Jump to content

OccamIsTheMan

Members
  • Posts

    2
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

OccamIsTheMan's Achievements

Newbie

Newbie (1/14)

  1. Make sure to include some porn. Seriously. Encrypt your tools, then use steganography to hide them inside the porn. Then encrypt the porn. It's better to be thought a deviant than a felon if anyone ever looks.
  2. I realize this is an old post, but couldn't we avoid the issues of spoofing, etc. altogether? Spoofing occurs upon insertion. It's impossible to insert a malicious device if there's no port to plug it into, right? 1. Set up your system the way you want it, including USB configuration. 2. Fill all unused ports with tiny flash drives. You can find them at office supply stores for a few dollars. 3. Configure the system so that if any device is removed, (i) a flag is set that will notify the user that device was removed (ideally forcing a call to IT security), and (ii) adding additional devices is disabled entirely until the user authenticates or whatever other process is necessary to verify only trusted devices are attached. To verify that the flash drives haven't been swapped out for malicious devices, you could store an encrypted file on the drive that the user can decrypt to verify it's the right drive. I suppose you could add a malicious device by tapping it into the keyboard cable while it's plugged in or something. That's a hell of a lot harder than plugging into an open USB port or swapping a device out, though; plus it would leave visible evidence of the attack. (And you might be able to defeat it by monitoring the real-time current draw on the USB port, anyway.) The attacker could reboot and possibly boot from USB, but if full-disk encryption is used it wouldn't matter. With Linux you can keep /boot on a flash drive and have the box's internal drive have no MBR, so Evil Maid attacks are impossible. Is there something else I'm missing or is this a simple solution to this problem that doesn't require epoxying or otherwise destroying unused ports?
×
×
  • Create New...