Slashdot Mirror

← Back to Stories (view on slashdot.org)

The World's Most Secure Home Computer Reaches Crowdfunding Goal (pcworld.com)

Posted by EditorDavid on from the hardened-hardware dept.

"If the PC is tampered with, it will trigger an alert and erase the PC's encryption key, making the data totally inaccessible." Last month Design SHIFT began crowdfunding an elaborate "open source, physically secure personal computer" named ORWL (after George Orwell). "Having exceeded its $25,000 funding goal on Crowd Supply, the super-secure PC is in production," reports PC World, in an article shared by Slashdot reader ogcricket about the device which tries to anticipate every possible attack: The encryption key to the drive is stored on a security microcontroller instead of the drive... The ORWL's makers say the wire mesh itself is constantly monitored... Any attempts to trick, bypass, or short the wire mesh will cause the encryption key to be deleted. The unit's security processor also monitors movement, and a user can select a setting that will wipe or lock down the PC's data if it is moved to another location... The RAM is soldered to the motherboard and can't be easily removed to be read elsewhere...

Your ORWL unlocks by using a secure NFC and Bluetooth LE keyfob. Pressing it against the top of the ORWL and entering a password authenticates the user. Once the user has been authenticated, Bluetooth LE is then ensures that the user is always nearby. Walk away, and the ORWL will lock.

89 of 126 comments (clear)

  1. ... formerly most secure computer by damn_registrars · · Score: 4, Insightful

    They can't really expect to hold on to that title when they are willing to send it out with Windows 10 preinstalled.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:... formerly most secure computer by blind+biker · · Score: 1

      Holy shit, they come with Windows 10? All the good will that the video I just saw generated in me, has been removed in one fell swoop. Screw Windows 10, screw Microsoft and screw any computer that comes with Windows 10 preinstalled.

      --
      "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
    2. Re:... formerly most secure computer by lgw · · Score: 2

      Does Ubuntu still send your local searches back to the mothership? Do we know what other lines they've crossed? I only feel secure about the BSDs these days.

      Anyway, we know there is NSA gear to deal with this: unless the keyboard is inside a Faraday cage, they can log your keystrokes. Unless the monitor is inside a Faraday cage, and you have no windows (or Windows) they can see your monitor. And Bluetooth? Forget about it.

      If any TLA is actually worried about these, they'll be intercepted in shipment (or maybe their parts will be before assembly) for pre-installation of gadgets.

      I applaud this effort, really, but it's just a start. Bruce Schneier has talked about this before: the only secure computer is a laptop you buy in person from a random store (and is of course fully encrypted), and that stays in a safe whenever it's not in line of sight. And even then - how good is that safe?

      --
      Socialism: a lie told by totalitarians and believed by fools.
    3. Re:... formerly most secure computer by damn_registrars · · Score: 1

      To be fair, they offer it with multiple OS choices; Windows 10 just happens to be one of them. You can opt for a less-terribly-insecure OS if you want. I just find it comical that they present it as secure when Windows 10 is an option - particularly considering how many Windows users are always logging in as administrator (admittedly some without even realizing it).

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    4. Re:... formerly most secure computer by Orgasmatron · · Score: 3, Informative

      The headline is crap. The linked article is better, and the wiki has more details. This is a physically secure computer, not generally. The goal is that when you unlock it, it should either be in the same state it was in when you locked it earlier, or it should be obvious to you that it is not.

      It has no ethernet or wifi (nor, for that matter any busses capable of reading memory by DMA), but you can add them with USB3, which gets disconnected when you lock it. The case is designed with very little room between the security shell and the glass or plastic case, making it very difficult to add things without you noticing. Opening the secure shell inside wipes the drive encryption keys, so you'll notice if someone does that. And when you first get it, you can open it up to inspect the insides to make sure that nothing was added before it gets to you.

      This would be ideal for running a small Certification Authority, for example. The signing key would be well protected inside the shell without you having to wear it on a USB stick around your neck for the rest of your life. Ditto a bitcoin wallet.

      But it isn't, nor was it intended to, let you run Windows fresh off the DVD while you browse porn sites in IE and download warez off of shady torrent sites without antivirus.

