sen-material: Airgaps-Schneier@0516bffd3f5f (annotated)

145 279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1	Air Gaps
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	2
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	3
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	4
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	5	Since I started working with Snowden's documents, I have been using a
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	6	number of tools to try to stay secure from the NSA. The advice I shared
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	7	included using Tor, preferring certain cryptography over others, and
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	8	using public-domain encryption wherever possible.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	9
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	10	I also recommended using an air gap, which physically isolates a
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	11	computer or local network of computers from the Internet. (The name
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	12	comes from the literal gap of air between the computer and the Internet;
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	13	the word predates wireless networks.)
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	14
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	15	But this is more complicated than it sounds, and requires explanation.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	16
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	17	Since we know that computers connected to the Internet are vulnerable to
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	18	outside hacking, an air gap should protect against those attacks. There
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	19	are a lot of systems that use -- or should use -- air gaps: classified
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	20	military networks, nuclear power plant controls, medical equipment,
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	21	avionics, and so on.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	22
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	23	Osama Bin Laden used one. I hope human rights organizations in
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	24	repressive countries are doing the same.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	25
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	26	Air gaps might be conceptually simple, but they're hard to maintain in
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	27	practice. The truth is that nobody wants a computer that never receives
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	28	files from the Internet and never sends files out into the Internet.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	29	What they want is a computer that's not directly connected to the
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	30	Internet, albeit with some secure way of moving files on and off.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	31
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	32	But every time a file moves back or forth, there's the potential for attack.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	33
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	34	And air gaps have been breached. Stuxnet was a US and Israeli
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	35	military-grade piece of malware that attacked the Natanz nuclear plant
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	36	in Iran. It successfully jumped the air gap and penetrated the Natanz
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	37	network. Another piece of malware named agent.btz, probably Chinese in
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	38	origin, successfully jumped the air gap protecting US military networks.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	39
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	40	These attacks work by exploiting security vulnerabilities in the
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	41	removable media used to transfer files on and off the air-gapped computers.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	42
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	43	Since working with Snowden's NSA files, I have tried to maintain a
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	44	single air-gapped computer. It turned out to be harder than I expected,
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	45	and I have ten rules for anyone trying to do the same:
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	46
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	47	1. When you set up your computer, connect it to the Internet as little
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	48	as possible. It's impossible to completely avoid connecting the computer
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	49	to the Internet, but try to configure it all at once and as anonymously
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	50	as possible. I purchased my computer off-the-shelf in a big box store,
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	51	then went to a friend's network and downloaded everything I needed in a
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	52	single session. (The ultra-paranoid way to do this is to buy two
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	53	identical computers, configure one using the above method, upload the
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	54	results to a cloud-based anti-virus checker, and transfer the results of
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	55	that to the air gap machine using a one-way process.)
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	56
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	57	2. Install the minimum software set you need to do your job, and disable
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	58	all operating system services that you won't need. The less software you
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	59	install, the less an attacker has available to exploit. I downloaded and
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	60	installed OpenOffice, a PDF reader, a text editor, TrueCrypt, and
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	61	BleachBit. That's all. (No, I don't have any inside knowledge about
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	62	TrueCrypt, and there's a lot about it that makes me suspicious. But for
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	63	Windows full-disk encryption it's that, Microsoft's BitLocker, or
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	64	Symantec's PGPDisk -- and I am more worried about large US corporations
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	65	being pressured by the NSA than I am about TrueCrypt.)
