The World's Most Secure Home Computer Reaches Crowdfunding Goal

"If the PC is tampered with, it will trigger an alert and erase the PC's encryption key, making the data totally inaccessible." Last month Design SHIFT began crowdfunding an elaborate "open source, physically secure personal computer" named ORWL (after George Orwell). "Having exceeded its $25,000 funding goal on Crowd Supply, the super-secure PC is in production," reports PC World, in an article shared by Slashdot reader ogcricket about the device which tries to anticipate every possible attack: The encryption key to the drive is stored on a security microcontroller instead of the drive... The ORWL's makers say the wire mesh itself is constantly monitored... Any attempts to trick, bypass, or short the wire mesh will cause the encryption key to be deleted. The unit's security processor also monitors movement, and a user can select a setting that will wipe or lock down the PC's data if it is moved to another location... The RAM is soldered to the motherboard and can't be easily removed to be read elsewhere...

Your ORWL unlocks by using a secure NFC and Bluetooth LE keyfob. Pressing it against the top of the ORWL and entering a password authenticates the user. Once the user has been authenticated, Bluetooth LE is then ensures that the user is always nearby. Walk away, and the ORWL will lock.

... formerly most secure computer

[damn_registrars]

They can't really expect to hold on to that title when they are willing to send it out with Windows 10 preinstalled.

Re: ... formerly most secure computer

True. We have much more work to do on the OSs (and get away from Microsoft entirely) and communication security.

Re:... formerly most secure computer

[blind+biker]

Holy shit, they come with Windows 10? All the good will that the video I just saw generated in me, has been removed in one fell swoop. Screw Windows 10, screw Microsoft and screw any computer that comes with Windows 10 preinstalled.

Re:... formerly most secure computer

[lgw]

Does Ubuntu still send your local searches back to the mothership? Do we know what other lines they've crossed? I only feel secure about the BSDs these days.

Anyway, we know there is NSA gear to deal with this: unless the keyboard is inside a Faraday cage, they can log your keystrokes. Unless the monitor is inside a Faraday cage, and you have no windows (or Windows) they can see your monitor. And Bluetooth? Forget about it.

If any TLA is actually worried about these, they'll be intercepted in shipment (or maybe their parts will be before assembly) for pre-installation of gadgets.

I applaud this effort, really, but it's just a start. Bruce Schneier has talked about this before: the only secure computer is a laptop you buy in person from a random store (and is of course fully encrypted), and that stays in a safe whenever it's not in line of sight. And even then - how good is that safe?

Re:... formerly most secure computer

[damn_registrars]

To be fair, they offer it with multiple OS choices; Windows 10 just happens to be one of them. You can opt for a less-terribly-insecure OS if you want. I just find it comical that they present it as secure when Windows 10 is an option - particularly considering how many Windows users are always logging in as administrator (admittedly some without even realizing it).

Re:... formerly most secure computer

[Orgasmatron]

The headline is crap. The linked article is better, and the wiki has more details. This is a physically secure computer, not generally. The goal is that when you unlock it, it should either be in the same state it was in when you locked it earlier, or it should be obvious to you that it is not.

It has no ethernet or wifi (nor, for that matter any busses capable of reading memory by DMA), but you can add them with USB3, which gets disconnected when you lock it. The case is designed with very little room between the security shell and the glass or plastic case, making it very difficult to add things without you noticing. Opening the secure shell inside wipes the drive encryption keys, so you'll notice if someone does that. And when you first get it, you can open it up to inspect the insides to make sure that nothing was added before it gets to you.

This would be ideal for running a small Certification Authority, for example. The signing key would be well protected inside the shell without you having to wear it on a USB stick around your neck for the rest of your life. Ditto a bitcoin wallet.

But it isn't, nor was it intended to, let you run Windows fresh off the DVD while you browse porn sites in IE and download warez off of shady torrent sites without antivirus.

Re:... formerly most secure computer

[lgw]

Well, maybe I can buy their "99.9%" secure - it'll be safe from the neighbor's kid, I guess. Seems like they're trying to make something FIPS 140-2 level 3, but without certification it's just another homebrewed security device, and those have a very poor history of actual security.

Re:... formerly most secure computer

[K.+S.+Kyosuke]

I bet a Raspberry Pi with some obscure BSD mutation would be safer, and for much less money, too.

Re:... formerly most secure computer

[unixisc]

Does this computer have the option of PC-BS... er, TrueOS?

Re: ... formerly most secure computer

You can select the OS you want. They even propose Qubes OS pre-install. The claim is about hardware security

Re:... formerly most secure computer

[im_thatoneguy]

I don't see how this would protect a bitcoin wallet since it would self destruct taking all of your money with it. I guess if you had redundant systems spread all over the place it would be ok but it's hard to maintain an offsite system and keep it powered and running perfectly.

