On Thu, Feb 7, 2013 at 3:06 PM, Jacob Appelbaum <[email protected]> wrote:
> > This is a new (to me) feature; thanks for pointing it out. I'm glad to > see it finally landed and is in production. Would someone with a > ChromeOS device test the VPN to see if it leaks the way that we > described in our vpwned[0] paper? > Ah, no problem. It's actually been a feature since August 2011. I do have a Chromebook and will test out the VPN and monitor traffic if I have time this weekend. > > It should be rather straight forward to see if it leaks with trivial > tests. Killing the VPN to see if it fails open should also be straight > forward. I would be pleasantly surprised if they were not vulnerable to > either of those issues. I asked a ChromeOS security person their > thoughts on the matter and passed them our paper; we'll see what they say. > > All the best, > Jake > > [0] > https://www.usenix.org/system/files/conference/foci12/foci12-final8.pdf > > >> > >> > > > >>> > >>> > >>> > >>> On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi <[email protected]> > wrote: > >>> > >>>> The biggest (and very important) difference between Linux and > >> Chromebooks > >>>> is the hugely smaller attack surface. > >>>> > >>>> > >>>> NK > >>>> > >>>> > >>>> On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley < > [email protected] > >>> wrote: > >>>> > >>>>> Andreas, > >>>>> > >>>>> Plenty of Syrians do have internet access, and use it on a regular > >> basis. > >>>>> > >>>>> Also, lack of appropriateness for one use-case doesn't necessitate > lack > >>>>> of appropriateness across the board. > >>>>> > >>>>> Linux is a great solution for many use cases, but as has been > >> elaborated, > >>>>> quite a terrible one for many others. > >>>>> > >>>>> Brian > >>>>> > >>>>> > >>>>> On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader < > [email protected] > >>> wrote: > >>>>> > >>>>>> On 02/06/2013 04:24 PM, Tom Ritter wrote: > >>>>>>> Nadim, I'm with you. I'm not sure it's the perfect solution for > >>>>>>> everyone, but like Nathan said, if you already trust Google, I > think > >>>>>>> it's a good option. > >>>>>>> > >>>>>>> On 6 February 2013 07:12, Andreas Bader <[email protected]> > >>>>>> wrote: > >>>>>>>> Why don't you use an old thinkpad or something with Linux, you > have > >>>>>> the > >>>>>>>> same price like a Chromebook but more control over the system. And > >> you > >>>>>>>> don't depend on the 3G and Wifi net. > >>>>>>> We started with the notion of Linux, and we were attracted to > >>>>>>> Chromebooks for a bunch of reasons. Going back to Linux loses all > >> the > >>>>>>> things we were attracted to. > >>>>>>> > >>>>>>> - ChromeOS's attack surface is infinitely smaller than with Linux > >>>>>>> - The architecture of ChromeOS is different from Linux - process > >>>>>>> separation through SOP, as opposed to no process separation at all > >>>>>>> - ChromeOS was *designed* to have you logout, and hand the device > >> over > >>>>>>> to someone else to login, and get no access to your stuff. Extreme > >>>>>>> Hardware attacks aside, it works pretty well. > >>>>>>> - ChromeOS's update mechanism is automatic, transparent, and > >> basically > >>>>>>> foolproof. Having bricked Ubuntu and Gentoo systems, the same is > not > >>>>>>> true of Linux. > >>>>>>> - Verified Boot, automatic FDE, tamper-resistant hardware > >>>>>>> > >>>>>>> Something I'm curious about is, if any less-popular device became > >>>>>>> popular amoung the activist community - would the government view > is > >>>>>>> as an indicator of interest? Just like they block Tor, would they > >>>>>>> block Chromebooks? It'd have to get pretty darn popular first > >> though. > >>>>>>> > >>>>>>> -tom > >>>>>>> -- > >>>>>>> > >>>>>> But you can't use it for political activists e.g. in Syria because > of > >>>>>> its dependence on the internet connection. This fact is > authoritative. > >>>>>> For Europe and USA and so on it might be a good solution. > >>>>>> -- > >>>>>> Unsubscribe, change to digest, or change password at: > >>>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> > >>>>> > >>>>> > >>>>> Brian Conley > >>>>> > >>>>> Director, Small World News > >>>>> > >>>>> http://smallworldnews.tv > >>>>> > >>>>> m: 646.285.2046 > >>>>> > >>>>> Skype: brianjoelconley > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Unsubscribe, change to digest, or change password at: > >>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech > >>>>> > >>>> > >>>> > >>>> -- > >>>> Unsubscribe, change to digest, or change password at: > >>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech > >>>> > >>> > >>> > >>> > >>> -- > >>> Unsubscribe, change to digest, or change password at: > >> https://mailman.stanford.edu/mailman/listinfo/liberationtech > >>> > >> > >> -- > >> Unsubscribe, change to digest, or change password at: > >> https://mailman.stanford.edu/mailman/listinfo/liberationtech > >> > > > > > > > > -- > > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
