intrigeri:
The issue about the exact delay that was raised (5 minutes starting
when, 1 minute starting at the same time as GDM, anything else?) is
still in need of a conclusion.
One minute is enough for the oh, I forgot to plug in the network
card case. I'd still be more in favor of 5 to
hi,
intrigeri wrote (12 Oct 2012 09:27:35 GMT) :
Hi,
intrigeri wrote (28 Sep 2012 15:27:50 GMT) :
* de-activate PCMCIA and ExpressCard on systems that don't have any
PCMCIA or ExpressCard devices after running for 5 minutes. This is
going to byte some users, but probably only the first
intrigeri:
Hi,
Jacob Appelbaum wrote (13 Oct 2012 11:02:17 GMT) :
As this is a modular kernel - is there a reason not to simply add
a enable firewire widget?
There are several I can see:
* It is a UX failure every time someone has to go out of their way to
have Tails work with their
On Mon, Oct 15, 2012 at 02:47:05PM +, Abel Luck wrote:
intrigeri:
Hi,
Jacob Appelbaum wrote (13 Oct 2012 11:02:17 GMT) :
As this is a modular kernel - is there a reason not to simply add
a enable firewire widget?
There are several I can see:
* It is a UX failure every
Ague Mill:
On Mon, Oct 15, 2012 at 02:47:05PM +, Abel Luck wrote:
intrigeri:
Hi,
Jacob Appelbaum wrote (13 Oct 2012 11:02:17 GMT) :
As this is a modular kernel - is there a reason not to simply add
a enable firewire widget?
There are several I can see:
* It is a UX failure every
On Sat, Oct 13, 2012 at 5:18 AM, Maxim Kammerer m...@dee.su wrote:
On Sat, Oct 13, 2012 at 5:04 AM, Steve Weis stevew...@gmail.com wrote:
I think the kernel is working as expected. Debian and Ubuntu are both also
vulnerable by default, since FireWire modules are loaded automatically.
From
On Sun, Oct 14, 2012 at 9:57 PM, Steve Weis stevew...@gmail.com wrote:
There are two alternative driver stacks (e.g. ieee1394 and firewire-core)
and the docs talk about them both interchangeably. It's a bit confusing. The
CONFIG_FIREWIRE_OHCI_REMOTE_DMA kernel hacking option may only be
On Sun, Oct 14, 2012 at 11:38 PM, Maxim Kammerer m...@dee.su wrote:
there is currently no other way to
enable physical DMA in Firewire than via firewire_sbp2 or via
unfiltered physical DMA (enabled by CONFIG_FIREWIRE_OHCI_REMOTE_DMA).
Ah, there is also CONFIG_PROVIDE_OHCI1394_DMA_INIT +
On Fri, Oct 12, 2012 at 06:15:07PM -0700, Steve Weis wrote:
Hi. I booted Tails' latest release and was able to scrape memory contents
via FireWire. All the necessary firewire modules are enabled by default and
Inception worked out of the box. This would let someone root a machine
through, say,
Ague Mill:
On Fri, Oct 12, 2012 at 06:15:07PM -0700, Steve Weis wrote:
Hi. I booted Tails' latest release and was able to scrape memory contents
via FireWire. All the necessary firewire modules are enabled by default and
Inception worked out of the box. This would let someone root a machine
Hi,
intrigeri wrote (28 Sep 2012 15:27:50 GMT) :
* de-activate PCMCIA and ExpressCard on systems that don't have any
PCMCIA or ExpressCard devices after running for 5 minutes. This is
going to byte some users, but probably only the first time.
I am strongly inclined towards this one, for
Hi,
* de-activate PCMCIA and ExpressCard on systems that don't have any
PCMCIA or ExpressCard devices after running for 5 minutes. This is
going to byte some users, but probably only the first time.
I am strongly inclined towards this one, for PCMCIA, ExpressCard
FireWire and even
Alan:
Hi,
* de-activate PCMCIA and ExpressCard on systems that don't have any
PCMCIA or ExpressCard devices after running for 5 minutes. This is
going to byte some users, but probably only the first time.
