Relflections On IT Insecurity
If this
http://www.infoworld.com/d/security/in-his-own-words-confessions-of-cyber-warrior-222266
is true (which I consider entirely plausible based on my knowledge of C, C++ and the US "defense" attitude), then the entire device from CPU to OS to Office program needs to be distrusted.
So:
+ cut the WLAN antenna physically, it might turn on when you don't want it
+ connect to other networks via a RaspberryPI router to your corporate/org firewall
+ inspect all traffic heavily and diligently at the firewall
+ blacklist all the "social" crap from gmail to f-book - intransparent traffic you cannot properly inspec
+ encrypt in the RaspPI as you cannot possibly trust the craptop. End-to-end crypto has drawbacks
Of course that implies
-you trust the RaspPI hardware
-you trust the RaspPI VPN software
But that is a much smaller endeavour than just verifiying the Intel guys of this globe (some of them are NOT located in USA, but in that belligerent country) did not fuck up the CPU.