I dare to say that E.S. seems to me not quite thoughtful of the lower ring
issues. In his Twitter feed he merely says "Use Tor, use Signal" which is
meaningless considering the former. This makes me question the actual
competence of the guy as these are really superficial statements (even more
considering what you say - windows etc).
> And the fact that he managed to not get caught in spite of *that* security
flop is still more interesting.
Well, let's not forget that just because we consider that something is
possible (a low lever back door) doesn't mean it is necessarily easy,
especially in particular circumstances, e.g. accessing the machine behind a
firewall, or having it online for too short time to perform an attack.
Additionally as an NSA employee he surely knows how his colleagues would
proceed, so he may be able to avoid certain attacks through that info, at
least in a certain time span until they develop new strategies. So that may
be a factor of "luck" as well.
> A separate topic to discuss vulnerabilities, possible attack vectors and
defenses would have been nice, and I had hoped that of the security thread in
troll lounge, albeit it has diverged into something else.
We still have that but perhaps it deserves a thread of its own. But what
more/new could we really say about it? As you can see in the video I linked
there is some research going on. Perhaps you can join that approach if you
feel going down to the oscilloscope level but it seems to me reverse
engineering (mouse) will never beat evil engineering (cat) and its
legislation at mass scale (tiger).