Re: ... formerly most secure computer

What are you talking about?!?! Windows 10 is the MOST secure OS to date. If any hacker breaches your system he or she is bound to commit suicide within 2 minutes of using its ass ugly GUI.

Re: ... formerly most secure computer

[archi1]

You can select QubesOS too or Ubuntu.

Re:... formerly most secure computer

[geekmux]

They can't really expect to hold on to that title when they are willing to send it out with Windows 10 preinstalled.

Agreed.

Building the world's strongest front door is an exercise in futility when you leave the fucking Window open.

Literally.

Re:... formerly most secure computer

[mlts]

At least it can ship with Ubuntu by default. If W10 is needed, it can be run under VMWare, VirtualBox, or one's virtualization utility of choice. That way, Windows 10 can be run, but it is isolated from the hardware.

As for options, I would go with the M7, 480GB SSD, and glass case. One can't argue with a beefier CPU (assuming cooling isn't an issue), and more disk space. The glass case is useful for tamper resistance.

My only wish is if the device had a port for a Kensington lock slot, with some mechanism to zero out keys if someone yanked out something out of the slot by force.

Of course, there is blue-sky stuff. For example, a S/PDIF port that would be used with a fiber optic cable as a tether. If the S/PDIF port got unplugged or the fiber optic cable got cut, the keys would be zapped. This would provide extreme security, with the only way to get around it is to destroy what the fiber optic cable was looped around.

Re:... formerly most secure computer

It doesn't solve all problems, but it does handle some of the biggest items, namely physical security, where someone grabs the device while it is on or off. One can always get TEMPEST resistant USB keyboards, but the attacks that are going to use those vectors are a lot more expensive than someone just swiping the computer.

Not all security measure are about avoiding the TLAs. I personally encrypt [1] everything because it turns a theft into "just" a hardware theft (which insurance can replace.) Without encryption, it is dealing with the loss of hardware, but the data in the wrong hands as well, especially something like a SSH private key that is used for access to a public GitHub repository for contributions.

Just because something isn't NSA, PLA, or FSB proof, doesn't mean that the security measures are worthless. The lock I use on my gym locker will fall easily to an angle grinder, cutting torch, or detcord... but I use it anyway, because it does a good enough job.

[1]: Encrypt and backup. The 3-2-1 rule is quite important.

Re:... formerly most secure computer

To be fair any computer does not replace a backup system. You are always at risk to lose a machine.

Re:... formerly most secure computer

You can select the OS of your choice or build your own system. This device brings a TONS of Hardware security. You need secure HW to run and trust the SW above or you have no guarantee your system has not been changed. Memory dump, BIOS attack, USB key... its all open on any other machine.

Re:... formerly most secure computer

[archi1]

does not compare in performances. This is much much more powerful. 4k video, Wifi AC dual band, full x86 compatibility, SSD drive... check the spec this is another level of performances. Product spec and datasheet are here : https://www.orwl.org/wiki/inde...

Re:... formerly most secure computer

[Orgasmatron]

Since bitcoin is irrevokable, it couldn't be the sole copy of any keys in use. You would still need to either print/burn copies of the keys generated inside it for secure storage, or you'd need to generate them elsewhere and import them.

The advantage here is that you'd only need to do that once per tamper, instead of every time you wanted to use it.

The keys to the root CA certificate in my other example might be like that too, or it might not, depending on how hard it is for you to push out new certs. A small system, like for my home, would be fine. I'd never back those up, because it would be trivial to recreate my root, install it in my clients, then generate new client certs. A global enterprise with branches on 4 continents? I'd plug in a printer and make backups.

My employer is in between those. I'm probably going to order two for playing around just as soon as it shows up in the inventory of a distributor willing to sell them to me net-35 on a purchase order.

Re:... formerly most secure computer

If they provide Windows 10 then they probably use in internally which means their entire organisation is likely compromised. When you buy "computer stuff" (hardware, software, firmware, USB-cables, whatever) you aren't just trusting they company but a whole chain of people.

Re:... formerly most secure computer

[arglebargle_xiv]

One thing I'm puzzled about is how they're going to build this for $25K in funding. I've worked on highly-secure computing devices and $25K was the down payment on the FIPS eval, not the development budget. OK, I realise FIPS is a waste of money so it doesn't make for a good benchmark, but you still can't get much engineering out of $25K, particularly not the specialised stuff they're doing.

Re:... formerly most secure computer

[geekmux]

You can select the OS of your choice or build your own system. This device brings a TONS of Hardware security. You need secure HW to run and trust the SW above or you have no guarantee your system has not been changed. Memory dump, BIOS attack, USB key... its all open on any other machine.

Great. So this device will help protect the 0.001% of information that is stolen today from a local attack on the hardware.

In the meantime, that great sucking sound coming from the very network people will expect to "securely" connect to is still sucking.

