On Sat, Oct 13, 2018 at 08:35:09PM -0400, Steve Kinney wrote:
On 10/13/2018 08:42 AM, Mirimir wrote:
There is never "no" disk, just a matter of which ones are plugged into the box, physically, or remotely.
OK, I should have said "unless there _is_ no disk, as there _can be_ in Tails". I've run Tails (and my own LiveCDs) on diskless machines. And yes, using USB for live systems is iffy. But write-once CDs are pretty safe, I think. No?
Well heck, CDs are cheap. Write once, use once, melt once. If your trust in the Live CD vendor and the "trusted" device used to burn your stack of Live OS CDs is well founded, and the device booted into has no drive (or a power switch on the drive - a very trivial hack even with a laptop), the only things left to worry about are undocumented debugging modules on the CPU, and maybe undocumented BIOS or video chip features.
If your activities present a target important enough to justify use of TS/SCI techniques against you, your activities are probably important enough to justify purchasing obsolete laptops in bulk and destroying each after one use. "Fingerprint MY hardware will ya, you bastards? HA! Take that!" Just sayin'.
Indeed. Chameleon HW ftw I guess - #OpenHW #OpenFabs Parameterizable everything - as in, every parameter which can be used to identify say a network device and any anomalies it might otherwise present to the world (clock skew, obvious MAC addy, any software/bios built into the network chip "hardware" and its parameters) and of course up the stack.
Everything depends largely on one's threat model. Who are your potential adversaries, what are their potential resources, and what's their cost/benefit ratio for doing what it takes to crack your system? Educated guesses here establish parameters for reasonable defensive measures also based on cost/benefit factors. Spoiler: For most of the users most of the time, precautions beyond using a Live OS on a stick don't make much sense.
Ack.
Always consider that the cost of using information obtained via a previously unsuspected attack vector includes a risk of exposing that vector's existence. Parallel construction covers a multitude of sins but not all of them, all of the time.
:o)