19 AM, Bluelotus <bluelotus at openmailbox.org>
>
> wrote:
> > I am donating BadBIOS infected laptops, flashdrives, tampered live fedora
>
> CD, infected personal files (plain text files, MP3, PDF, jpg, tiff, doc),
> infected external DVD writer, etc. to any one interested in conducting
> forensics
>
>
> Forensics is fine, I suppose, but wouldn't it be better to donate them to
> some organization that you don't like? The reelection committee for some
> politician you don't like, a lobbying group whose position you despise, or
> a charity which is conspicuous for high overhead might be deserving
> recipients.
No. I feel an internal disgust at such an idea. Had you full control of the
bugs/implants and could actually get the info/data out and then leak it to
Wikileaks/whatever, then it would have a shred of sense, because you could use
these tools as a force for good.
The way it is, you don't have such control. So you would be giving these away
to some orgs you don't like hoping this will get them in hot water with the
NSA/the government.
There are two scenarios here. Either you'd be de facto giving a present to the
NSA -- and I don't feel like giving the NSA presents; or, it would be an org
that works with the NSA, or at least is conducive to whatever the gov does --
hence, the implant-gathered data would not be used.
Of course you could also hit a potential whistleblower within such an
organisation, which would be even worse.
Either way, a bad, bad idea.
Forensics is the way here.
> (Not on topic, but I never donate cash to charities or other
> not-for-profits. I've done various support work (as a paid consultant) for
> quite a few NFPs, including work on their accounting databases, and every
> single one had funny business going on with the money. Not necessarily
> covering up pilferage by corporation bosses, though there was some of that,
> but always overhead that was much higher than reported. And usually the
> total compensation of the bosses was much higher than reported, if you
> include non-trivial expenses like paid-for cars. I'm not interested in
> putting money in the pocket of someone with three times my income while
> they poor-mouth to get more donations.)
Sorry you had bad experiences. I work in an NGO that tries to be at least
partially funded by donations, and it's fucking hard. We want to be funded by
donations because being funded by grants or sponsors is always a "strings
attached" situation, and we need to be as independent as possible. Employees
here get decent, but not high, pay, and there are no perks like paid-for cars.
--
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140717/574206bc/attachment-0002.sig>
More information about the cypherpunks
mailing list