Does this hardware have an application? Sure. In the basement of a three-letter agency, offline and behind a shitload of other physical security.

Re:... formerly most secure computer

[StefanC.]

To clarify, ORWL has WiFi and Bluetooth connectivity that is accessible to the OS, Ethernet you can get through RJ-45. There is NFC and another BT available only to the secure element for authentication purposes. Out of Box, you will need to go through 1st authorization process, that verifies that the device has not been tampered with and you receive what we sent. Exactly.

Re:... formerly most secure computer

[StefanC.]

We are planning for FIPS review and have gone through the 1st review process with Penumbra already. Collecting their inputs and tweaking the design.

Re:... formerly most secure computer

[StefanC.]

Need to clarify! >>a setting that will wipe or lock down the PC's data if it is moved to another location... So, if there's a bug in the security program, or in the operating system, or in the sensors, it wipes your data. >> I think there is a misunderstanding in which events trigger a loss of all SSD data. any tampering with the device HW, like drilling the protective shell (not the glass), prying the shells off the PCB, freezing the pcb+components, the backup battery runs low on juice (after ~6months without power connection) If the device is moved while the KeyFOB is out of range, the device will shut down but not wipe your data. It's nothing but a forced shut down

Re:... formerly most secure computer

[Reziac]

Friend's dad worked for NASA and his offsite PC was the Cold War version of this gadget: a laptop with RAM but no HD, everything loaded from tape every day. Idea was if it got lost or stolen, there was no data left.

Re:... formerly most secure computer

[Orgasmatron]

Sorry, I must've missed those on the specs. I see the wifi now, on the electrical design page, but still don't see ethernet.

Re:... formerly most secure computer

The design work is already done, this is just a pre-order so they can order parts and get the first batch built. These guys appear to really know what they're doing, and they have a history of delivering.

Re:... formerly most secure computer

[lgw]

It will do wonders for credibility, as well as making it clear to the knowledgeable what the point of the device is.

Re:... formerly most secure computer

Its a secure endpoint with two factor authentication. It prevent anyone else than the user to access the data inside. It is the equivalent of a root of trust. You can build many systems from there as you know the HW and FW has not been modified or attacked. So, some application are plain privacy concerns at home. It can also be used as endpoint to access remote encrypted information. It can also be a key server for a media center or for end to end communication email...

Re:... formerly most secure computer

[StefanC.]

You are correct, It will take much more that $25k to get all this done, it took much more than that to get to where we are today. We have working prototypes today that we use to finish the development. The Crowd Supply campaign for us is to get attention and get a number of devices into peoples hands, to play and develop on them before anyone else at a lower cost than retail later.

Re:... formerly most secure computer

[lgw]

That's a whole lot of words to sort-of say "FIPS 140.2 level 3". It's supposed to be tamper-proof, at least for physical attacks (really, only the key store is of concern). That's an avenue of attack that concerns some people. It's not particularly secure against other areas of attack, but that's (possibly) OK if it's clear what the point is.

Re:... formerly most secure computer

[K.+S.+Kyosuke]

Have you ever heard of the law of diminishing returns? What do you achieve with 40 GIPS in personal computing that you can't achieve with 10 GIPS? Now it would be nice to have, say, something A73-based with better IO, but hardly at the cost of making the system as baroque as the current PC world is. Security-wise, that's a disaster.

Re:... formerly most secure computer

[arglebargle_xiv]

Oh cool, a developer. Do you have a means for people to submit what-about-X attack questions? Your Security section is a bit too incomplete for me :-). For example it looks like the tamper mesh only covers the two shells that surround the circuit board, what if I penetrate the side of the circuit board, inject PU foam under pressure to lock the switches, and then separate the halves? What if I use a targeted magnetic field to lock the switches? What if I use oil-well perforators to knock out the switches, or disconnect power/signal lines to tamper-responding circuitry? etc.

Re: ... formerly most secure computer

[Maritz]

Not shiny enough? Like your gradients do you? ;)

Earthquake

[fox171171]

The unit's security processor also monitors movement, and a user can select a setting that will wipe or lock down the PC's data if it is moved to another location...

Might want to set it to be fairly insensitive if you live in an area likely to have earthquakes.

Re: Earthquake

Or the cat like something to sharpen it's claws on.

Re: Earthquake

[I'm+New+Around+Here]

One of my customers lost a system that his cat pushed off the shelf it was on. The shelf was the top of the computer hutch in his office.

Lesson learned, tower computers tip over too easily.

Re: Earthquake

The device does not erase Dara when shaken. It only shut down when user is away and device moved.

Re:Earthquake

Check the crowd supply link, the device does not wipe out if moved. It will shut down only if the user is not around with the keyfob and motion is detected. You can always power it up again with the data. The data are wiped if any tamper is detecting, like someone trying to open or drill...

