intrigeri: > Hi, > > Jacob Appelbaum wrote (22 Aug 2012 19:17:02 GMT) : >> I'm not sure, so I'd still disable it until you have a forensics >> toolkit or three that fails to work. > > Fair enough, so I updated our ticket to reflect that we should > actually test this. What forensics toolkits would you suggest us to > use for these tests? >
In an ideal world? Get a cop to use FinFisher's kit on your stuff - lots of people are working hard on ruining the secrecy of their entire product line, I hear. I'd also suggest using any of the freely available Firewire toolkits. > However, Tails is also about "Working on sensitive documents" [0], > and I'm told people working on video often need FireWire. > So, the answer to "what to do in the meantime?" is not that obvious > to me. Pop up a dialog and ask "hey, you want to use firewire?" - at least if they had enabled a password, they will have to bypass a screen lock or authenticate to enable full memory forensics. > > [0] https://tails.boum.org/contribute/design/#index3h3 > >> Also, what about pcmcia/pccard/express card? > > Sorry, we still have not discussed what usability vs. security balance > we want in this area. For the record, these are tracked there: > https://tails.boum.org/todo/disable_expresscard__63__/ > https://tails.boum.org/todo/disable_pcmcia__63__/ > I'd still go for disabling those two unless there is actually a compelling reason to enable them. If there is such a reason, I'd ask that users assert it and that the assertion binds to a single device, rather than all devices blindly. These bus attacks are simply too powerful and too obscure for users to knowingly defend themselves. All the best, Jake _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev