On 11/02/2014 12:48 AM, intrigeri wrote: > Hi, > > Jacob Appelbaum wrote (24 Jul 2014 01:16:26 GMT) : >> I've waited a while for folks to read it and I think at this point, >> we're at year two or so of waiting. It seems like the easy thing is to >> simply give up and advocate for a fix with a simple patch. > I have to admit I'm still affected by my vague memories of what I felt > while reasoning about it two years ago, that is not being convinced > that the attacks described in the paper were part of what Tails is > seriously trying to protect against (as in: if an attacker can do > that, then they possibly have other, and maybe easier ways to do it > even if we kill access to RFC1918 addresses). Unfortunately, I've let > it in the shape of very incomplete and not publishable notes back > then, never came back to it, and have been feeling bad about it ever > since. Yay. > > I've sent these notes to Jurre, who's recently volunteered to think > this through. I'd love to see this happen anyway, but after two years > of waiting for it, maybe we should stop blocking on it and move on. > (Yes, it can take me a looong time to change my mind. You've not seen > it all yet.)
I've thought it true, but i've been lazy and not sending out my thoughts. Luckily, it seems that we had similar thoughts, yay. I'm not an UX person but I see the following solution(s) living next to each other if needed. Coming from a security point of view, I believe it's better to enable things than to disable things. Most of our users might not understand the risks associated to attacks described in vpwned and dma capable devices. We therefor, shouldn't make them vulnerable by default but rather by choice and document in a clear way what the risks associated to it are. I'd also rather not advocate for a way to enable through out a session, it's like having intercourse and deciding, gosh, we're ready to go but we're out of condoms, but whatever, just this one time. The implications might be for a lifetime. 1) When I boot Tails, i'm presented with an option to allow local traffic or not. 2) When I boot Tails, i'm presented with an option to allow certain local traffic like SSH and printing and the rest not. 3) When I boot Tails, i'm presented with an option to be able to login to a captive portal, only this IP is whitelisted on the firewall rules and the rest is blocked. I think my aim with providing these options is that, when you boot a computer, you often know what you're going to do with it or what you want access to or not. The same would go for allowing devices which are DMA capable like firewire, thunderbolt, pcmcia and others. I guess that, the longer you use Tails, say a couple of hours, the more likely it *could* become you might be targeted by an adversary. If you would then half way allow access to a local network, who knows what might happen to the user or how more likely it could become that vpnwed My 0,02 for now, I would be more than happy to hear critique! Jurre _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
