[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Media Write Protection / Crypto Devices / BadUSB - #OpenFabs #OpenHW

On Sat, Oct 13, 2018 at 08:35:09PM -0400, Steve Kinney wrote:
> On 10/13/2018 08:42 AM, Mirimir wrote:
> >> There is never "no" disk, just a matter of which ones
> >> are plugged into the box, physically, or remotely.
> > 
> > OK, I should have said "unless there _is_ no disk, as there _can be_ in
> > Tails". I've run Tails (and my own LiveCDs) on diskless machines. And
> > yes, using USB for live systems is iffy. But write-once CDs are pretty
> > safe, I think. No?
> Well heck, CDs are cheap.  Write once, use once, melt once.  If your
> trust in the Live CD vendor and the "trusted" device used to burn your
> stack of Live OS CDs is well founded, and the device booted into has no
> drive (or a power switch on the drive - a very trivial hack even with a
> laptop), the only things left to worry about are undocumented debugging
> modules on the CPU, and maybe undocumented BIOS or video chip features.
> If your activities present a target important enough to justify use of
> TS/SCI techniques against you, your activities are probably important
> enough to justify purchasing obsolete laptops in bulk and destroying
> each after one use.  "Fingerprint MY hardware will ya, you bastards?
> HA!  Take that!"  Just sayin'.


Chameleon HW ftw I guess - #OpenHW #OpenFabs

Parameterizable everything - as in, every parameter which can be used
to identify say a network device and any anomalies it might otherwise
present to the world (clock skew, obvious MAC addy, any software/bios
built into the network chip "hardware" and its parameters) and of
course up the stack.

> Everything depends largely on one's threat model.  Who are your
> potential adversaries, what are their potential resources, and what's
> their cost/benefit ratio for doing what it takes to crack your system?
> Educated guesses here establish parameters for reasonable defensive
> measures also based on cost/benefit factors.  Spoiler:  For most of the
> users most of the time, precautions beyond using a Live OS on a stick
> don't make much sense.


> Always consider that the cost of using information obtained via a
> previously unsuspected attack vector includes a risk of exposing that
> vector's existence.  Parallel construction covers a multitude of sins
> but not all of them, all of the time.
> :o)