On Mon, Sep 8, 2014 at 4:12 AM, Elmar Stellnberger <[email protected]> wrote: > [...] > P.S.: URL about NSA regularely intercepting laptop shipments: > http://www.extremetech.com/computing/173721-the-nsa-regularly-intercepts-laptop-shipments-to-implant-malware-report-says >
Consider this -- How much is the NSA or some other similar organization going to pay to run a man-in-the-middle on you? How much would it cost them to intercept, not just the CD being shipped, but also your queries on random mirrors? (Not asking whether you consider yourself valuable enough to them that they would intercept your next hardware purchase, but you should ask yourself whether you really are that valuable to them.) I posted a bit of meandering on the subject recently which you might find interesting, Giancarlo's post to this thread makes for a lot quicker read. I think he oversimplifies the numbers, and I don't agree that the numbers improve with age -- there are balancing factors and one factor is exactly the value to them in targeting the individual in question, but I agree with his general message. It is worth checking the checksums from various sources, maybe at different times, from different machines, on different networks. How far you need to go, and how you devise your out-of-band checks is something you have to figure out. And do get the CDs. If they are intercepted and you check the checksums like you should, you have a good chance of finding out that you are targeted. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy.
