Create a SAFE TOR Hidden Service in a VM (Re: Please Help Me Test my Hidden Service Pt. 2)

[7v5w7go9ub0o]

On 02/24/10 00:10, Ringo wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> One update that should be noted is that this doesn't protect against
> "bad nanny" attacks. With full disk encryption, the boot partition isn't
> encrypted (as you have to load it so it can ask for your passphrase and
> decrypt the rest of the drive). If the machine isn't physically secured,
> it's vulnerable to this type of attack.

Perhaps mention the benefits of TPM chips (on 'ix, they can be 
configured to benefit the user, not some record company)?

- Alternatively, a simple BIOS boot password will block nanny from using 
your own cpu against you (e.g. loading up a CD or USB OS). Should she 
delete the password - which she wouldn't do - she'll not be able to 
replace it and you'll then know that you need to use a different HD.

- FWIW, I run a quick MD5 hash check on the boot partition as part of my 
boot up. Quick and easy; again, IDS, not IPS.

  - Somewhere I read of using smartmontools to keep track of disk-usage; 
a script interrogates the HD at shutdown and again at startup; if they 
don't match, the drive was used outside of the OS (e.g. removed and 
copied by a forensic program). Suppose you could add a second, manual 
test (or hidden script) that assured that they didn't crack your 
encryption and use your own OS.

Of course, nothing is 100%


***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/