      --
      See that "Preview" button?
    5. Re:... formerly most secure computer by lgw · · Score: 2

      Well, maybe I can buy their "99.9%" secure - it'll be safe from the neighbor's kid, I guess. Seems like they're trying to make something FIPS 140-2 level 3, but without certification it's just another homebrewed security device, and those have a very poor history of actual security.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    6. Re:... formerly most secure computer by K.+S.+Kyosuke · · Score: 1

      I bet a Raspberry Pi with some obscure BSD mutation would be safer, and for much less money, too.

      --
      Ezekiel 23:20
    7. Re:... formerly most secure computer by unixisc · · Score: 1

      Does this computer have the option of PC-BS... er, TrueOS?

    8. Re:... formerly most secure computer by im_thatoneguy · · Score: 1

      I don't see how this would protect a bitcoin wallet since it would self destruct taking all of your money with it. I guess if you had redundant systems spread all over the place it would be ok but it's hard to maintain an offsite system and keep it powered and running perfectly.

    9. Re: ... formerly most secure computer by Anonymous Coward · · Score: 1

      What are you talking about?!?! Windows 10 is the MOST secure OS to date. If any hacker breaches your system he or she is bound to commit suicide within 2 minutes of using its ass ugly GUI.

    10. Re: ... formerly most secure computer by archi1 · · Score: 1

      You can select QubesOS too or Ubuntu.

    11. Re:... formerly most secure computer by geekmux · · Score: 1

      They can't really expect to hold on to that title when they are willing to send it out with Windows 10 preinstalled.

      Agreed.

      Building the world's strongest front door is an exercise in futility when you leave the fucking Window open.

      Literally.

    12. Re:... formerly most secure computer by mlts · · Score: 1

      At least it can ship with Ubuntu by default. If W10 is needed, it can be run under VMWare, VirtualBox, or one's virtualization utility of choice. That way, Windows 10 can be run, but it is isolated from the hardware.

      As for options, I would go with the M7, 480GB SSD, and glass case. One can't argue with a beefier CPU (assuming cooling isn't an issue), and more disk space. The glass case is useful for tamper resistance.

      My only wish is if the device had a port for a Kensington lock slot, with some mechanism to zero out keys if someone yanked out something out of the slot by force.

      Of course, there is blue-sky stuff. For example, a S/PDIF port that would be used with a fiber optic cable as a tether. If the S/PDIF port got unplugged or the fiber optic cable got cut, the keys would be zapped. This would provide extreme security, with the only way to get around it is to destroy what the fiber optic cable was looped around.

    13. Re:... formerly most secure computer by archi1 · · Score: 1

      does not compare in performances. This is much much more powerful. 4k video, Wifi AC dual band, full x86 compatibility, SSD drive... check the spec this is another level of performances. Product spec and datasheet are here : https://www.orwl.org/wiki/inde...

    14. Re:... formerly most secure computer by Orgasmatron · · Score: 1

      Since bitcoin is irrevokable, it couldn't be the sole copy of any keys in use. You would still need to either print/burn copies of the keys generated inside it for secure storage, or you'd need to generate them elsewhere and import them.

      The advantage here is that you'd only need to do that once per tamper, instead of every time you wanted to use it.

      The keys to the root CA certificate in my other example might be like that too, or it might not, depending on how hard it is for you to push out new certs. A small system, like for my home, would be fine. I'd never back those up, because it would be trivial to recreate my root, install it in my clients, then generate new client certs. A global enterprise with branches on 4 continents? I'd plug in a printer and make backups.

      My employer is in between those. I'm probably going to order two for playing around just as soon as it shows up in the inventory of a distributor willing to sell them to me net-35 on a purchase order.

      --
      See that "Preview" button?
    15. Re:... formerly most secure computer by arglebargle_xiv · · Score: 1

      One thing I'm puzzled about is how they're going to build this for $25K in funding. I've worked on highly-secure computing devices and $25K was the down payment on the FIPS eval, not the development budget. OK, I realise FIPS is a waste of money so it doesn't make for a good benchmark, but you still can't get much engineering out of $25K, particularly not the specialised stuff they're doing.

    16. Re:... formerly most secure computer by geekmux · · Score: 1

      You can select the OS of your choice or build your own system. This device brings a TONS of Hardware security. You need secure HW to run and trust the SW above or you have no guarantee your system has not been changed. Memory dump, BIOS attack, USB key... its all open on any other machine.

