USB FlashDrives The New PC?

olddotter writes "Yahoo has an article about how large capacity USB drives might be redefining the concept of the personal computer. The article is windows specific, but think knopix on a flash drive." From the article: "When you check into an average hotel room and find -- alongside the alarm clock, hair dryer and DVD player that once were bring-your-own items but now are as standard as the furniture -- a cheap PC for guests to plug into, as our truly personal computing environment travels with us."

Well, that's great

[the-amazing-blob]

It would be nice to have that accessability in hotels, but I have one small problem with USB drives. They're too freaking small. I keep losing them.

Oh?

[temojen]

I wouldn't trust a hotel (or net-cafe) computer with a USB stick with my private keys, certificates, or banking password. Even if you boot off your USB stick, how do you know it's not booting under Xen? I think it's more likely that the hotel computer has malware already. chambermaids are not sysadmins.

Re:Oh?

[Pharmboy]

This is referring to a computer with NO operating system at all. You have to provide everything, it's completely diskless, just a usb port. If they did anything, it would have to be at the proxy or some kinda tftp boot.

Having a whole operating system on a flash drive isn't that unusual. I have been using Knoppix for years, like a million other people. The flashdrive would just be faster and smaller, and you could write to it and save some files if you chose to.

Re:Oh?

[temojen]

How do you know it has no OS?

Re:Oh?

[ComputerSherpa]

You guys are all assuming that your precious data is worth stealing in the first place. You may not be as interesting to other people as you may think.

The key issue

[putko]

There's nothing magical about USB, or even a local disk.

The key issue isn't that the data is on a USB disk, but that it is easy enough for you to carry around all your data (including OS and apps). E.g. compact flash would suffice. Or serial flash.

Furthermore, just having secure access to the data (perhaps over the internet) would suffice. Imagine a system where to boot up, the PC fetches your data off the web. Perhaps you use a kind of use-once key to access some of the data, with which the PC computes.

The thing I've not been satisfied with yet is the idea that the PC itself would engage in a man-in-the-middle attack. E.g. it stores a copy of whatever data you've accessed (off your USB, compact flash or network storage) -- and the bad guy gets that stuff later. There's no defense against this attack, because the PC is doing the processing.

E.g. imagine a compromised PC running something like bochs. It emulates a real PC, but gives away your secrets.

Trust?

[wtown]

Assuming that you are willing to trust that this machine isn't (either by design or by tampering) just grabbing and logging all of your data.

Granted, I'm sure protection mechanisms would be built in to address this, but I think I'd still be a bit skeptical.

Re:Or you can go one better...

[temojen]

Or just bring your own Laptop. Putting your confidential information in someone else's computer is not safe. ever.

USB would need a security layer.

[G4from128k]

This sounds like a security/privacy nightmare. What stops the host PC from copying the drive or infecting it with malware from the prior user. Even if the USB drive uses an encrypted filesystem, once you type your password into the PC to access any file on the user data partition, you have no guarantee that it won't access every file on the drive. I can also see this giving corporate security managers the screaming heebie jeebies over the thought of returning road-warrior executives bringing infected USB drives inside the the corporate firewall (yes, you can scan for malware but you're still susceptible to zero-day attacks and delays in AV updates).

Perhaps this would work if the client machine were truly memory-less (no HD, no NVRAM, no flash ROM, etc.). Then the machine could be a secure blank slate for whatever the USB user needed to do. Given the prevalence of flashable firmware on everything (and the need for persistent machine configuration data), I doubt this is very feasible.

Re:vmware with no HD image perhaps?

[DavidTC]

So, you think computers in hotel rooms are just going to have their cabling laying around where people can get to it?

Cause we all know they do that with the phones and TVs.

Oh, wait, no they don't. They build them into things or at the very least have the cables non-detachable.

Gee, if they do that with a 30 dollar phone and a two dollar cable on it, I wonder if they'll do it with a 300 dollar computer and a two dollar cable on it. Not to mention the 15 dollar keyboard and 5 dollar mouse they don't want people making off with.

I'm sure they'll leave all that accessable where we can just unplug it at will, instead of putting in those computer cases that are sold exactly for the purpose of blocking access to the cabling while leaving the front accessable.

Just for laughs, at the next hotel you stay in that has an internet connection, try unplugging the TV. See how far you get. You can unplug them at cheap places that just buy a TV and put it on a table, but those are not the places that will be offering computers.