Re: Earthquake

[Hognoxious]

Alternative hypothesis: it's fucking difficult to fall off the floor.

Conceptualized: World's Most Secure...Computer...

That doesn't exist or has been subjected to real world attacks. Awesome. Dreams are great.

Ram is volitile

As far as i know RAM can't be read when it's no longer being refreshed by the mother board... or is there a way to read the last polarization of a bit...

Re: Ram is volitile

I think ram can be frozen and it will retain state long enough to be moved into a machine that reads it in bulk.

Re: Ram is volitile

[archi1]

The secure controller on the board monitor the temperature and physical integrity. It will shut down and wipe the key if frozen or opened. see here https://www.crowdsupply.com/de...

Marketing Security is EASY!

Marketing Security is EASY!
Doing real security is HARD.

I have a number of the world's most secure home computers here.
They
* don't connect to networks
* don't have any SSD, HDD, SDHC or other permanent storage
* don't run Windows or OSX
* are locked in a gun safe when not being used.

This Windows systems are toys and full of bugs in comparison. Secure my ass.

Re:Marketing Security is EASY!

[Computershack]

* don't run Windows or OSX

Or Linux or Unix as both of those have exploits both local and remote as well. Might get away with BeOS if you're wanting something with a GUI but as its over a decade and a half old hardware support may be an issue.

Re:Marketing Security is EASY!

[Raenex]

Might get away with BeOS

Security by obscurity. Nobody bothers looking for exploits in unused operating systems.

Re:Marketing Security is EASY!

[Scarletdown]

Does the Timex-Sinclair 1000 that I have sitting in one of my "stuff boxes" count as most secure computer? It is just the console by itself. No RAM expansion module, cassette interface cable, or even power supply at the moment. Don't think a computer can get any more secure than that.

Re:Marketing Security is EASY!

[lgw]

* are locked in a gun safe when not being used.

There's your flaw. They've already had keyloggers added. Did you really think your gun safe was tamper-evident against an advance persistent threat?

Re:Marketing Security is EASY!

[Alypius]

Yep, just like my Apple //c that's been in the closet for 30 years!

Re:Marketing Security is EASY!

[khallow]

Does the Timex-Sinclair 1000 that I have sitting in one of my "stuff boxes" count as most secure computer?

As long as you never power it on, you should be safe.

Re:Marketing Security is EASY!

[Maritz]

Your computers don't do anything. Well done. I have an exceptionally secure lump of coal here.

But can it handle DOS attacks?

[Vlad_the_Inhaler]

What is the market for this?

Re:But can it handle DOS attacks?

Up to DOS 6.22.

Re:But can it handle DOS attacks?

[BarbaraHudson]

This is marketed to paranoid dummies who don't realize that they will irrevocably lose all their data if someone chills it with a spray can of freon. Or stick it in the office freezer.

The microcontroller in the ORWL monitors temperatures and any drastic change can trigger an alert and nuke the encryption key.

Or just microwave it. That should really go over well with the mesh screen. Also, powering down the USB ports isn't going to save the machine - a good wack of 120v will fry the port anyway, and again, the machine will go "omg - time to self destruct."

Re:But can it handle DOS attacks?

[bagofbeans]

So anyone actually using this for real work will need a script backing up data every 10 second to somewhere... insecure. I remain uninspired by the product definition.

Re:But can it handle DOS attacks?

_golf clap_

Well done.

_golf clap_

Re:But can it handle DOS attacks?

Or just take a hammer to it. There are many ways to make the computer destroy the key but that's not the point here. Some of the "paranoid dummies" you describe worry more about keeping their data from prying eyes than they do about losing it entirely.

Re:But can it handle DOS attacks?

[Jeremi]

Aw, c'mon, you're not being nearly cynical enough. This is actually an NSA/KGB/TLA/Illuminati honeypot -- they fund this, market it, see who buys one, then they know who to watch in the future. If they can sneak some actual backdoors into it, so much the better, but even if they don't, it's served its purpose.

Re:But can it handle DOS attacks?

It is a secure endpoint with two factor authentication. You can share data to only people having a key and access to the unit. For individuals, it's a privacy computer where YOU only can access and update device. For IT, it can be used with encrypted email, encrypted storage shared over the web..., with dual factor and tamper proof so only the dedicated user is accessing the resources

Most secure?

[YrWrstNtmr]

The VIC-20 in a box in my garage.
And yes, it actually still works.

Re:Most secure?

[zenlessyank]

No one should need more than 5k RAM.

Re:Most secure?

[AJWM]

Well, 3.5k if you were using BASIC.

But you could get an expansion memory cartridge (fit the same slot as the game cartridge). I got an 8 k one and soldered in 4 more 2k (static) RAM chips to bring it up to 16k. Luxury!

Re:Most secure?

