Create a SAFE TOR Hidden Service in a VM (Re: Please Help Me Test my Hidden Service Pt. 2)
teddks at gmail.com
Thu Feb 25 04:16:01 UTC 2010
On Wed, 2010-02-24 at 11:56 -0500, 7v5w7go9ub0o wrote:
> On 02/24/10 00:10, Ringo wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > One update that should be noted is that this doesn't protect against
> > "bad nanny" attacks. With full disk encryption, the boot partition isn't
> > encrypted (as you have to load it so it can ask for your passphrase and
> > decrypt the rest of the drive). If the machine isn't physically secured,
> > it's vulnerable to this type of attack.
> Perhaps mention the benefits of TPM chips (on 'ix, they can be
> configured to benefit the user, not some record company)?
Yup. Check out Trusted Grub if you're blessed with the appropriate
> - Alternatively, a simple BIOS boot password will block nanny from using
> your own cpu against you (e.g. loading up a CD or USB OS). Should she
> delete the password - which she wouldn't do - she'll not be able to
> replace it and you'll then know that you need to use a different HD.
> - FWIW, I run a quick MD5 hash check on the boot partition as part of my
> boot up. Quick and easy; again, IDS, not IPS.
Do you read the source for your shell script before every boot? The
attacker could just replace your hash check with a no-op and print
"Everything is fine", and you wouldn't be any wiser.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 835 bytes
Desc: This is a digitally signed message part
More information about the tor-talk