      Great. So this device will help protect the 0.001% of information that is stolen today from a local attack on the hardware.

      In the meantime, that great sucking sound coming from the very network people will expect to "securely" connect to is still sucking.

      Does this hardware have an application? Sure. In the basement of a three-letter agency, offline and behind a shitload of other physical security.

    17. Re:... formerly most secure computer by StefanC. · · Score: 1

      To clarify, ORWL has WiFi and Bluetooth connectivity that is accessible to the OS, Ethernet you can get through RJ-45. There is NFC and another BT available only to the secure element for authentication purposes. Out of Box, you will need to go through 1st authorization process, that verifies that the device has not been tampered with and you receive what we sent. Exactly.

    18. Re:... formerly most secure computer by StefanC. · · Score: 1

      We are planning for FIPS review and have gone through the 1st review process with Penumbra already. Collecting their inputs and tweaking the design.

    19. Re:... formerly most secure computer by StefanC. · · Score: 1

      Need to clarify! >>a setting that will wipe or lock down the PC's data if it is moved to another location... So, if there's a bug in the security program, or in the operating system, or in the sensors, it wipes your data. >> I think there is a misunderstanding in which events trigger a loss of all SSD data. any tampering with the device HW, like drilling the protective shell (not the glass), prying the shells off the PCB, freezing the pcb+components, the backup battery runs low on juice (after ~6months without power connection) If the device is moved while the KeyFOB is out of range, the device will shut down but not wipe your data. It's nothing but a forced shut down

    20. Re:... formerly most secure computer by Reziac · · Score: 1

      Friend's dad worked for NASA and his offsite PC was the Cold War version of this gadget: a laptop with RAM but no HD, everything loaded from tape every day. Idea was if it got lost or stolen, there was no data left.

      --
      ~REZ~ #43301. Who'd fake being me anyway?
    21. Re:... formerly most secure computer by Orgasmatron · · Score: 1

      Sorry, I must've missed those on the specs. I see the wifi now, on the electrical design page, but still don't see ethernet.

      --
      See that "Preview" button?
    22. Re:... formerly most secure computer by lgw · · Score: 1

      It will do wonders for credibility, as well as making it clear to the knowledgeable what the point of the device is.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    23. Re:... formerly most secure computer by StefanC. · · Score: 1

      You are correct, It will take much more that $25k to get all this done, it took much more than that to get to where we are today. We have working prototypes today that we use to finish the development. The Crowd Supply campaign for us is to get attention and get a number of devices into peoples hands, to play and develop on them before anyone else at a lower cost than retail later.

    24. Re:... formerly most secure computer by lgw · · Score: 1

      That's a whole lot of words to sort-of say "FIPS 140.2 level 3". It's supposed to be tamper-proof, at least for physical attacks (really, only the key store is of concern). That's an avenue of attack that concerns some people. It's not particularly secure against other areas of attack, but that's (possibly) OK if it's clear what the point is.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    25. Re:... formerly most secure computer by K.+S.+Kyosuke · · Score: 1

      Have you ever heard of the law of diminishing returns? What do you achieve with 40 GIPS in personal computing that you can't achieve with 10 GIPS? Now it would be nice to have, say, something A73-based with better IO, but hardly at the cost of making the system as baroque as the current PC world is. Security-wise, that's a disaster.

      --
      Ezekiel 23:20
    26. Re:... formerly most secure computer by arglebargle_xiv · · Score: 1

      Oh cool, a developer. Do you have a means for people to submit what-about-X attack questions? Your Security section is a bit too incomplete for me :-). For example it looks like the tamper mesh only covers the two shells that surround the circuit board, what if I penetrate the side of the circuit board, inject PU foam under pressure to lock the switches, and then separate the halves? What if I use a targeted magnetic field to lock the switches? What if I use oil-well perforators to knock out the switches, or disconnect power/signal lines to tamper-responding circuitry? etc.

    27. Re: ... formerly most secure computer by Maritz · · Score: 1

      Not shiny enough? Like your gradients do you? ;)

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  2. Earthquake by fox171171 · · Score: 1, Funny

    The unit's security processor also monitors movement, and a user can select a setting that will wipe or lock down the PC's data if it is moved to another location...

    Might want to set it to be fairly insensitive if you live in an area likely to have earthquakes.

