16 comments

[ 2.7 ms ] story [ 42.3 ms ] thread
Why would you weigh the laptop? For malicious devices? The article doesn't make that clear and it doesn't seem to make that much sense.
Yes.

There are all sorts of nifty pieces of electronics that can be put inside of laptops.

You don't have to break a RSA key if you can just read the password off the keyboard.

Of course, now the warning is out, the spies can just remove enough unnecessary components to keep the weight constant. Still, I guess it at least makes their lives more difficult.
Very low on details.

Solution to malicious code being inserted into code by terrorists? Free Software.

How does that help? If a foreign government spy agency had access to your laptop, and replaced a binary with their own custom build - how would free software save you?
I don't think jrockway is referring to the software on the laptop, but rather software that the US government is buying. If the source code is available (especially as open source), malicious code should theoretically be less likely to make it in.
My laptop has 8 pounds worth of pirated movies in it.
I do not understand why weighting would be of any good. Does the laptop ever leave your hands?
Sure. Leave it in your hotel room when you go down for breakfast - service is pretty slow today for some reason...
Finally a market for "(hardware) honeypot" laptops.
With most laptops being assembled in China to begin with, does it really matter?
It does matter because the assembler doesn't know that Laptop #14838 will become the CIO's. For the same reason that the White House procures food by going to a random store on a random day -- to have a chance at poisoning the president, you'd have to poison a bunch of people. If 100K new laptops were bugged, you'd bet at least one hacker would notice.
This seems to me insane: if somebody has the access to your laptop to install malicious hardware, they also have access to install much more difficult to detect malicious software.