[Novalug] another bootable thumbdrive matter

RJ Bergeron rbergero@gmail.com
Sun Dec 28 10:01:52 EST 2014


As soon as the computer hands control off to an arbitrary program
(syslinux, the windows boot loader) from the BIOS, that program is free to
do whatever it likes - load an operating system, program i/o peripherals,
what-have-you.

At one time, BIOS vendors offered protection (basically, the BIOS would
halt the computer and prompt) when an attempt was made to write against the
first 440 bytes of the primary hard disk, but I haven't seen that in ages.

The current counter to this is require encryption/signing in the BIOS - the
UEFI spec brings in the pieces needed to do that -
http://kroah.com/log/blog/2013/09/02/booting-a-self-signed-linux-kernel/ is
illuminating there.

If security is paramount in your environment, you *cannot* boot arbitrary
devices.

One alternative is the use of a VM - you have a level of assurance for the
host OS, and the VM is an 'untrusted' environment - but sandboxed to a
specific set of resources in the host.

BadUSB highlights a firmware vulnerability - that is, the device you
*think* is a thumbdrive may not be, under certain conditions - and can be
programmed by another malicious agent on your computer, as Derek notes.

RJ

On Sun, Dec 28, 2014 at 9:20 AM, Derek LaHousse via Novalug <
novalug@firemountain.net> wrote:

