[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Media Write Protection / Crypto Devices / BadUSB - #OpenFabs #OpenHW

On 10/13/2018 08:42 AM, Mirimir wrote:

>> There is never "no" disk, just a matter of which ones
>> are plugged into the box, physically, or remotely.
> OK, I should have said "unless there _is_ no disk, as there _can be_ in
> Tails". I've run Tails (and my own LiveCDs) on diskless machines. And
> yes, using USB for live systems is iffy. But write-once CDs are pretty
> safe, I think. No?

Well heck, CDs are cheap.  Write once, use once, melt once.  If your
trust in the Live CD vendor and the "trusted" device used to burn your
stack of Live OS CDs is well founded, and the device booted into has no
drive (or a power switch on the drive - a very trivial hack even with a
laptop), the only things left to worry about are undocumented debugging
modules on the CPU, and maybe undocumented BIOS or video chip features.

If your activities present a target important enough to justify use of
TS/SCI techniques against you, your activities are probably important
enough to justify purchasing obsolete laptops in bulk and destroying
each after one use.  "Fingerprint MY hardware will ya, you bastards?
HA!  Take that!"  Just sayin'.

Everything depends largely on one's threat model.  Who are your
potential adversaries, what are their potential resources, and what's
their cost/benefit ratio for doing what it takes to crack your system?
Educated guesses here establish parameters for reasonable defensive
measures also based on cost/benefit factors.  Spoiler:  For most of the
users most of the time, precautions beyond using a Live OS on a stick
don't make much sense.

Always consider that the cost of using information obtained via a
previously unsuspected attack vector includes a risk of exposing that
vector's existence.  Parallel construction covers a multitude of sins
but not all of them, all of the time.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20181013/c41296c5/attachment.sig>