2014-04-30

#politics of on-going #malware injustice

news.cyb/sec/#politics of on-going #malware injustice:
summary:
. we need a hardware system redesign that will
give the NSA the information they search for
but will not allow them to modify our systems,
so then criminals cannot modify our systems .

4.29:
. it's not easy to catch malware because
a website can always say it was infected,
and did not intend to be spreading malware .
. the only other way to curb the use of malware
is to suppress the sales of malware,
but intelligence agencies need that malware
to gather evidence from suspects,
as well as engage in cyberwar .
30:
. the only sure way to hold people accountable
is to have everyone move to a new operating system
that uses a military-grade verifiable microkernel
instead of a subvertable monolithic kernel
-- linux, mac, and pc are all vulnerable;
but, microkernels would slow computing by 10% .
. we also need to redo the USB standard
to prevent USB devices from spreading malware:
USB devices have their own processors
which can be reprogrammed by software
using codes known to NSA and criminals .
. completely securing USB and the kernel
would prevent the NSA from doing its job 
of keeping an eye on terrorist activities .
. we need a hardware system that will
give the NSA the information they search for
but will not allow them to modify our systems,
so then criminals cannot modify our systems .

news.cyb/sec/
sd cards as well as readers are reprogrammable:
4.23:
. I thought the sd card was just memory,
and the card reader drive had the processor;
but, according to “bunnie” Huang and Sean “xobs” Cross
at the Chaos Computer Congress (30C3),
the memory is cheap because it's faulty,
so there is a chip in there managing error correction .
. moreover, due to some technicalities or economics
the code to run the processor in the sd card
can't be written in rom, it has to be firmware
upgradeable by putting the card reader into
programmable mode and sending it some code;
so any malware that knows the programming code
can turn your sd card into a malware trojan .

co.fb/cyb/sec/Novena laptop (sd cards not included):
Novena open-hardware computing platform
--
. opensource hardware laptop is nsa-proof?
they can still give you malware via sd card!

news.cyb/sec/Novena open-sourced laptop hardware:
. you think opensource hardware laptop is nsa-proof?
we need to provide opensource sd cards
and opensource of all needed usb devices,
then we need to replace the monolithic linux
with a nice verifiable microkernel .

Novena @ crowdsupply.com:
. a 1.2GHz, Freescale quad-core ARM architecture computer
closely coupled with a Xilinx FPGA.
It's designed for users who care about open source,
and/or want to modify and extend their hardware:
all the documentation for the PCBs is open and free to download,
the entire OS is buildable from source,
and it comes with a variety of features
that facilitate rapid prototyping. 
Andrew “Bunnie” Huang interview:
. Not NSA-proof, but you have some recourse.
It would be much easier to spot any snooping.
In other designs, it's hard to find the bug.
In this one, it’s easy. [in the SD card firmware?]
But for me it’s primarily ideological,
to be able to get something out there that's open
and fully enabling.
The thesis is that as you build a community on it,
you get this long tail of innovation.
.
We’re using Debian. Debian in particular,
they have an ARM HF build for all of their packages,
so you can apt-get install basically anything.
You don’t have to build it yourself.
It was down to choosing between Debian and Ubuntu.
Ubuntu is more about [harnessing an] x86 system.
The ARM support was a bit lacking.
.
a field-programmable gate array?
With the FPGA, you can do a whole host of things
as far as control systems and design
that you can’t do without it.