Media Write Protection / Crypto Devices / BadUSB - #OpenFabs #OpenHW
Zenaan Harkness
zen at freedbms.net
Sat Oct 13 19:38:28 PDT 2018
On Sat, Oct 13, 2018 at 08:35:09PM -0400, Steve Kinney wrote:
> On 10/13/2018 08:42 AM, Mirimir wrote:
> >> There is never "no" disk, just a matter of which ones
> >> are plugged into the box, physically, or remotely.
> >
> > OK, I should have said "unless there _is_ no disk, as there _can be_ in
> > Tails". I've run Tails (and my own LiveCDs) on diskless machines. And
> > yes, using USB for live systems is iffy. But write-once CDs are pretty
> > safe, I think. No?
>
> Well heck, CDs are cheap. Write once, use once, melt once. If your
> trust in the Live CD vendor and the "trusted" device used to burn your
> stack of Live OS CDs is well founded, and the device booted into has no
> drive (or a power switch on the drive - a very trivial hack even with a
> laptop), the only things left to worry about are undocumented debugging
> modules on the CPU, and maybe undocumented BIOS or video chip features.
>
> If your activities present a target important enough to justify use of
> TS/SCI techniques against you, your activities are probably important
> enough to justify purchasing obsolete laptops in bulk and destroying
> each after one use. "Fingerprint MY hardware will ya, you bastards?
> HA! Take that!" Just sayin'.
Indeed.
Chameleon HW ftw I guess - #OpenHW #OpenFabs
Parameterizable everything - as in, every parameter which can be used
to identify say a network device and any anomalies it might otherwise
present to the world (clock skew, obvious MAC addy, any software/bios
built into the network chip "hardware" and its parameters) and of
course up the stack.
> Everything depends largely on one's threat model. Who are your
> potential adversaries, what are their potential resources, and what's
> their cost/benefit ratio for doing what it takes to crack your system?
> Educated guesses here establish parameters for reasonable defensive
> measures also based on cost/benefit factors. Spoiler: For most of the
> users most of the time, precautions beyond using a Live OS on a stick
> don't make much sense.
Ack.
> Always consider that the cost of using information obtained via a
> previously unsuspected attack vector includes a risk of exposing that
> vector's existence. Parallel construction covers a multitude of sins
> but not all of them, all of the time.
>
> :o)
More information about the cypherpunks
mailing list