Actually, there have been more revelations of spookery since this thread began, and it's considerably worse if you use any wireless to communicate (cel tower stuff). As in the "authority" that provides the unique ID for phones has also been hacked, and that ID is used as the once-almost-a little-secure crypto they used in comm with the towers - on top of the rest. This is all over the net for the usual couple days till the news cycle moves on due to no one caring (or feeling utterly helpless) or having a too-short attention span. But this is the horse's mouth.
https://www.schneier.com/blog/archives/2015/02/nsagchq_hacks_s.html
I had this link at my site:
http://www.bunniestudios.com/blog/?p=3554
What it boils down to is "no, you're theirs if they want you, period". SSDs also have a little computer running firmware, and as Bunnie points out, need it worse than regular hard drives. Long gone are the days where "sector 0" was actually at address zero, due to yield issues. In fact, ALL disk drive types have defects due to the push to ever higher densities - bits per buck (and per joule, so your phone battery lasts longer - we asked for this). Thus they require something in them (or a bunch of software on the host CPU, but this has been done the way its done for a long time now) to re-map the good sectors so that they look like nice contiguous media with a sector at every valid address, no matter where the actual bad sectors are. In fact, they overprovision (eg make them bigger than they say) knowing ahead of time that some of the storage will be bad initially, as well as go bad over time.
The firmware in the on-drive controller takes care of this. That's what has been compromised. Drive type doesn't matter one bit - or even USB sticks as Bunnie has shown,
and that without the resources of a state actor.
Since Reuters itself is kind of an attack, here's a better analysis from Ars Technica: Ars:
http://arstechnica.com/security/2015/02 ... d-at-last/
Since it's far easier to "root" all windows than almost anything else, I'd not be running windows, personally, but I understand that it's merely a matter of difficulty, not a binary thing. I find the total lack of revelations around Linux exploits more worrying, actually. Dogs that don't bark are sometimes
more informative. Once rooted (or admined, but that never took off as nomenclature), it no longer really matters if what you think of as your hardware has been rooted separately, though some of the mentioned exploits only work (as is) on one opsys, the one they were designed for. However, once you have a backdoor, if someone changes opsys - you still have the backdoor, and can simply re-install the right exploit for the new one if you should care to.
No, it's unlikely Snowden knew everything. We can assume that everything he knows is a base case, not the ultimate abilities. (I don't think we can even assume he's read it all yet, it's a lotta stuff.) That doesn't really make it better, does it? And we haven't seen all he revealed. He decided to do a major dump to what he considered to be responsible media, and allow them to decide what to share with the rest of us. Even Bruce Schneier (
whose website I've been looking at for well over a decade, he's the "Chuck Norris" of security) has agreed to this deal, even though he is one of those who has seen it all. There are some interesting articles up there right now (he also provides archives of past ones). I found this interveiw between those two interesting, though it might bore some - due to what I read between the lines, given that both have decided to let someone else decide what's released to the masses. I found the words "At scale " and "multilevel crypto" quite interesting in that context. It implies that there's significant automation, they don't have enough trusted farmboys from Iowa to look at all this, and depend on their machines for most of their peeking into things. This means they are subject to flooding with false positives....
<- interview of actual experts
Right now, it appears to be the actions of a government (or actually a group of them) that are afraid of their people in the very most wrong way - not that we'd vote out someone (or that it would even matter, since who you get to vote for is chosen a long time before any fliers are printed and everyone seriously vetted at any level above dog catcher) - these are the actions of governments afraid of a revolution. The thinking (if you can call it that) is that such would be lot easier to nip in the bud, before anyone can get a group of size together - fewer people to ship to Gitmo and so on, so it would raise less ruckus as fewer people would notice just a few folks getting stepped on versus a major confrontation, and it's by far easier to tactically outnumber one small group (or one individual) at a time.
You could wonder why no politician (who at least in theory, hold the purse strings for all this) has really gotten serious about it - I don't know any actual people who are
for this stuff, beyond
paid internet astroturfers - which they admit they are dong. The explanation is simple. We already lost. If you were even the most brain-dead bureaucrat in this outfit, who would you get the dirt on first? Know of any high level pols who are clean? Does it even matter in these days where a nonlinear audio editor I wrote myself in the 90s can take some recordings of you and make you say anything I want in your own voice so well dog himself couldn't tell? How about photoshop (or gimp if you're a linux head as I am)? We don't even need to catch them with the little boys etc, or wads of cash when we can just make evidence up. Multiple ways to get to the same goal.
I'll leave my tinfoil hat off for now - this doesn't require one, Occam's razor works fine all by itself for this. Simple explanations are usually better.
Having said that - my locks won't keep out a determined opponent, but they might send him next door to burglarize you instead. The key might be staying off the radar. Like Bruce and Ed, I'm well enough known to be on the radar no matter what I do - it's a weird kind of freedom to say what I think - I can't be disappeared easily. But this doesn't apply to everyone. Get the hint?