Right-o. I don't understand why people latched onto shipping carriers as being the most likely suspect for hardware bugging by operations like NSA's TAO. They have very slim timelines to hand over a package without someone noticing it's been in Reston, VA for two days.
Really, to me at least, the most probable corporate suspect would be the hardware vendors themselves. Dude you're getting a Dell.™
As Schneier recently said, assume everything is vulnerable by default [1], and work with the machines having that in mind. Until everything from the hardware level to the OS and applications is open source (which is pretty much the way FSF has always told us it should be, because they feared the outcome we've already seen), we can't trust them, and even then we have to be very careful about bugs.