    1. Re: Earthquake by I'm+New+Around+Here · · Score: 1

      One of my customers lost a system that his cat pushed off the shelf it was on. The shelf was the top of the computer hutch in his office.

      Lesson learned, tower computers tip over too easily.

      --
      If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
    2. Re: Earthquake by Hognoxious · · Score: 1

      Alternative hypothesis: it's fucking difficult to fall off the floor.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  3. But can it handle DOS attacks? by Vlad_the_Inhaler · · Score: 1, Insightful

    What is the market for this?

    --
    Mielipiteet omiani - Opinions personal, facts suspect.
    1. Re:But can it handle DOS attacks? by Anonymous Coward · · Score: 1

      Up to DOS 6.22.

    2. Re:But can it handle DOS attacks? by BarbaraHudson · · Score: 1
      This is marketed to paranoid dummies who don't realize that they will irrevocably lose all their data if someone chills it with a spray can of freon. Or stick it in the office freezer.

      The microcontroller in the ORWL monitors temperatures and any drastic change can trigger an alert and nuke the encryption key.

      Or just microwave it. That should really go over well with the mesh screen. Also, powering down the USB ports isn't going to save the machine - a good wack of 120v will fry the port anyway, and again, the machine will go "omg - time to self destruct."

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    3. Re:But can it handle DOS attacks? by bagofbeans · · Score: 1

      So anyone actually using this for real work will need a script backing up data every 10 second to somewhere... insecure. I remain uninspired by the product definition.

    4. Re:But can it handle DOS attacks? by Jeremi · · Score: 1

      Aw, c'mon, you're not being nearly cynical enough. This is actually an NSA/KGB/TLA/Illuminati honeypot -- they fund this, market it, see who buys one, then they know who to watch in the future. If they can sneak some actual backdoors into it, so much the better, but even if they don't, it's served its purpose.

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
  4. Re:Marketing Security is EASY! by Computershack · · Score: 1

    * don't run Windows or OSX

    Or Linux or Unix as both of those have exploits both local and remote as well. Might get away with BeOS if you're wanting something with a GUI but as its over a decade and a half old hardware support may be an issue.

    --
    I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
  5. Most secure? by YrWrstNtmr · · Score: 1

    The VIC-20 in a box in my garage.
    And yes, it actually still works.

    1. Re:Most secure? by zenlessyank · · Score: 1

      No one should need more than 5k RAM.

    2. Re:Most secure? by AJWM · · Score: 1

      Well, 3.5k if you were using BASIC.

      But you could get an expansion memory cartridge (fit the same slot as the game cartridge). I got an 8 k one and soldered in 4 more 2k (static) RAM chips to bring it up to 16k. Luxury!

      --
      -- Alastair
    3. Re:Most secure? by zenlessyank · · Score: 1

      I'm a young whippersnapper so the C-64 is what I had 1st. I wondered what the actual available RAM was on those things. My Commodore had 38k available using BASIC. I always felt like the VIC-20 guys got screwed over by not waiting on the C-64 but no one can tell the future.

  6. One problem with this computer by the_humeister · · Score: 2

    It's using Intel's Skylake processor. That requires a chipset that has IME on it, unless they were able to strike a deal with Intel and make their own chipset without IME, which is not likely.

    1. Re:One problem with this computer by AHuxley · · Score: 1

      Thats why projects like the Lemote Yeeloong laptop got interest. Been understood down to the hardware level was very important e.g. building on a a free software boot loader.
      Free software laptops (Dec 18, 2009)
      https://www.fsf.org/bulletin/2...

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:One problem with this computer by AmiMoJo · · Score: 1

      The IME can only be accessed via Ethernet or USB. It doesn't have the former and the latter is physically disabled (data lines disconnected) when the machine is locked. So there is no way to exploit the IME externally.

      Software security is your own problem and outside the scope of what they are doing, but no one is forcing you to connect it to the network.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  7. Interesting concept, but... by Striek · · Score: 5, Insightful

    It's an interesting concept, but it goes too far... it would be trivially easy to have this thing delete the encryption key - just shake it around a bit and it, and all its data, become useless. The risk of data loss when using this "secure" computer would be so high, even by accident, that you'd need a backup close by somewhere.

    So anytime someone is seen with a computer this secure, just target their backups instead. Considering the relatively high likelihood of accidntal erasure, they're sure to have them.