I am strongly inclined towards this one, for PCMCIA, ExpressCard
FireWire and
On Sat, Oct 13, 2012 at 1:30 AM, Jacob Appelbaum ja...@appelbaum.net wrote:
I would add Thunderbolt to the list as well:
http://www.breaknenter.org/2012/02/adventures-with-daisy-in-thunderbolt-dma-land-hacking-macs-through-the-thunderbolt-interface/
As far as I can see, all these attacks
Hi. I booted Tails' latest release and was able to scrape memory contents
via FireWire. All the necessary firewire modules are enabled by default and
Inception worked out of the box. This would let someone root a machine
through, say, a daisy chained thunderbolt monitor.
I'd either remove support
I think the kernel is working as expected. Debian and Ubuntu are both also
vulnerable by default, since FireWire modules are loaded automatically.
I can send some fix suggestions if you like.
On Oct 12, 2012 7:35 PM, Maxim Kammerer m...@dee.su wrote:
On Sat, Oct 13, 2012 at 3:15 AM, Steve Weis
On Sat, Oct 13, 2012 at 5:04 AM, Steve Weis stevew...@gmail.com wrote:
I think the kernel is working as expected. Debian and Ubuntu are both also
vulnerable by default, since FireWire modules are loaded automatically.
From Documentation/debugging-via-ohci1394.txt:
“The alternative firewire-ohci
Hi,
a...@boum.org wrote (26 Sep 2012 17:44:34 GMT) :
We didn't reach a conclusion on this topic. The page on pcmcia is
still tagged discuss.
Thank you for resurrecting this discussion!
It's unclear to me what exact part of it you intended to resurrect,
but anyway, I guess it's good to have
On Wed, Sep 26, 2012 at 07:44:34PM +0200, a...@boum.org wrote:
Issue: 32bit PCMCIA gets DMA. It is thus usable by an adversary for
external bus memory forensics on a running Tails.
Question: we now have to discuss what usability vs.
security balance we want.
Ideas:
* If a firewire card
Hi,
We didn't reach a conclusion on this topic. The page on pcmcia is still
tagged discuss.
Issue: 32bit PCMCIA gets DMA. It is thus usable by an adversary for
external bus memory forensics on a running Tails.
Question: we now have to discuss what usability vs.
security balance we want.
Hi,
I'd still go for [...]
A possible middle-ground could be to [...]
FWIW, I've created a parent ticket for these issues, and pasted the
various implementation ideas in there:
todo/protect_against_external_bus_memory_forensics
Cheers,
--
intrigeri
| GnuPG key @
Hi,
Jacob Appelbaum wrote (22 Aug 2012 21:01:22 GMT) :
Pop up a dialog and ask hey, you want to use firewire? - at least
if they had enabled a password, they will have to bypass a screen
lock or authenticate to enable full memory forensics.
I'm not sure I understand clearly what you are
intrigeri:
Hi,
Jacob Appelbaum wrote (22 Aug 2012 21:01:22 GMT) :
Pop up a dialog and ask hey, you want to use firewire? - at least
if they had enabled a password, they will have to bypass a screen
lock or authenticate to enable full memory forensics.
I'm not sure I understand clearly
Hi Jake,
Jacob wrote (late 2011):
Disable all firewire kernel modules. This will help fight against
forensics programs that will attempt to suck out memory with the
internal firewire or a cardbus/pcmcia card.
And ta...@boum.org replied (05 Jan 2012 23:54:40 GMT) :
Recent Linux kernels
Hi,
(Please Cc: any subsequent reply to the public tails-dev@boum.org ML.)
Disable all firewire kernel modules. This will help fight against
forensics programs that will attempt to suck out memory with the
internal firewire or a cardbus/pcmcia card.
Disable all pcmcia kernel modules; we
25 matches
Mail list logo
