So all of you have probably read or heard about the CIA leak that says that the CIA compromises TVs, smartphones and not only Windows and Mac computers, but also Linux computers.<p>Now my understand is that <i>my</i> particular notebook is rather secure against any remote attack: my browser doesn't launch java programs/applets, I don't have flash installed, my email client (mu4e) doesn't run code from attachments, there are almost (!) no services running (postfix, cupsd and sshd are an exception) - so how the hack does the CIA (or anybody else for that matter) get into my notebook?<p>I would assume that either my browsers (chromium or firefox) have security holes that I am unaware of or... or what?<p>Attacking the Linux kernel on IP level? Using electromagnetic waves to flip bits on my SSDs?<p>Please post as many ideas and details as you have - I would like to summarise this thread later to make a list of things to be done for other Linux users to secure their desktop / notebook system.<p>Let's not focus on the physical aspects, as going to a computer and changing stuff physically, even with a partially encrypted drive, is rather easy and cannot be easily prevented.
For a three letter agency or a state sponsored entity, the way to exploit a Linux notebook would be to exploit Unix and C and various utilities at the source code level starting in the 1970's. To have not done so would have been professionally incompetent. To not continue to do so today would also be.<p>Even if one does not believe that Bell Labs and MIT are part and parcel of the military industrial complex, Naval Research Labs from whence came Tor and DARPA from whence came the internet are undeniably so. If you're not a baby boomer or possibly early GenX, odds are your computer was basically PWND before you were born. Consider that the ARPA net lacked most all the security features considered essential on modern networks but the motivations to snoop computers were very similar to those today.<p>That does not mean that security won't reduce ordinary exploits, but agencies like the NSA and KGB have office buildings full of Moxie Marlinspike's working 9-5 year in and year out to obtain signals intelligence. They work in a context where there are billions of dollars to fund research and nearly a century of institutional knowledge backed by patriotic zeal.
A well secured Linux computer, especially when behind a robust firewall would probably not be easy to compromise, if at all. An well secured OpenBSD system is likely to be even more resilient.<p>Since Linux is used by Android and shipped as many different distros, in a general sense, there probably are a multitude of security holes. IoT devices are even more of a concern. The problems with these Linux deployments is not with Linux kernel nor GNU utilities per se, but with the insecure configuration and poorly written apps.<p>You are probably referring to (almost-)fake news articles, by sloppy journalists. They rarely research properly their topics, nor do they provide suitable caveats. Sensationalism wins the day for them.