You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
I wonder if any of the people crying "omg secure boot is dead, if I get owned I could have malware forever in my BIOS" are actually running a proper secure boot system with all the obvious backdoorable parts secured (at least those you can do anything about).
That means all the firmware on your add-in cards and miscellaneous perioherals has to be signed and measured at boot. Everything must have anti-rollback protection. Yes, that includes your Ethernet and USB3 and SAS controllers. And your GPU. And a zillion other things.
And I hope you're running with a full IOMMU implementation. And you've certainly audited all the drivers to make sure they aren't trivially exploitable (hint: most are). And you're using a TPM to hold all your keys outside the CPU.
And of course you've audited your BIOS and found all the bugs in the UEFI reference implementation, all the bugs added by the BIOS OEM, all the bugs added by your CPU vendor, all the bugs added by your motherboard vendor, and all the bugs in any modules and OS loader.
What, you're not doing half of those things? Congrats, the NSA and anyone else who bothers to invest the time already has a half dozen malware persistence vectors for your hardware and there's squat you can do about it.
Keep people away from root on your machine and hope for the best. At least AMD doesn't stick a webserver with a huge attack surface in there, unlike Intel. If you want real security, you need to design your own motherboard where *you* control and sign and validate flash.
Does such a thing even exist for people who don't have unlimited time and resources?
Not really. The closest you can come is securing your SPI BIOS flash with a secure interposer (a la Google) and eliminating as much flash as possible from the rest of the system (make sure everything is loaded at boot instead). The latter part is quite difficult to achieve 100%.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