> I'm gobsmacked by that first quote.  "Because no one's seen our code,
> EVER, we can't be compromised."  What the hell do they think reverse
> engineers do?  Also, BadUSB doesn't rely on the firmware currently on
> a USB controller, it relies on that controller being writable over the
> USB interface.
>
> As for the rest... NIST standards have a low reputation, given the
> dual elliptic curve pseudo-random number generator (Dual-EC DRBG) is
> both super-slow and on weak foundations - Never Use It.  So while
> buzzwords sell technology, it's boilerplate to me.
>
>
> But I can't confirm their claims, so I can't harsh on them too much.
> Let us hope that there is one company out there that is completely
> impregnable, eh?
>
> On Sat, Dec 27, 2014 at 4:17 PM, Bonnie Dalzell <bdalzell@qis.net> wrote:
> > On Sat, 27 Dec 2014, Derek LaHousse wrote:
> >
> >> IronKey will sell you a boatload of acronyms.  We can trust them about
> >> as much as Windows and the control software on a 747.  Have you
> >> inspected the source code on a 747?
> >>
> >> USBCheck is different, that's for bad wiring on USB ports, not for
> >> checking firmware on a re-written USB device.  Your real defense is
> >> epoxy.
> >>
> >  how about iStorage
> > https://e-quipment.eu/istorage-products-immune-malicious-badusb-attacks/
> >
> > http://www.istorage-uk.com
> >
> > they claim:
> >
> > "Storage confirms that its firmware is protected and kept only on secure
> > documented and off-line systems within the company. As such, iStorage’s
> > devices cannot be compromised as the firmware is never divulged to third
> > parties and is also digitally signed.
> >
> > “All iStorage products use dual controller architecture and are designed
> in
> > compliance with NIST’s requirements and standards that firmware is
> protected
> > with a digital signature to” said John Michael, CEO of iStorage Ltd.
> > “Importantly, Unlike the majority of USB encrypted portable data storage
> > devices that rely on one controller for both host and encryption,
> iStorage
> > has a dedicated security controller that works in line with the host
> > controller, ensuring superior protection and integrity for all our
> devices.”
> >
> >
> >> On Sat, Dec 27, 2014 at 12:46 AM, Bonnie Dalzell <bdalzell@qis.net>
> wrote:
> >>>
> >>> On Sat, 27 Dec 2014, Derek LaHousse wrote:
> >>>
> >>>> Well, his concern is real, even if his (given) reason is dumb.  His
> >>>> Windows mentality is that Linux is a virus that will infect his
> >>>> machine with Freedom.  j/k
> >>>>
> >>>> https://srlabs.de/badusb/
> >>>
> >>>
> >>>
> >>> scarey
> >>>
> >>> there already seem to be some proposed defenses:
> >>>
> >>>
> >>> IronKey Secure USB devices
> >>>
> >>> http://www.ironkey.com/en-US/solutions/protect-against-badusb.html
> >>>
> >>> USBCheck – First Line of Defense Against Bad USB Ports - See more at:
> >>>
> >>>
> http://homenetworking01.info/2008/12/usbcheck-first-line-of-defense-against-bad-usb-ports/
> >>>
> >>> wonder if they work
> >>>
> >>>
> >>>>
> >>>> If you booted from a USB stick that wanted to, it could indeed
> >>>> overwrite the MBR of all the disks on the system.  On the other hand,
> >>>> he's running Windows.  A USB stick from a known person should be much
> >>>> lower on his list of concerns than say, Adobe Reader, Flash,
> >>>> Javascript, or spilling the coffee from the automatic coffee-tray.
> >>>>
> >>>> On Fri, Dec 26, 2014 at 9:34 PM, Bonnie Dalzell via Novalug
> >>>> <novalug@firemountain.net> wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>> So far the only way I can create them and have them work is with
> >>>>> UNetbootin
> >>>>> despite trying a number of methods suggested.
> >>>>>
> >>>>> I can get the files easily to the drive but I cannot seem to get the
> >>>>> resulting install to boot.
> >>>>>
> >>>>> The linux mint xfce install i did tonight seems to work very well and
> >>>>> is
> >>>>> indeed persistent.
> >>>>>
> >>>>> I was speaking to my friend in TX that I am making the bootable
> >>>>> thumbdrive
> >>>>> with the program I am writing on it, but her husband, a windows geek
> >>>>> says
> >>>>> he
> >>>>> will not allow the bootable thumbdrive to be plugged into one of
> their
> >>>>> computers because its mbr can easily contain a root virus which will
> >>>>> infect
> >>>>> the mbr of any computer it is plugged into.
> >>>>>
> >>>>> I thought that booting a thumbdrive from the menu generated by F8
> meant
> >>>>> that
> >>>>> you were not accessing  the system you are using's hard drive at all.
> >>>>>
> >>>>> but I am not very knowledgeable about these early launch things.
> >>>>>
> >>>>> is there any reality to this fear?
> >>>>>
> >>>>> I appreciate any time one of you might have in relation to this
> matter.
> >>>>>
> >>>>>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >>>>>                        Bonnie Dalzell, MA
> >>>>> mail:PO box 9767 Baldwin, MD, USA 21013  |  EMAIL:bdalzell@qis.net
> >>>>> shipping address:5100 Hydes Rd 21082 (Hydes Post Office closed Jan
> >>>>> 2012)
> >>>>> Freelance anatomist, vertebrate paleontologist, writer, illustrator,
> >>>>> dog
> >>>>> breeder, computer nerd & iconoclast... Borzoi info at
> www.borzois.com.
> >>>>> HOME www.batw.net    ART bdalzellart.batw.net  BUSINESS
> >>>>> www.boardingatwedge.com
> >>>>>
> >>>>>
> **********************************************************************
> >>>>> The Novalug mailing list is hosted by firemountain.net.
> >>>>>
> >>>>> To unsubscribe or change delivery options:
> >>>>> http://www.firemountain.net/mailman/listinfo/novalug
> >>>>
> >>>>
> >>>>
> >>>
> >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >>>                        Bonnie Dalzell, MA
> >>> mail:PO box 9767 Baldwin, MD, USA 21013  |  EMAIL:bdalzell@qis.net
> >>> shipping address:5100 Hydes Rd 21082 (Hydes Post Office closed Jan
> 2012)
> >>> Freelance anatomist, vertebrate paleontologist, writer, illustrator,
> dog
> >>> breeder, computer nerd & iconoclast... Borzoi info at www.borzois.com.
> >>> HOME www.batw.net    ART bdalzellart.batw.net  BUSINESS
> >>> www.boardingatwedge.com
> >>
> >>
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >                        Bonnie Dalzell, MA
> > mail:PO box 9767 Baldwin, MD, USA 21013  |  EMAIL:bdalzell@qis.net
> > shipping address:5100 Hydes Rd 21082 (Hydes Post Office closed Jan 2012)
> > Freelance anatomist, vertebrate paleontologist, writer, illustrator, dog
> > breeder, computer nerd & iconoclast... Borzoi info at www.borzois.com.
> > HOME www.batw.net    ART bdalzellart.batw.net  BUSINESS
> > www.boardingatwedge.com
>
> **********************************************************************
> The Novalug mailing list is hosted by firemountain.net.
>
> To unsubscribe or change delivery options:
> http://www.firemountain.net/mailman/listinfo/novalug
>



-- 
"Always love, hate will get you every time" - Nada Surf



More information about the Novalug mailing list