You are reading a single comment by @Velocio and its replies. Click here to read the full conversation.
  • Oh, and if you're wondering whether air gapping always makes security work easy... nope. Sometimes malware communicates via the microphone and speaker! Or by ambient light sensors. But it pushes the class of malware firmly into state actor territory. Additionally there's always the Stuxnet "let's load a USB file with the virus" method, etc, or "let's infect the BIOS or something low level and then infect USB devices which carry it elsewhere" and so on.

    Air gapping isn't perfect from a security perspective. Clean devices, working in clean rooms, and investigating the virus from first principles is the way to go here.

  • Sometimes malware communicates via the microphone and speaker! Or by ambient light sensors. But it pushes the class of malware firmly into state actor territory

    If anyone fancies a wiki dive, check out TEMPEST hardening, which is the NATO standard for computational equipment to resist penetration. Phreaking is a particularly good example of the ingenuity of people who steal other people’s info for a living, on behalf of a government.

  • When we need to send a malware sample from one person to another we can’t use a work system as it’ll be identified and quarantined. This can’t be turned off, and works across every platform that we could use to share a file that is provided by work. So we use Gmail to email it, which works fine.

About

Avatar for Velocio @Velocio started