[arch-general] Preferred CHOST

vixsomnis vixsomnis at fastmail.com
Thu Nov 13 21:28:13 UTC 2014


Considering USB as a standard is vulnerable (BadUSB malware that infects
the firmware of the USB device), you'd be safer having your "off the
net" computer just connected via ethernet cable to your anonymous
computer, and making sure the link is locked down.

-- 
vixsomnis

On Thu, Nov 13, 2014, at 04:22 PM, Toyam Cox wrote:
> On Thu, Nov 13, 2014 at 4:16 PM, Ralf Mardorf
> <ralf.mardorf at rocketmail.com>
> wrote:
> 
> > On Thu, 13 Nov 2014 21:31:40 +0100
> > Ralf Mardorf <ralf.mardorf at rocketmail.com> wrote:
> >
> > > On Thu, 13 Nov 2014 15:02:58 -0500
> > > Sean Greenslade <sean at seangreenslade.com> wrote:
> > >
> > > > On Thu, Nov 13, 2014 at 06:55:51AM +0100, Ralf Mardorf wrote:
> > > > > Sean, actually you tells us that we should care about security
> > > > > holes in Mutt/1.5.23 to attack you ;) and since you're replying to
> > > > > Arch general email, you're likely using Arch Linux. This likely is
> > > > > a trick, you're running Alpin on openSUSE? ;)
> > > >
> > > > Ha hah! I'm running LFS and using telnet as my mail client!
> > > >
> > > > I kid, I kid. And I actually did have that thought as I was writing
> > > > that mail. So, uh...do as I say, not as I do, etc. etc. I really
> > > > won't claim that my setup is anywhere near hardened.
> > >
> > > :)
> > >
> > > Another point of view is, that if we mention Arch Linux in a header,
> > > we also point out, that our OS is upgraded with current security
> > > patches from upstream. IOW it's easier for you, to attack somebody
> > > using another Linux distro. OTOH the latest bash issue was fixed by
> > > FreeBSD and all Linux distros I watch very soon and much more people
> > > use Apple, Windows and Android (pseudo-Linux) operating systems. I
> > > like to show that I'm using a MUA running on Arch Linux. Assumed I
> > > should need security, then I would use two additional computers to
> > > provide that. One for absolutely anonymous Internet usage and another
> > > computer that is completely decoupled from the Internet.
> >
> > Assumed we want to share data between the anonymous Interne
> > computer and the computer without an Internat connection, e.g. by a
> > "brand new tidied up" USB stick, we should consider to use a third
> > computer before we transfer the data. With the computer in the
> > middle, we should check if the USB stick is "clean". The computer in the
> > middle should be rebuild several times a day, using different hardware
> > combinations.
> >
> 
> 
> But perhaps that would be too much hassle. Maybe the computer in the
> middle
> should be a live-ISO chosen at random by the offline computer, which
> would
> have been pre-loaded with all the necessary verification tools.
> 
> -- 
> - Toyam


More information about the arch-general mailing list