Sujet : Re: Security? What "Security"?
De : yeti (at) *nospam* tilde.institute (yeti)
Groupes : comp.misc comp.os.linux.advocacy misc.news.internet.discussDate : 13. Oct 2024, 01:34:29
Autres entêtes
Organisation : Democratic Order of Pirates International (DOPI)
Message-ID : <87ed4kc02y.fsf@tilde.institute>
References : 1 2 3
User-Agent : Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
snipeco.2@gmail.com (Sn!pe) wrote:
/!\ The following should be read with a mix of panic and a smile; you
decide, what to apply to which parts.
ISTM that a secure payload would need to be encrypted on a stand-alone
machine, air-gapped and never to be connected online.
There are many ways even air-gapped systems can or do leak data, that
may leak the keys or partial information about them.
IMO every system that exists on the same side of the singularities as we
do *is* connected with the rest. It just may be harder to get the data
you want.
We had leaking CRTs which could be read over a distance, AM leaks using
rhythms of loops while computing, blinking drive LEDs, RPM modulated
fans, ultrasonic connections between laptops in exams, and additionally
we are in the
__ __ ___ _ _ _____ __ ___ _ _ _
| \/ |_ _| \| |_ _\ \/ / |_ _|_ _ __(_)__| |___| |
| |\/| || || .` || | > < | || ' \(_-< / _` / -_)_|
|_| |_|___|_|\_|___/_/\_\ |___|_||_/__/_\__,_\___(_)
era and I definitely will not bet that ARM and RISCV chips or even FPGAs
don't come "pre-infected" in a comparable way. So who knows which
Gremlins in other chips are able to play e.g. modem over power-line and
whatnot.
So better assume that every system that is not made exclusively from
logic gates[0] you've baked yourself in your kitchen already comes
infected with spy hard- and software. And thinking about this shouldn't
stop without a look at the power supply[1]. Some leaks still may exist
no matter what you use to build the gates, but at least the foreign
gremlins would stay outside.
TL;DR:
__ __ _ _ _ _ _ _
\ \ / /__( )_ _ ___ __| |___ ___ _ __ ___ __| | | | |
\ \/\/ / -_)/| '_/ -_) / _` / _ \/ _ \ ' \/ -_) _` |_|_|_|
\_/\_/\___| |_| \___| \__,_\___/\___/_|_|_\___\__,_(_|_|_)
____________
[0]: Jeri Makes Integrated Circuits
<
https://hackaday.com/2010/03/10/jeri-makes-integrated-circuits/#more-22290>
Transistor Fabrication: So Simple A Child Can Do It
<
https://hackaday.com/2010/05/13/transistor-fabrication-so-simple-a-child-can-do-it/>
LLTP - Light Logic Transistorless Processor
<
https://hackaday.io/project/172413-lltp-light-logic-transistorless-processor>
Mechanical Logic Gates With Amplification
<
https://hackaday.com/2024/09/20/mechanical-logic-gates-with-amplification/>
[1]: Charging An Electric Supercar With Lemons, Kids, And The Sun
<
https://hackaday.com/2018/06/29/charging-an-electric-supercar-with-lemons-kids-and-the-sun/>
-- 3. Hitchhiker 1: (25) "The point is, you see," said Ford, "that thereis no point in driving yourself mad trying to stop yourself going mad.You might just as well give in and save your sanity for later." 
Security? What "Security"?
Re: Security? What "Security"?