    Besides, although the data stored on this is extremely secure, it isn't very available. It's opens up a huge attack surface by making it far to easy to destroy the data on this thing, limiting its effectiveness and market considerably.

    --
    "Government is like fire; a handy servant, but a dangerous master." -- George Washington
    1. Re:Interesting concept, but... by Striek · · Score: 1

      And hell, you don't even need an evil maid to ruin your day. You turn that setting on, and then a maid picks the thing up to dust the desk. Poof!

      --
      "Government is like fire; a handy servant, but a dangerous master." -- George Washington
    2. Re:Interesting concept, but... by SensitiveMale · · Score: 2

      So anytime someone is seen with a computer this secure, just target their backups instead. Considering the relatively high likelihood of accidntal erasure, they're sure to have them.

      The classic example is the bank with impenetrable security. Just kidnap the manager's daughter and you have free access everywhere in the bank. There's always another way.

    3. Re: Interesting concept, but... by Lussarn · · Score: 1

      I have used this computer for weeks without any problems whatsoever. I wouldn't worry one bit about data loss. Mark my wor#$Ã(+#NO CARRIER

    4. Re:Interesting concept, but... by StefanC. · · Score: 1

      I think there is a misunderstanding in which events trigger a loss of all SSD data. any tampering with the device HW, like drilling the protective shell (not the glass), prying the shells off the PCB, freezing the pcb+components, the backup battery runs low on juice (after ~6months without power connection) If the device is moved while the KeyFOB is out of range, the device will shut down but not wipe your data. It's nothing but a forced shut down.

  8. vectors. by Anonymous Coward · · Score: 1

    the nfc controller, the bluetooth controller. that is assuming nothing is plugged into it. and don't even get me started on intel chips.

    How is physical security important, when the device is practically made out of NDA's, undocumented API's and chips with un-auditable encrypted firmware?

  9. "Any attempts...will cause" by YrWrstNtmr · · Score: 1

    So I can brick your drive by attempting to connect via bluetooth? Cool!

  10. Why would you want one again? by mschuyler · · Score: 1

    This computer is SO SECURE that if you make one tiny mistake, like walking away from it, it will be secure FROM YOU! You can't move it. You can't move from it. If you screw up just once a tiny bit, then you are definitely screwed. I'm all for a good dose of paranoia to keep you vigilant and all that, but I'd be scared to use this thing.

    --
    How about a moderation of -1 pedantic.
    1. Re:Why would you want one again? by mark-t · · Score: 1

      Indeed... because of all of the precautions it employs in the so-called interests to "protect" your data, it seems like the only thing this would be good for having on it is content that you don't care if you lose... and if that is the case, it is unlikely anyone else would be interested in trying to attack it in the first place.

      --
      File under 'M' for 'Manic ranting'
    2. Re: Why would you want one again? by archi1 · · Score: 1

      He range before the device locks is about 30 feet. (10m) plenty to move around.

  11. Re:Marketing Security is EASY! by Raenex · · Score: 1

    Might get away with BeOS

    Security by obscurity. Nobody bothers looking for exploits in unused operating systems.

  12. I commented on this on the red site... by Anonymous Coward · · Score: 2, Insightful

    While all the *PHYSICAL* technical measures are excellent, they make a gross presumption about the security of the electronics inside. Electronics which are running firmware which due to the lack of public scrutiny and method of replacement could easily be used to backdoor this device and exfiltrate the security keys and/or believed secure data from the device whether or not the device was authenticated, or be used to disable the aforementioned security measures before they could inactive the contents of the device.

    Personally, any device with wireless capabilities built in I consider suspect. Anything with USB or another hotplug bus I consider infiltratable with limited physical access. Anything connected to a network I consider compromisable with sufficient knowledge of the hardware and operating system.

    If you want a device with the level of security this device claims, today you would need essentially custom chips all the way up, and designed with e-fuse (or worm) memory built into the chip and/or package that either you, or your organization programmed. Furthermore in the event of device compromise it would need the capability to blow all remaining fuses to wipe the in-chip keys and enough residual charge to similiarly wipe or corrupt all other flash devices inside (hard disks by nature of their io speed could not be done like this, but everything up to a terabyte SSD should be capable of wiping within a minute. Larger devices could simply have patterned wipes done to ensure not enough blocks were recoverable to ensure decryption.

