About physical access - there is one non-physical solution to this - hide the location of the server behind tor, proxies etc. Seems to work remarkably well for pirate bay. I cant imagine its that big a secret as to where the packets are routed from the current proxy to the current physical host, but seemingly NSA type resources have not been brought to bear against it. Step one for the attacker is to find it. Maybe physical tamper detection can wipe the RAM, cold reboot as the cage unlocked, or box is opened, and immediately switch to the back up server in a different tor hidden physical location. One thing that occurs to me is that aside from the laundering of NSA tip offs to FBI etc with faked plausible trails, that have been reported on lately; there was an aspect that they would be hesitant to reveal what they could tap, correlate etc, or under what circumstances they would abuse national security (military) resources for various levels of criminal activity (major, organized to minor, petty, or political misuse). But the very fact that Snowden did the world a favour in disclosing the illegal activities of the NSA and global partners, now people know what they are doing or can better imagine, and not discount as paranoia, consequently maybe once the dust has settled they will feel freer to feed ever more petty or political or corporate espionage related information. After all they'd no longer be risking knowledge of information capability, or political willingness. Everyone pretty much figures they're in it up to their elbows with corporate espionage (boeing vs airbus wiretaps), minor crimes with fabricated evidence trails (maybe they wont bother fabricating them even in future) and perhaps the political stuff though that is really evil and anti-democractic (eg tea-party member IRS audits, blackmail etc). It seems to me companies need to delegate code review and signing to a civil society charitable organization with smart use of jurisdictions. eg Germany (chaos computer club code signing silent circle code?), Switzerland, Iceland, or psuedonymous but high reputation individuals or groups. Or privacy groups which may have a more clear disinterest and immunity from financial blackmail (like USG will cancel contracts if ISP, internet service, or softwre company doesnt fold to NSL or other extra-legal threats). Or maybe EFF, privacy international etc. Via their lawyers they could retain a highly competent and pseudonymous team of technical reviews and code signing that companies that care to demonstrate their alignment to providing end to end secure services to their users would if it became popular given an explanation of why they were not protected by independent review based code signatures. Adam On Sun, Aug 11, 2013 at 02:27:54AM -0700, coderman wrote:
5. don't forget physical security - this is the universal oversight and most effective end run around all other operational and technical security measures. there is a reason physical access so often implies "game over" and why black bag jobs are still and will continue to be effective against all targets.