[zenlessyank]

I'm a young whippersnapper so the C-64 is what I had 1st. I wondered what the actual available RAM was on those things. My Commodore had 38k available using BASIC. I always felt like the VIC-20 guys got screwed over by not waiting on the C-64 but no one can tell the future.

One problem with this computer

[the_humeister]

It's using Intel's Skylake processor. That requires a chipset that has IME on it, unless they were able to strike a deal with Intel and make their own chipset without IME, which is not likely.

Re:One problem with this computer

[ffkom]

Indeed, using Intel CPUs and MicroSoft software, you can be sure that your data is "secure" only in the sense of being backed up by all kinds of government agencies using the backdoors built into these CPUs and Windows.

Re:One problem with this computer

[AHuxley]

Thats why projects like the Lemote Yeeloong laptop got interest. Been understood down to the hardware level was very important e.g. building on a a free software boot loader.
Free software laptops (Dec 18, 2009)
https://www.fsf.org/bulletin/2...

Re:One problem with this computer

[AmiMoJo]

The IME can only be accessed via Ethernet or USB. It doesn't have the former and the latter is physically disabled (data lines disconnected) when the machine is locked. So there is no way to exploit the IME externally.

Software security is your own problem and outside the scope of what they are doing, but no one is forcing you to connect it to the network.

But does it feature write-only memory?

Write-only memory

Interesting concept, but...

[Striek]

It's an interesting concept, but it goes too far... it would be trivially easy to have this thing delete the encryption key - just shake it around a bit and it, and all its data, become useless. The risk of data loss when using this "secure" computer would be so high, even by accident, that you'd need a backup close by somewhere.

So anytime someone is seen with a computer this secure, just target their backups instead. Considering the relatively high likelihood of accidntal erasure, they're sure to have them.

Besides, although the data stored on this is extremely secure, it isn't very available. It's opens up a huge attack surface by making it far to easy to destroy the data on this thing, limiting its effectiveness and market considerably.

Re:Interesting concept, but...

[Striek]

And hell, you don't even need an evil maid to ruin your day. You turn that setting on, and then a maid picks the thing up to dust the desk. Poof!

Re:Interesting concept, but...

[SensitiveMale]

So anytime someone is seen with a computer this secure, just target their backups instead. Considering the relatively high likelihood of accidntal erasure, they're sure to have them.

The classic example is the bank with impenetrable security. Just kidnap the manager's daughter and you have free access everywhere in the bank. There's always another way.

Re: Interesting concept, but...

[Lussarn]

I have used this computer for weeks without any problems whatsoever. I wouldn't worry one bit about data loss. Mark my wor#$Ã(+#NO CARRIER

Re: Interesting concept, but...

Not my daughter. I'd tell you to start paying her college tuition if you want her so bad.

Re: Interesting concept, but...

Not my daughter. I'd tell you to start paying her college tuition if you want her so bad.

Somehow, I can actually believe that you are a bank manager. I can, but I don't. Still, good one.

Re: Interesting concept, but...

It does not erase the data if shaken. It does shut down if user is not around and device is moved data are erased only if device is opened.
Like any other computer you can't avoid backing up and that is still true for Orwl.

Re:Interesting concept, but...

[StefanC.]

I think there is a misunderstanding in which events trigger a loss of all SSD data. any tampering with the device HW, like drilling the protective shell (not the glass), prying the shells off the PCB, freezing the pcb+components, the backup battery runs low on juice (after ~6months without power connection) If the device is moved while the KeyFOB is out of range, the device will shut down but not wipe your data. It's nothing but a forced shut down.

vectors.

the nfc controller, the bluetooth controller. that is assuming nothing is plugged into it. and don't even get me started on intel chips.

How is physical security important, when the device is practically made out of NDA's, undocumented API's and chips with un-auditable encrypted firmware?

Re: vectors.

Read the details on the campaign. There is a great reading available. It's a lot more secure hysically. It also mitigate a lot of ME engine. BT and NFC are encrypted.

"Any attempts...will cause"

[YrWrstNtmr]

So I can brick your drive by attempting to connect via bluetooth? Cool!

Why would you want one again?

[mschuyler]

This computer is SO SECURE that if you make one tiny mistake, like walking away from it, it will be secure FROM YOU! You can't move it. You can't move from it. If you screw up just once a tiny bit, then you are definitely screwed. I'm all for a good dose of paranoia to keep you vigilant and all that, but I'd be scared to use this thing.

Re:Why would you want one again?

[mark-t]

Indeed... because of all of the precautions it employs in the so-called interests to "protect" your data, it seems like the only thing this would be good for having on it is content that you don't care if you lose... and if that is the case, it is unlikely anyone else would be interested in trying to attack it in the first place.

Re: Why would you want one again?

[archi1]

He range before the device locks is about 30 feet. (10m) plenty to move around.

ktulhu tomara que ela bata o carro também

Essa merdinha da Chatherine Steindl tem imunidade diplomática por acaso pra fazer filme porno com menores?