    1. Re:I commented on this on the red site... by archi1 · · Score: 1

      WiFi can be disabled. Also you can use Qubes OS and configure VM to protect each resources of the PC. You don't need a custom chip. check the update they posted https://www.crowdsupply.com/de... there is a lot of details.

  13. O rly? by InfiniteZero · · Score: 1

    "Sensations and feelings", really?? Nothing wrong with them and we all have them, but they are almost the antithesis of "intellectual capacity". Also, the all lower-case sentences really don't help, especially when complaining about teenagers. The irony...

    1. Re:O rly? by Ol+Olsoc · · Score: 1

      Also, the all lower-case sentences really don't help, especially when complaining about teenagers. The irony...

      Hey! it took us years to teach him to not use all caps!

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  14. Re:slashdot by mark-t · · Score: 1

    I have a problem with your post.

    If you have horse-drawn buggy traffic, then you are living in a time before computers, and would not be able to nostalgically reflect on the days of bbsing of yore, let alone slashdot's better days.

    Have some goddamn continuity, man.

    --
    File under 'M' for 'Manic ranting'
  15. Re:slashdot by BarbaraHudson · · Score: 1

    Well, you sure must like slashdot enough to keep shit-posting this same comment in different threads.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  16. Re:slashdot by InfiniteZero · · Score: 1

    To continue on my previous post... It's a relevant and fun article. I clicked it and expected the Slashdot audience to tear the whole concept apart from the technical standpoint, and was not disappointed.

  17. Perhaps they could learn something from... by Xenna · · Score: 3, Interesting

    The world's most secure bomb:

    https://en.wikipedia.org/wiki/...

    A virtually tamper-proof bomb used to extort $3 million from a casino. It could not be moved. The FBI tried to disable it with a shaped charge but failed and blew up the hotel.

    1. Re:Perhaps they could learn something from... by mark-t · · Score: 1

      Wow.... I hadn't heard of that before. Did insurance cover the damages, or was the owner basically fucked?

      --
      File under 'M' for 'Manic ranting'
    2. Re:Perhaps they could learn something from... by Xenna · · Score: 1

      I don't know really, but I think a business would normally be insured against damage from fires or explosions, but probably not against extortion damage.

      So perhaps the choice to let the FBI guys have a try was actually a sound business decision ;-)

  18. External power adapter connects to usb? by Joe_Dragon · · Score: 1

    Why not have a power only port?

    and no e-net with only 2 usb ports?

  19. Obligatory xkcd by 93+Escort+Wagon · · Score: 1, Interesting

    I'm not a huge xkcd fan, but I can't believe no one has brought up this one - it's quite literally the first thing I thought of while reading the description of this silly computer.

    The context is pretty much identical.

    --
    #DeleteChrome
    1. Re:Obligatory xkcd by Shane_Optima · · Score: 1

      Nice try but, I have to say that's a fairly poor XKCD and a mediocre invocation.

      XKCD didn't invent the concept of the rubber hose cryptographic attack (or wrench variant) and he rather bungles the joke by the RSA reference. No one uses RSA for full disk encryption. He's also overlooking the multiple cryptographic solutions (most famously, the overrated but noob-friendly Truecrypt) that used multiple nested containers so that (if you set it up properly) the attacker can't know whether you've decrypted the "real" container or not. Other comic writers might get a pass for this laziness, but not Munroe.

      All that said, although I think this device is pretty damn impractical and I'm not certain what the target market is (uhhh.... Silk Road 3.0 operators? Rich people who really, REALLY don't trust their evil maids?), it does seems like it's a pretty good defense against the torture attack. Unless your attacker knows in advance you're using one of these, he's most likely going to trigger it before he gets around to torturing you for the passphrase.

  20. Re:Marketing Security is EASY! by Scarletdown · · Score: 1

    Does the Timex-Sinclair 1000 that I have sitting in one of my "stuff boxes" count as most secure computer? It is just the console by itself. No RAM expansion module, cassette interface cable, or even power supply at the moment. Don't think a computer can get any more secure than that.

    --
    This space unintentionally left blank.
  21. Re:slashdot by Scarletdown · · Score: 1

    I have a problem with your post.

    If you have horse-drawn buggy traffic, then you are living in a time before computers, and would not be able to nostalgically reflect on the days of bbsing of yore, let alone slashdot's better days.

