Deutsch English Français Italiano |
<87ed4kc02y.fsf@tilde.institute> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: yeti <yeti@tilde.institute> Newsgroups: comp.misc,comp.os.linux.advocacy,misc.news.internet.discuss Subject: Re: Security? What "Security"? Date: Sun, 13 Oct 2024 01:16:29 +0042 Organization: Democratic Order of Pirates International (DOPI) Lines: 69 Message-ID: <87ed4kc02y.fsf@tilde.institute> References: <1r19ri6.xu1j411x9lob6N%snipeco.2@gmail.com> <87y12ueaej.fsf@tilde.institute> <1r1boqa.10mfokh153s31rN%snipeco.2@gmail.com> MIME-Version: 1.0 Content-Type: text/plain Injection-Date: Sun, 13 Oct 2024 02:34:37 +0200 (CEST) Injection-Info: dont-email.me; posting-host="a1042cf4410f4599bf306d02fe319255"; logging-data="406598"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+mn9kGE2xtqps1sgT1ENOG" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) Cancel-Lock: sha1:BokJA/bzkSUl1mdOE6VXhYyCdRw= sha1:DZgS2iJXwwt7MFX8JWEzv33CKS0= Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwAQMAAABtzGvEAAAABlBMVEUAAAD///+l2Z/dAAAAiklEQVQY02NgoCUQOASmOJwPAElGjuQfIIrH8A9IsK3wJ0jFMcPHDUAVxywPNzCw8Dy3bD7AwMzy+Q/7AQbGvuq57QsYGI+brz+fwMDw+9re/x8YGLPcFP8/YGBccaTg4QcG5o4WBeYGBnaBngTDBJBFDvUHQBY5/G8AWXHgH9j65h9gitmBgfYAAJOqKugnjqEOAAAAAElFTkSuQmCC X-Face: "-Nh[_Q`f/iywEEk*gL\V>5N1AB*"sDJ8;EUV=C-0Y@WB9ePs{Cw>dh=u?}LO}?T(5_L2HX `mj:w>@KY3N6`v6Y!/<)"&OTwwj<}i=2g^/|Mp#95.z4HsbUizxbZ*4X085{X||BvThEN9wD=Q1o7" 5d3u_b|SUTt Bytes: 4395 snipeco.2@gmail.com (Sn!pe) wrote: /!\ The following should be read with a mix of panic and a smile; you decide, what to apply to which parts. > ISTM that a secure payload would need to be encrypted on a stand-alone > machine, air-gapped and never to be connected online. There are many ways even air-gapped systems can or do leak data, that may leak the keys or partial information about them. IMO every system that exists on the same side of the singularities as we do *is* connected with the rest. It just may be harder to get the data you want. We had leaking CRTs which could be read over a distance, AM leaks using rhythms of loops while computing, blinking drive LEDs, RPM modulated fans, ultrasonic connections between laptops in exams, and additionally we are in the __ __ ___ _ _ _____ __ ___ _ _ _ | \/ |_ _| \| |_ _\ \/ / |_ _|_ _ __(_)__| |___| | | |\/| || || .` || | > < | || ' \(_-< / _` / -_)_| |_| |_|___|_|\_|___/_/\_\ |___|_||_/__/_\__,_\___(_) era and I definitely will not bet that ARM and RISCV chips or even FPGAs don't come "pre-infected" in a comparable way. So who knows which Gremlins in other chips are able to play e.g. modem over power-line and whatnot. So better assume that every system that is not made exclusively from logic gates[0] you've baked yourself in your kitchen already comes infected with spy hard- and software. And thinking about this shouldn't stop without a look at the power supply[1]. Some leaks still may exist no matter what you use to build the gates, but at least the foreign gremlins would stay outside. TL;DR: __ __ _ _ _ _ _ _ \ \ / /__( )_ _ ___ __| |___ ___ _ __ ___ __| | | | | \ \/\/ / -_)/| '_/ -_) / _` / _ \/ _ \ ' \/ -_) _` |_|_|_| \_/\_/\___| |_| \___| \__,_\___/\___/_|_|_\___\__,_(_|_|_) ____________ [0]: Jeri Makes Integrated Circuits <https://hackaday.com/2010/03/10/jeri-makes-integrated-circuits/#more-22290> Transistor Fabrication: So Simple A Child Can Do It <https://hackaday.com/2010/05/13/transistor-fabrication-so-simple-a-child-can-do-it/> LLTP - Light Logic Transistorless Processor <https://hackaday.io/project/172413-lltp-light-logic-transistorless-processor> Mechanical Logic Gates With Amplification <https://hackaday.com/2024/09/20/mechanical-logic-gates-with-amplification/> [1]: Charging An Electric Supercar With Lemons, Kids, And The Sun <https://hackaday.com/2018/06/29/charging-an-electric-supercar-with-lemons-kids-and-the-sun/> -- 3. Hitchhiker 1: (25) "The point is, you see," said Ford, "that there is no point in driving yourself mad trying to stop yourself going mad. You might just as well give in and save your sanity for later."