Too far and not far enough

Ok, so this computer is basically impossible to repair... lets hope it does not break, then.

But it still does not do enough to protect you from the evil maid. Keyboard is connected over USB, so it is trivial to put keylogger between PC and keyboard. In the same way, eavesdropping should be possible at the video side...

I commented on this on the red site...

While all the *PHYSICAL* technical measures are excellent, they make a gross presumption about the security of the electronics inside. Electronics which are running firmware which due to the lack of public scrutiny and method of replacement could easily be used to backdoor this device and exfiltrate the security keys and/or believed secure data from the device whether or not the device was authenticated, or be used to disable the aforementioned security measures before they could inactive the contents of the device.

Personally, any device with wireless capabilities built in I consider suspect. Anything with USB or another hotplug bus I consider infiltratable with limited physical access. Anything connected to a network I consider compromisable with sufficient knowledge of the hardware and operating system.

If you want a device with the level of security this device claims, today you would need essentially custom chips all the way up, and designed with e-fuse (or worm) memory built into the chip and/or package that either you, or your organization programmed. Furthermore in the event of device compromise it would need the capability to blow all remaining fuses to wipe the in-chip keys and enough residual charge to similiarly wipe or corrupt all other flash devices inside (hard disks by nature of their io speed could not be done like this, but everything up to a terabyte SSD should be capable of wiping within a minute. Larger devices could simply have patterned wipes done to ensure not enough blocks were recoverable to ensure decryption.

Re:I commented on this on the red site...

[archi1]

WiFi can be disabled. Also you can use Qubes OS and configure VM to protect each resources of the PC. You don't need a custom chip. check the update they posted https://www.crowdsupply.com/de... there is a lot of details.

O rly?

[InfiniteZero]

"Sensations and feelings", really?? Nothing wrong with them and we all have them, but they are almost the antithesis of "intellectual capacity". Also, the all lower-case sentences really don't help, especially when complaining about teenagers. The irony...

Re:O rly?

[Ol+Olsoc]

Also, the all lower-case sentences really don't help, especially when complaining about teenagers. The irony...

Hey! it took us years to teach him to not use all caps!

Re:slashdot

[mark-t]

I have a problem with your post.

If you have horse-drawn buggy traffic, then you are living in a time before computers, and would not be able to nostalgically reflect on the days of bbsing of yore, let alone slashdot's better days.

Have some goddamn continuity, man.

Re:slashdot

[BarbaraHudson]

Well, you sure must like slashdot enough to keep shit-posting this same comment in different threads.

Re:slashdot

[InfiniteZero]

To continue on my previous post... It's a relevant and fun article. I clicked it and expected the Slashdot audience to tear the whole concept apart from the technical standpoint, and was not disappointed.

Perhaps they could learn something from...

[Xenna]

The world's most secure bomb:

https://en.wikipedia.org/wiki/...

A virtually tamper-proof bomb used to extort $3 million from a casino. It could not be moved. The FBI tried to disable it with a shaped charge but failed and blew up the hotel.

Re:Perhaps they could learn something from...

[mark-t]

Wow.... I hadn't heard of that before. Did insurance cover the damages, or was the owner basically fucked?

Re:Perhaps they could learn something from...

[Xenna]

I don't know really, but I think a business would normally be insured against damage from fires or explosions, but probably not against extortion damage.

So perhaps the choice to let the FBI guys have a try was actually a sound business decision ;-)

nice!

what could possibly go wrong?

External power adapter connects to usb?

[Joe_Dragon]

Why not have a power only port?

and no e-net with only 2 usb ports?

Retardation Level Over 9000!

What retard thought this was a good idea? This is literally the dumbest idea I've heard on /. in years. Let's say an attackers goal is to erase all your data, you just made it 1000 times easier for them. Just wait until tomorrow and someone will 1 up this level of lunacy with something else. Worlds most secure PC is NOT going to run Windows 10 or any version of Windows for that matter. Only a complete retard would use Windows 10 for anything privacy related. It has built in keylogger and telemetry that records every little thing you do. When I read the title I was like ohh nice a new OS... then I was like are you fucking kidding me. Out of all the versions of Windows... it's Windows 10. Picard double facepalm.

They should get some funding

[rossdee]

from the C;inton Foundation

Obligatory xkcd

[93+Escort+Wagon]

I'm not a huge xkcd fan, but I can't believe no one has brought up this one - it's quite literally the first thing I thought of while reading the description of this silly computer.

The context is pretty much identical.

Re:Obligatory xkcd

[Shane_Optima]

Nice try but, I have to say that's a fairly poor XKCD and a mediocre invocation.

XKCD didn't invent the concept of the rubber hose cryptographic attack (or wrench variant) and he rather bungles the joke by the RSA reference. No one uses RSA for full disk encryption. He's also overlooking the multiple cryptographic solutions (most famously, the overrated but noob-friendly Truecrypt) that used multiple nested containers so that (if you set it up properly) the attacker can't know whether you've decrypted the "real" container or not. Other comic writers might get a pass for this laziness, but not Munroe.

All that said, although I think this device is pretty damn impractical and I'm not certain what the target market is (uhhh.... Silk Road 3.0 operators? Rich people who really, REALLY don't trust their evil maids?), it does seems like it's a pretty good defense against the torture attack. Unless your attacker knows in advance you're using one of these, he's most likely going to trigger it before he gets around to torturing you for the passphrase.

Re:Obligatory xkcd

The computer makers themselves used this XKCD on their crowdfunding page.

Re:slashdot

[Scarletdown]

I have a problem with your post.

If you have horse-drawn buggy traffic, then you are living in a time before computers, and would not be able to nostalgically reflect on the days of bbsing of yore, let alone slashdot's better days.

If you have horse drawn buggy traffic, there is a good chance you live in an area with a lot of Amish. And last I checked, our Amish communities still live in the 21st Century. If you are not Amish but are living among them, you can still fully take advantage of the modern conveniences and technologies we have here in the future.

Security: GOOD, Vandalproof: ZERO

[petes_PoV]

The other side of corporate espionage is denying a company access to its own databases, research, customer lists, ledgers and everything else that is required to keep a company going.

While this device is very good at preventing other people fromgetting that data, it's the worst design possible for preserving it in the face of adversity. All that a bad person would have to do to put you out of business, if you relied on this device, is to say "Boo!" and all your data disappears.

Of course, if you have a backup then that has to be at the same level of "security" as this PC or it becomes the weakest link. Instead it's the most breakable link - which is merely another form of weakness. The same goes for restoring all your lost data: if you rebuild the lost data from across a network connection, that has to be untappable, too. I don't think the people who built this have thought it through properly.

Re:slashdot

[mark-t]

Oh... my bad. Good call.

3.5" hard drive filled with Thermite

[Ransak]

Realistically all one would need is a 3.5" hard drive with the guts replaced by Thermite. Installed above the storage medium and RAM and wired to a pressure switch so when the PC is lifted it ignites, it's hard to see how this can be countered unless the ne'er-do-wells know about it ahead of time. And it's cheap.

Re:3.5" hard drive filled with Thermite

[petes_PoV]

I would like to see your fire insurance claim after you admitted to bringing a bomb into your house.

Pyrotechnics look impressive in bad films, but in real life? hardly.

Re: 3.5" hard drive filled with Thermite

[Ransak]

Thermite isn't explosive on its own, it's just a high temperature redox reaction. Arson would probably stick in court if it were law enforcement attempting to seize it, along with at a minimum destruction of evidence and some type of assault charge. But the data is destroyed and it's low cost and low tech. Putting the whole thing in a fireproof enclosure (a safe, concrete/center blocks, etc) and it lowers the odds of torching the average house; depending on the person and the data that might be an acceptable compromise.

Re:3.5" hard drive filled with Thermite

You haven't seen the Defcon talks about HD destruction using thermite. It won't do the job you think it will.

Re: 3.5" hard drive filled with Thermite

[Ransak]

I have read a brief article on it but I haven't watched a video of the talk. I'd sincerely like to know the details of why it wouldn't work, such as the type of oxidizer used, stoichiometry of the reaction tested, etc. as this idea is not new and it's been tested and shown to, with the right ratio of chemicals, turn the hard drive bays and anything in them to slag. I'll look for the article and reply to this post with it if someone is interested, or if someone kindly posts the Defcon talk refuting this method.

Overkill

[ElectricHellKnight]

I know I will likely take a lot of flak for this, but what is the real, practical use for a device like this? I'm not even trying to be sarcastic, can somebody please explain it to me?

Buying one of these will do little more besides possibly get you put on some sort of watch list, if the NSA even cares enough about you to do so. Just simply carry your private data on a flash drive that stays on your person, and only plug it into a special system that is offline, running a live OS with no data saved to the hard drive.

If you get captured by the government goons, snap it in half, swallow it, whatever. And buying a flash drive isn't considered suspicious, unlike buying one of these. If they're going to such great lengths to get to you, you're fucked anyway. At that point, you might as well hole up in your basement with a gun pointed at the door, anything less will not suffice.

