Hacker News new | past | comments | ask | show | jobs | submit login

Thanks, I guess I should be specific about threat modelling.

Let's say I am a sensitive US gov worker or contractor, or I work on state of the art tech/research in the USA. (all juicy targets for the CCP)

I would be correct in thinking that Intel Management Engine is likely NSA pwned, and likely not CCP pwned, correct?




Generally, yes, as Intel is a US company.

That is of course assuming that the CCP didn't reverse engineer or crack it or hack NSA and also have access.

I think you will be better served by articles/blogs by the likes of librem and amnesty (I'm thinking of the group that found pegasus, I think it was some other human rights org from Canda?)/eff. Those guys will have better suggestions to harden your device. Also - ask your IT guy, or the IT guy of the US govt dept where you're working for their best practices.

Hacking risks can either be specific (eg Bezos being personally targeted) or a catch-all (eg stuxnet) where they target your entire department. If you're just one of hundreds of contractors you're likely in the second category which is relatively easier to protect yourself from.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: