Hector Martin

You seem to think my job is to convince you. My task's securing my computers. Ocasionally advice for others own good/public benefit. And pick big problems/threats for conferences so folks can work on. You think I'm crazy? Enjoy life in the Prepositioned Cyberasset Club.

*My* job is security, and when stuff like BadBIOS makes headlines it's an embarrassment to my field. *You* have a delusional paranoia problem, and I'm trying to help you because otherwise you'll convince other, less clueful people of your nonsense and it'll spiral out of control.

Meanwhile I consider such obliviousness to advanced attackers somewhat embarrasing. I think we have detente.

I'm cognizant of advanced attackers. They just don't happen to be your problem. Your problem is delusional paranoia.

Really now? When was the last time you analyzed a rootkit on your machine? Caught any APTs and learned any cool new tricks from them lately? That's the fun part when they suprise you. But it sounds like you'd rather stay sleepy and oblivious.

You see, my thing happens to be *hardware* security, not soft APTs. Which is what *you're* stumbling through, cluelessly mistaking every second triviality for an IOC. I have no idea how to analyze Windows kernel rootkits but I can damn well tell you your scope traces are normal.

Are machines compromised? Who knows, but I am carefully observant of their behavior and have no reason to believe that they are. But if I *had* a reason, I wouldn't be tweeting mains noise scope traces. Within 24 hours the world would have IDBs of whatever it was if it were real.

Because this *is* my field, I've pentested SoCs and embedded devices, I know where you can hide things and where you can't, I know how Flash memory buses work, I have the tools and I know how to use them. And *you* clearly don't.