Delivery-Date: Thu, 23 Jul 2015 01:25:54 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id DEAF31E0E1F;
	Thu, 23 Jul 2015 01:25:52 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 14B9435E5C;
	Thu, 23 Jul 2015 05:25:46 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5858935E33
 for <tor-talk@lists.torproject.org>; Thu, 23 Jul 2015 05:25:42 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id AGgNKOdHeT7F for <tor-talk@lists.torproject.org>;
 Thu, 23 Jul 2015 05:25:42 +0000 (UTC)
Received: from meiko.romanrm.net (meiko.romanrm.net [195.154.92.155])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 2A75235C99
 for <tor-talk@lists.torproject.org>; Thu, 23 Jul 2015 05:25:42 +0000 (UTC)
Received: from natsu (unknown [IPv6:fd39::e9:9eff:fe8f:1bcf])
 by meiko.romanrm.net (Postfix) with SMTP id 953088B8C2;
 Thu, 23 Jul 2015 05:25:37 +0000 (UTC)
Date: Thu, 23 Jul 2015 10:25:37 +0500
From: Roman Mamedov <rm@romanrm.net>
To: tor-talk@lists.torproject.org
Message-ID: <20150723102537.46534217@natsu>
In-Reply-To: <CAAgxajHf3kZ+Pvm-_97FJUEJQ6z=B0sKabyaAqCjdHEK4ESiTg@mail.gmail.com>
References: <55AEE999.5040003@torservers.net>
 <CAFggDF2jAdnHdBdBmATqZSezkG3k+SeOGKGqJOXTAp2yGKGKrQ@mail.gmail.com>
 <55AF76C3.6010408@enn.lu>
 <CAAgxajHNFcog0=VRP_tUdTgLU=gYUX1m5qjxBXatE=z-0FWAzg@mail.gmail.com>
 <CAFggDF1Ssa0MdO6DitnX52t9c44D7zrMc7Ry09Za8zGHbdWXjg@mail.gmail.com>
 <CAAgxajHf3kZ+Pvm-_97FJUEJQ6z=B0sKabyaAqCjdHEK4ESiTg@mail.gmail.com>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Subject: Re: [tor-talk] USB Sticks for Tails -> CCCamp
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============3450538252590450577=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

--===============3450538252590450577==
Content-Type: multipart/signed; micalg=PGP-SHA1;
 boundary="Sig_/dAXMg5N+1GgZKr0RWRQpr7w"; protocol="application/pgp-signature"

--Sig_/dAXMg5N+1GgZKr0RWRQpr7w
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Wed, 22 Jul 2015 08:59:43 -0700
Apple Apple <djjdjdjdjdjdjd32@gmail.com> wrote:

> On 22 Jul 2015 13:22, "Jacob Appelbaum" <jacob@appelbaum.net> wrote:
> > DVD drives are programmable computers until we find evidence
> > suggesting the opposite.
>=20
> And USB host controllers?

DVD drives really are; see for example [1] for information about DVD-RW
firmware modding and reflashing for NEC drives. Same as HDDs or SSDs.

USB host controllers by themselves are not known to have any reprogrammable
code, they are much simpler. If it's integrated into the motherboard, you w=
ill
just need to ensure it uses a free BIOS such as Coreboot.

However I have to wonder on what is your threat scenario that you cannot tr=
ust
a random anonymously bought off-the-shelf DVD drive. If the bootable OS
verifies signatures of files it loads from the disk, then it'd have to do a
rather sophisticated and specifically targeted for that OS "evil maid" atta=
ck.

[1] http://liggydee.cdfreaks.com/page/en/FAQ/


--=20
With respect,
Roman

--Sig_/dAXMg5N+1GgZKr0RWRQpr7w
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlWwetEACgkQTLKSvz+PZwikFgCggw24bF+mtKFxSaRBZi5szAKk
NSMAn1UIe+bpfmDJPW/n0iMOXMtyBCTv
=0K/8
-----END PGP SIGNATURE-----

--Sig_/dAXMg5N+1GgZKr0RWRQpr7w--

--===============3450538252590450577==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============3450538252590450577==--

