
Ask HN: How to exploit Linux notebooks? - telmich
So all of you have probably read or heard about the CIA leak that says that the CIA compromises TVs, smartphones and not only Windows and Mac computers, but also Linux computers.<p>Now my understand is that <i>my</i> particular notebook is rather secure against any remote attack: my browser doesn&#x27;t launch java programs&#x2F;applets, I don&#x27;t have flash installed, my email client (mu4e) doesn&#x27;t run code from attachments, there are almost (!) no services running (postfix, cupsd and sshd are an exception) - so how the hack does the CIA (or anybody else for that matter) get into my notebook?<p>I would assume that either my browsers (chromium or firefox) have security holes that I am unaware of or... or what?<p>Attacking the Linux kernel on IP level? Using electromagnetic waves to flip bits on my SSDs?<p>Please post as many ideas and details as you have - I would like to summarise this thread later to make a list of things to be done for other Linux users to secure their desktop &#x2F; notebook system.<p>Let&#x27;s not focus on the physical aspects, as going to a computer and changing stuff physically, even with a partially encrypted drive, is rather easy and cannot be easily prevented.
======
brudgers
For a three letter agency or a state sponsored entity, the way to exploit a
Linux notebook would be to exploit Unix and C and various utilities at the
source code level starting in the 1970's. To have not done so would have been
professionally incompetent. To not continue to do so today would also be.

Even if one does not believe that Bell Labs and MIT are part and parcel of the
military industrial complex, Naval Research Labs from whence came Tor and
DARPA from whence came the internet are undeniably so. If you're not a baby
boomer or possibly early GenX, odds are your computer was basically PWND
before you were born. Consider that the ARPA net lacked most all the security
features considered essential on modern networks but the motivations to snoop
computers were very similar to those today.

That does not mean that security won't reduce ordinary exploits, but agencies
like the NSA and KGB have office buildings full of Moxie Marlinspike's working
9-5 year in and year out to obtain signals intelligence. They work in a
context where there are billions of dollars to fund research and nearly a
century of institutional knowledge backed by patriotic zeal.

~~~
CyberFonic
Well that would have to be the case not only for Linux, but Windows, etc.
There are far more Windows systems, so the odds are that finding "useful"
information is even higher.

~~~
brudgers
Yep. And the folks in China would be slackers if they weren't putting back
doors as devices roll down the assembly line (likewise for manufacturing
accessible to US interests).

------
CyberFonic
A well secured Linux computer, especially when behind a robust firewall would
probably not be easy to compromise, if at all. An well secured OpenBSD system
is likely to be even more resilient.

Since Linux is used by Android and shipped as many different distros, in a
general sense, there probably are a multitude of security holes. IoT devices
are even more of a concern. The problems with these Linux deployments is not
with Linux kernel nor GNU utilities per se, but with the insecure
configuration and poorly written apps.

You are probably referring to (almost-)fake news articles, by sloppy
journalists. They rarely research properly their topics, nor do they provide
suitable caveats. Sensationalism wins the day for them.

