> True if you consider physical attacks and for most hardware, otherwise mostly > false. Anything can be hacked is also one of my biggest annoyances as a mantra > from "infosec", that gets more money than it deserves in comparison to real > security, like OpenBSD works on.
We know from Snowden, that supply chain attacks are a common thing. If someone can modify the hardware sent to certain people on your list, then operating system security is no longer the most pressing concern. "Cord" claims, that people with great resources are out there to get his boxes hacked. Obviously I can not verify his claim. And I stand by my statement: ordering a computer and setting it up with a secure operating system is insufficient to maintain control over your server. I do concur with your assessment, that 99% of concerned people are way to unimportant to attract any government attacks. These 99% certainly include me. Attacking a server always comes with a risk of discovery, therefore I do not believe, that these agencies conduct mass hacks of random servers. > > Even OpenBSD had a remote root hole just a few weeks ago. > I believe that is false too. You're kidding, yes? Did you somehow miss the opensmtp hole? https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ Cheers, Rudi
