intrigeri:
> Hi,
>
> Jacob Appelbaum wrote (22 Aug 2012 19:17:02 GMT) :
>> I'm not sure, so I'd still disable it until you have a forensics
>> toolkit or three that fails to work.
>
> Fair enough, so I updated our ticket to reflect that we should
> actually test this. What forensics toolkits would you suggest us to
> use for these tests?
>
In an ideal world? Get a cop to use FinFisher's kit on your stuff - lots
of people are working hard on ruining the secrecy of their entire
product line, I hear.
I'd also suggest using any of the freely available Firewire toolkits.
> However, Tails is also about "Working on sensitive documents" [0],
> and I'm told people working on video often need FireWire.
> So, the answer to "what to do in the meantime?" is not that obvious
> to me.
Pop up a dialog and ask "hey, you want to use firewire?" - at least if
they had enabled a password, they will have to bypass a screen lock or
authenticate to enable full memory forensics.
>
> [0] https://tails.boum.org/contribute/design/#index3h3
>
>> Also, what about pcmcia/pccard/express card?
>
> Sorry, we still have not discussed what usability vs. security balance
> we want in this area. For the record, these are tracked there:
> https://tails.boum.org/todo/disable_expresscard__63__/
> https://tails.boum.org/todo/disable_pcmcia__63__/
>
I'd still go for disabling those two unless there is actually a
compelling reason to enable them. If there is such a reason, I'd ask
that users assert it and that the assertion binds to a single device,
rather than all devices blindly. These bus attacks are simply too
powerful and too obscure for users to knowingly defend themselves.
All the best,
Jake