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	66
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	67	3. Once you have your computer configured, never directly connect it to
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	68	the Internet again. Consider physically disabling the wireless
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	69	capability, so it doesn't get turned on by accident.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	70
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	71	4. If you need to install new software, download it anonymously from a
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	72	random network, put it on some removable media, and then manually
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	73	transfer it to the air-gapped computer. This is by no means perfect, but
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	74	it's an attempt to make it harder for the attacker to target your computer.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	75
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	76	5. Turn off all autorun features. This should be standard practice for
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	77	all the computers you own, but it's especially important for an
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	78	air-gapped computer. Agent.btz used autorun to infect US military computers.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	79
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	80	6. Minimize the amount of executable code you move onto the air-gapped
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	81	computer. Text files are best. Microsoft Office files and PDFs are more
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	82	dangerous, since they might have embedded macros. Turn off all macro
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	83	capabilities you can on the air-gapped computer. Don't worry too much
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	84	about patching your system; in general, the risk of the executable code
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	85	is worse than the risk of not having your patches up to date. You're not
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	86	on the Internet, after all.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	87
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	88	7. Only use trusted media to move files on and off air-gapped computers.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	89	A USB stick you purchase from a store is safer than one given to you by
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	90	someone you don't know -- or one you find in a parking lot.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	91
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	92	8. For file transfer, a writable optical disk (CD or DVD) is safer than
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	93	a USB stick. Malware can silently write data to a USB stick, but it
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	94	can't spin the CD-R up to 1000 rpm without your noticing. This means
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	95	that the malware can only write to the disk when you write to the disk.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	96	You can also verify how much data has been written to the CD by
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	97	physically checking the back of it. If you've only written one file, but
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	98	it looks like three-quarters of the CD was burned, you have a problem.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	99	Note: the first company to market a USB stick with a light that
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	100	indicates a write operation -- not read or write; I've got one of
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	101	those -- wins a prize.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	102
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	103	9. When moving files on and off your air-gapped computer, use the
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	104	absolute smallest storage device you can. And fill up the entire device
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	105	with random files. If an air-gapped computer is compromised, the malware
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	106	is going to try to sneak data off it using that media. While malware can
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	107	easily hide stolen files from you, it can't break the laws of physics.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	108	So if you use a tiny transfer device, it can only steal a very small
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	109	amount of data at a time. If you use a large device, it can take that
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	110	much more. Business-card-sized mini-CDs can have capacity as low as 30
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	111	MB. I still see 1-GB USB sticks for sale.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	112
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	113	10. Consider encrypting everything you move on and off the air-gapped
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	114	computer. Sometimes you'll be moving public files and it won't matter,
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	115	but sometimes you won't be, and it will. And if you're using optical
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	116	media, those disks will be impossible to erase. Strong encryption solves
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	117	these problems. And don't forget to encrypt the computer as well;
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	118	whole-disk encryption is the best.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	119
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	120	One thing I didn't do, although it's worth considering, is use a
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	121	stateless operating system like Tails. You can configure Tails with a
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	122	persistent volume to save your data, but no operating system changes are
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	123	ever saved. Booting Tails from a read-only DVD -- you can keep your data
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	124	on an encrypted USB stick -- is even more secure. Of course, this is not
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	125	foolproof, but it greatly reduces the potential avenues for attack.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	126
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	127	Yes, all this is advice for the paranoid. And it's probably impossible
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	128	to enforce for any network more complicated than a single computer with
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	129	a single user. But if you're thinking about setting up an air-gapped
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	130	computer, you already believe that some very powerful attackers are
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	131	after you personally. If you're going to use an air gap, use it properly.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	132
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	133	Of course you can take things further. I have met people who have
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	134	physically removed the camera, microphone, and wireless capability
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	135	altogether. But that's too much paranoia for me right now.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	136
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	137
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	138	Yes, I am ignoring TEMPEST attacks. I am also ignoring black bag
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	139	attacks against my home.
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	140
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	141	My previous advice:
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	142	https://www.schneier.com/essay-450.html
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	143
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	144	Bin Laden had an air gap:
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	145	https://www.schneier.com/blog/archives/2011/05/bin_laden_maint.html
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	146
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	147	agent.btz:
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	148	http://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	149	or http://tinyurl.com/cjqxphd
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	150
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	151	TrueCrypt:
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	152	http://www.truecrypt.org/
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	153
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	154	BleachBit:
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	155	http://bleachbit.sourceforge.net/
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	156
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	157	People plugging in found USB drives:
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	158	https://www.schneier.com/blog/archives/2012/07/dropped_usb_sti.html
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	159
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	160	Tails:
279fa5a06231 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	161	https://tails.boum.org/

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Thu, 15 Oct 2015 01:41:33 +0100
changeset 406	0516bffd3f5f
parent 145	279fa5a06231
permissions	-rw-r--r--