    If you have horse drawn buggy traffic, there is a good chance you live in an area with a lot of Amish. And last I checked, our Amish communities still live in the 21st Century. If you are not Amish but are living among them, you can still fully take advantage of the modern conveniences and technologies we have here in the future.

    --
    This space unintentionally left blank.
  22. Security: GOOD, Vandalproof: ZERO by petes_PoV · · Score: 1
    The other side of corporate espionage is denying a company access to its own databases, research, customer lists, ledgers and everything else that is required to keep a company going.

    While this device is very good at preventing other people fromgetting that data, it's the worst design possible for preserving it in the face of adversity. All that a bad person would have to do to put you out of business, if you relied on this device, is to say "Boo!" and all your data disappears.

    Of course, if you have a backup then that has to be at the same level of "security" as this PC or it becomes the weakest link. Instead it's the most breakable link - which is merely another form of weakness. The same goes for restoring all your lost data: if you rebuild the lost data from across a network connection, that has to be untappable, too. I don't think the people who built this have thought it through properly.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  23. Re:slashdot by mark-t · · Score: 1

    Oh... my bad. Good call.

    --
    File under 'M' for 'Manic ranting'
  24. Re:Marketing Security is EASY! by lgw · · Score: 1

    * are locked in a gun safe when not being used.

    There's your flaw. They've already had keyloggers added. Did you really think your gun safe was tamper-evident against an advance persistent threat?

    --
    Socialism: a lie told by totalitarians and believed by fools.
  25. 3.5" hard drive filled with Thermite by Ransak · · Score: 1

    Realistically all one would need is a 3.5" hard drive with the guts replaced by Thermite. Installed above the storage medium and RAM and wired to a pressure switch so when the PC is lifted it ignites, it's hard to see how this can be countered unless the ne'er-do-wells know about it ahead of time. And it's cheap.

    --
    "Powers. I have them."
    1. Re:3.5" hard drive filled with Thermite by petes_PoV · · Score: 1
      I would like to see your fire insurance claim after you admitted to bringing a bomb into your house.

      Pyrotechnics look impressive in bad films, but in real life? hardly.

      --
      politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    2. Re: 3.5" hard drive filled with Thermite by Ransak · · Score: 1

      Thermite isn't explosive on its own, it's just a high temperature redox reaction. Arson would probably stick in court if it were law enforcement attempting to seize it, along with at a minimum destruction of evidence and some type of assault charge. But the data is destroyed and it's low cost and low tech. Putting the whole thing in a fireproof enclosure (a safe, concrete/center blocks, etc) and it lowers the odds of torching the average house; depending on the person and the data that might be an acceptable compromise.

      --
      "Powers. I have them."
    3. Re: 3.5" hard drive filled with Thermite by Ransak · · Score: 1

      I have read a brief article on it but I haven't watched a video of the talk. I'd sincerely like to know the details of why it wouldn't work, such as the type of oxidizer used, stoichiometry of the reaction tested, etc. as this idea is not new and it's been tested and shown to, with the right ratio of chemicals, turn the hard drive bays and anything in them to slag. I'll look for the article and reply to this post with it if someone is interested, or if someone kindly posts the Defcon talk refuting this method.

      --
      "Powers. I have them."
  26. Overkill by ElectricHellKnight · · Score: 1

    I know I will likely take a lot of flak for this, but what is the real, practical use for a device like this? I'm not even trying to be sarcastic, can somebody please explain it to me?

    Buying one of these will do little more besides possibly get you put on some sort of watch list, if the NSA even cares enough about you to do so. Just simply carry your private data on a flash drive that stays on your person, and only plug it into a special system that is offline, running a live OS with no data saved to the hard drive.

    If you get captured by the government goons, snap it in half, swallow it, whatever. And buying a flash drive isn't considered suspicious, unlike buying one of these. If they're going to such great lengths to get to you, you're fucked anyway. At that point, you might as well hole up in your basement with a gun pointed at the door, anything less will not suffice.

    1. Re:Overkill by archi1 · · Score: 1

      Carrying a flash drive is really not safe and certainly not protected from reading later. Even if tampered. The point of ORWL is to provide dual factor authentication as well as tamper proof. So YOU only can access the data and always know the computer is 'safe' to use, including FW, BIOS and other HW element have not been modified without your knowledge

  27. Re:Marketing Security is EASY! by Alypius · · Score: 1

    Yep, just like my Apple //c that's been in the closet for 30 years!

