[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Securing servers (was: Re: WSJ- Google- Sonic Mr. Applebaum)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Securing servers (was: Re: WSJ- Google- Sonic Mr. Applebaum)
From: Moritz Bartl <moritz@xxxxxxxxxxxxxx>
Date: Tue, 11 Oct 2011 15:39:12 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 11 Oct 2011 09:39:45 -0400
In-reply-to: <4E943791.7090403@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1318264946.14388.140258153147161@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <4E932657.3090404@xxxxxxxxx> <20111010202713.GC25711@xxxxxxxxx> <4E936185.6040609@xxxxxxxxx> <4E94261A.9080701@xxxxxxxxxxxxxx> <4E943791.7090403@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1

Hi Jeroen,

I find this is an interesting discussion, although it feels very much
off topic. Is there another list to discuss this?

On 11.10.2011 14:33, Jeroen Massar wrote:
>> If the box is at a place under your control, you will at least know.
>> Replugging can be noticed (packet drops, changes in voltage) and the
>> system can be shut down/wiped.
> Google for Vampire Taps. You won't notice a thing unless you have very
> very sensitive voltage etc measurements happening.

How are you going to Vampire Tap a simple Wiimote built inside the
server, or other devices of that kind? Or lock the server to the
building (and detect movement of the lock).

> Like everything else (eg how many locks you have on your house), it all
> depends completely who your adversary is and how much protection you
> require against it. 

It makes a lot of difference if you *know* about access to sensitive
data or not. That's also the difference of a data center run by friends
who will let you know with a certain probability, and some corporate DC
where you will most likely never find out that something is bugged.

-- 
Moritz Bartl
https://www.torservers.net/
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Securing servers
  - From: Jeroen Massar

References:
- [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Andre Risling
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Jeroen Massar
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Eugen Leitl
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Jeroen Massar
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Moritz Bartl
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Jeroen Massar

Prev by Author: Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
Next by Author: Re: [tor-talk] GPG plugin for Firefox
Previous by thread: Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
Next by thread: Re: [tor-talk] Securing servers
Index(es):
- Author
- Thread