> attacking the hardware or firmware is hard while attacking the
> bootloader is easy
Until software is abused in unintended ways to give access to firmware.
Remember a computer virus that bricked many main boards in the late
90ties and the response and solution the industry provided to that?
> Ted Unangst:
> > If an adversary gains possession of your hard drive and gives it
> > back to you, throw it away.
>
> li...@wrant.com:
> > The advice Ted gives is much more than simply correct, it can
> > further be extended to "do NOT accept electronics from people
> > you can't accept in
Ted Unangst:
> If an adversary gains possession of your hard drive and gives it back to you,
> throw it away.
li...@wrant.com:
> The advice Ted gives is much more than simply correct, it can further
> be extended to "do NOT accept electronics from people you don't know":
Now think about the
> If an adversary gains possession of your hard drive and gives it back
> to you, throw it away.
The advice Ted gives is much more than simply correct, it can further
be extended to "do NOT accept electronics from people you don't know":
OHM2013 Hard disks: More than just block devices
It doesn't have to be always thrown away.
After some thinking, it could make a good entrapment technique.
1) create an unencrypted /boot volume and save a healthy offline
(usb?) backup you can use for comparison
2) hashcheck (from a usb-boot environment) and then boot normally the
system if
Theodoros wrote:
> Fair point!
> It would make it more complicated for an adversary, but not impossible.
If an adversary gains possession of your hard drive and gives it back to you,
throw it away.
Fair point!
It would make it more complicated for an adversary, but not impossible.
On 21 June 2016 at 10:36, ludovic coues wrote:
> 2016-06-21 9:27 GMT+02:00 Theodoros :
>> Well TPM is a closed hardware-bound system that does this before boot
>> (as
2016-06-21 9:27 GMT+02:00 Theodoros :
> Well TPM is a closed hardware-bound system that does this before boot
> (as far as I know). I was asking more for an open (software) system
> for doing so post-boot.
>
sha512 /boot
If you do it post-boot, your screwed. If attacker
Well TPM is a closed hardware-bound system that does this before boot
(as far as I know). I was asking more for an open (software) system
for doing so post-boot.
On 21 June 2016 at 10:23, Peter Hessler wrote:
> fwiw, this is literately the point of TPM.
>
>
> On 2016 Jun 21
fwiw, this is literately the point of TPM.
On 2016 Jun 21 (Tue) at 10:19:21 +0300 (+0300), Theodoros wrote:
:Could someone trust a bootloader by e.g. having an aide-like system on
:boot, confirming its' authenticity as part of the boot process?
:
:Please share your thoughts.
:
:
:
:On 20 June
Could someone trust a bootloader by e.g. having an aide-like system on
boot, confirming its' authenticity as part of the boot process?
Please share your thoughts.
On 20 June 2016 at 14:36, Ivan Markin wrote:
> Bodie:
>> What is that security reason worth of not using default
Bodie writes:
> access then you are screwed. It is just matter of your importance to
> attacker if it will be sooner or later.
You briefly touch on it here
> Attacks on CEO level mentioned in postthey have already laptop
> made in China and there is plenty of examples how HW is screwed up
>
On 20.06.2016 13:39, bootcr...@openmailbox.org wrote:
On 20.06.2016 13:00, bootcr...@openmailbox.org wrote:
Hello!
I have recently decided to use full disk encryption on my openbsd
boxes.
I've managed to do so and it's working, however for security
reasons
I want to boot them from
another
On 20.06.2016 13:00, bootcr...@openmailbox.org wrote:
Hello!
I have recently decided to use full disk encryption on my openbsd
boxes.
I've managed to do so and it's working, however for security reasons
I want to boot them from
another drive.
What is that security reason worth of not using
Bodie:
> What is that security reason worth of not using default full disk
> encryption?
Have a look at e.g. Evil Maid Attack [1]. One may want to bear a trusted
bootloader with themselves and leave raw full-encrypted drive in some
'hostile' environment.
[1]
On 2016-06-20 14:14, Stefan Sperling wrote:
On Mon, Jun 20, 2016 at 02:00:20PM +0300, bootcr...@openmailbox.org
wrote:
Hello!
I have recently decided to use full disk encryption on my openbsd
boxes.
I've managed to do so and it's working, however for security reasons I
want
to boot them
On 20.06.2016 13:00, bootcr...@openmailbox.org wrote:
Hello!
I have recently decided to use full disk encryption on my openbsd
boxes.
I've managed to do so and it's working, however for security reasons
I want to boot them from
another drive.
What is that security reason worth of not using
On Mon, Jun 20, 2016 at 02:00:20PM +0300, bootcr...@openmailbox.org wrote:
> Hello!
>
> I have recently decided to use full disk encryption on my openbsd boxes.
>
> I've managed to do so and it's working, however for security reasons I want
> to boot them from
> another drive.
>
> Example:
> I
Hello!
I have recently decided to use full disk encryption on my openbsd boxes.
I've managed to do so and it's working, however for security reasons I
want to boot them from
another drive.
Example:
I have computer with encrypted hard-drive(wd0). To boot it, I want to
insert a USB-flash
19 matches
Mail list logo