  28. Already possible by Tolvor · · Score: 1

    Having good system security is already possible. It just requires good software and good security practices.

    First get some really good encryption software that can be trusted (no, Microsoft's (aka 'Apple should have weak encryption and build in back doors') BitLocker is *not* trustworthy). BestCrypt or DriveCrypt Plus Pack both seem reliable and better still neither are based in United States.

    Good security practices includes having a kill key that will wipe the internal memory where the key is kept, which also wipes the operating system in memory also which crashes the computer. Hit the kill key and everything locks. Good security is the drive automatically dismounts after a set timeout period of no activity. Good security is a strong password. To over-simplify a Bruce Schneider article a key-character only gives 2 bits of entropy. A good starting place for strong drive passwords is 50 characters.

    Be careful about physical security. I forget who, but the FBI wanted to get into the computer of a mobster, and the computer had a strong password. They got a secret warrant and installed a dongle on the computer which recorded keystrokes. Now days they can replace keyboards and computer mouse with look-a likes that have built in key recorders. Watch your ports and beware odd hardware. Watch out for mini-cameras that can be installed and watching your keyboard.

    Be careful about online security. As Snowden pointed out the NSA does have a wide array of software to hack into peoples computers. Don't install untrusted software. Don't accept dodgy links sent to you to visit. Do use some really good VPN software (it doesn't hide you perfectly but it does make it much harder for the NSA). Install virtual systems (ex VMWare Workstation) on your computer and work on really sensitive projects in there. Use an air-gapped computer that no access to the internet, Wifi, or internal network.

    Having a system with a hair-trigger vibration guard and a wire cage drive enclosure is good but misses the point. The weakest link to security is usually the person behind the keyboard.

  29. Single point failure by Geoffrey.landis · · Score: 1

    Uh, nobody else sees this as a series of single point failures queued up to happen?

    If the PC is tampered with, it will trigger an alert and erase the PC's encryption key, making the data totally inaccessible."...

    Any attempts to trick, bypass, or short the wire mesh will cause the encryption key to be deleted....

    ... a setting that will wipe or lock down the PC's data if it is moved to another location...

    So, if there's a bug in the security program, or in the operating system, or in the sensors, it wipes your data.

    --
    http://www.geoffreylandis.com
  30. Re: Ram is volitile by archi1 · · Score: 1

    The secure controller on the board monitor the temperature and physical integrity. It will shut down and wipe the key if frozen or opened. see here https://www.crowdsupply.com/de...

  31. Re:Marketing Security is EASY! by khallow · · Score: 1

    Does the Timex-Sinclair 1000 that I have sitting in one of my "stuff boxes" count as most secure computer?

    As long as you never power it on, you should be safe.

  32. Soldered RAM is pointless. by drinkypoo · · Score: 1

    If you imagine that the RAM can't be desoldered and powered at the same time, boy are you a sucker. Although, that's not how I'd do it. I'd paint all the contacts with that conductive epoxy that only conducts once you smash it, and jump off the top.

    What is needed is encrypted RAM, and if you don't have that, you're not secure. Sorry!

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Soldered RAM is pointless. by archi1 · · Score: 1

      Encrypted RAM is a question of OS. It really depends of how you configure the machine. The active shield on ORWL will prevent you to get to the RAM. As soon as the mesh is broken or the device opened, the PC is shut down and the SSD key is lost.

  33. Used One 55 Years Ago In Kindergarfen by tmjva · · Score: 1

    Chalk and black board in a sealed room Erase when done.

    --
    Tracy Johnson
    Old fashioned text games hosted below:
    http://empire.openmpe.com/
    BT
  34. Re:Nope. by StefanC. · · Score: 1

    If you are motivated to read the one side of the story, I want to invite you to read the other side too. Our update to Joanna's assessment. https://www.crowdsupply.com/de... Enjoy and be critical. While we put a lot of thought into this machine, we by no means pretend to have it all figured out. Community and collaboration will make this product better and will allow you to trust it, when it is all done.

  35. Re:Marketing Security is EASY! by Maritz · · Score: 1

    Your computers don't do anything. Well done. I have an exceptionally secure lump of coal here.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.