Re:Overkill

[archi1]

Carrying a flash drive is really not safe and certainly not protected from reading later. Even if tampered. The point of ORWL is to provide dual factor authentication as well as tamper proof. So YOU only can access the data and always know the computer is 'safe' to use, including FW, BIOS and other HW element have not been modified without your knowledge

Skeptical given Skylake ships with a backdoor

I'm a bit skeptical given all modern Intel and AMD systems ship with a NSA-level backdoor. To claim it is secure is a joke. The only CPU you could probably utilize where we can be reasonably confident that there is no backdoor is the Allwinner A20. Actually you might be able to utilize one of a number of others, maybe, but the A20 is the most obvious candidate for a desktop-scenario right now as we know how the Chinese are backdooring home grown systems with this CPU and it is an Chinese designed CPU. There are a number of other CPUs being evaluated by the EOMA68 project you should look into if you really want to talk about designing a secure computer now. In order to talk seriously about designing a secure and privacy friendly system you need to be able to reasonably evaluate any source code running on the machines including at the component level which means CPUs, hard disk firmwares, wifi firmwares, etc. While you can argue that backdoors could be implemented in hardware the easiest, most obvious, and probably cheapest place to put a backdoor is in software at the component level.

Already possible

[Tolvor]

Having good system security is already possible. It just requires good software and good security practices.

First get some really good encryption software that can be trusted (no, Microsoft's (aka 'Apple should have weak encryption and build in back doors') BitLocker is *not* trustworthy). BestCrypt or DriveCrypt Plus Pack both seem reliable and better still neither are based in United States.

Good security practices includes having a kill key that will wipe the internal memory where the key is kept, which also wipes the operating system in memory also which crashes the computer. Hit the kill key and everything locks. Good security is the drive automatically dismounts after a set timeout period of no activity. Good security is a strong password. To over-simplify a Bruce Schneider article a key-character only gives 2 bits of entropy. A good starting place for strong drive passwords is 50 characters.

Be careful about physical security. I forget who, but the FBI wanted to get into the computer of a mobster, and the computer had a strong password. They got a secret warrant and installed a dongle on the computer which recorded keystrokes. Now days they can replace keyboards and computer mouse with look-a likes that have built in key recorders. Watch your ports and beware odd hardware. Watch out for mini-cameras that can be installed and watching your keyboard.

Be careful about online security. As Snowden pointed out the NSA does have a wide array of software to hack into peoples computers. Don't install untrusted software. Don't accept dodgy links sent to you to visit. Do use some really good VPN software (it doesn't hide you perfectly but it does make it much harder for the NSA). Install virtual systems (ex VMWare Workstation) on your computer and work on really sensitive projects in there. Use an air-gapped computer that no access to the internet, Wifi, or internal network.

Having a system with a hair-trigger vibration guard and a wire cage drive enclosure is good but misses the point. The weakest link to security is usually the person behind the keyboard.

Re:MORE THAN One problem with this computer

I didn't look any deeper after seeing that the Intel SSD has flashable firmware. All such flashing must be disabled in hardware. You wouldn't use a cam or microphone with only software control, why should the more critical functions ever be less protected?

Windows? seriously?? The best claim they could hope to make is "most secure Windows home computer". And "home" is a weasel-word too. Are expectations supposed to be lower?
They've earned a plateful of the best-tasting meadow muffins.

Re: Conceptualized: World's Most Secure...Computer

They are third parties audit. They are testing physical protection and many attacks. Check the update on the crowd supply project.

Single point failure

[Geoffrey.landis]

Uh, nobody else sees this as a series of single point failures queued up to happen?

If the PC is tampered with, it will trigger an alert and erase the PC's encryption key, making the data totally inaccessible."...

Any attempts to trick, bypass, or short the wire mesh will cause the encryption key to be deleted....

... a setting that will wipe or lock down the PC's data if it is moved to another location...

So, if there's a bug in the security program, or in the operating system, or in the sensors, it wipes your data.

Nope.

Try someone who understands secure hardware: http://blog.invisiblethings.org/2016/09/03/thoughts-about-orwl.html

Re:Nope.

[StefanC.]

If you are motivated to read the one side of the story, I want to invite you to read the other side too. Our update to Joanna's assessment. https://www.crowdsupply.com/de... Enjoy and be critical. While we put a lot of thought into this machine, we by no means pretend to have it all figured out. Community and collaboration will make this product better and will allow you to trust it, when it is all done.

Soldered RAM is pointless.

[drinkypoo]

If you imagine that the RAM can't be desoldered and powered at the same time, boy are you a sucker. Although, that's not how I'd do it. I'd paint all the contacts with that conductive epoxy that only conducts once you smash it, and jump off the top.

What is needed is encrypted RAM, and if you don't have that, you're not secure. Sorry!

Re:Soldered RAM is pointless.

[archi1]

Encrypted RAM is a question of OS. It really depends of how you configure the machine. The active shield on ORWL will prevent you to get to the RAM. As soon as the mesh is broken or the device opened, the PC is shut down and the SSD key is lost.

This --- bluetooth keyfob

You must look at the end to end implementation to determine vulnerabilities. Everything sounded good upto the point of bluetooth keyfob

Used One 55 Years Ago In Kindergarfen

[tmjva]

Chalk and black board in a sealed room Erase when done.