[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] USB Sticks for Tails -> CCCamp



On Wed, 22 Jul 2015 08:59:43 -0700
Apple Apple <djjdjdjdjdjdjd32@xxxxxxxxx> wrote:

> On 22 Jul 2015 13:22, "Jacob Appelbaum" <jacob@xxxxxxxxxxxxx> wrote:
> > DVD drives are programmable computers until we find evidence
> > suggesting the opposite.
> 
> And USB host controllers?

DVD drives really are; see for example [1] for information about DVD-RW
firmware modding and reflashing for NEC drives. Same as HDDs or SSDs.

USB host controllers by themselves are not known to have any reprogrammable
code, they are much simpler. If it's integrated into the motherboard, you will
just need to ensure it uses a free BIOS such as Coreboot.

However I have to wonder on what is your threat scenario that you cannot trust
a random anonymously bought off-the-shelf DVD drive. If the bootable OS
verifies signatures of files it loads from the disk, then it'd have to do a
rather sophisticated and specifically targeted for that OS "evil maid" attack.

[1] http://liggydee.cdfreaks.com/page/en/FAQ/


-- 
With respect,
Roman

Attachment: signature.asc
Description: PGP signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk