On 23/06/2011 23:35, Orna Agmon Ben-Yehuda wrote:
Hello all security experts,
I would like to export data from a machine on a business's internal
network on a safe media, such that only the files I want exported are on
the media. Specifically, I consider the possibility that the machine may
already be infected by a malware which adds business-sensitive data to
all outgoing media, and would like to defend against such a theoretical
malware. The question may be limited to text files.
Things already considered:
*The media is a CD, which will be written and then finalized. No USB
devices.
*An artificial file will be added to the data file, to fill the media as
much as possible. This, however, leaves a part of the disk capacity
unused - the part used for the structure table (what used to be FAT),
which is a place where additional data can hide.
*The CD will be read in two different machines, with two different
operating systems. One of the systems will be a bootable linux disk, to
preserve its (hopefully) initial not-infected status. The listing of
files will be performed including hidden files (ls -la in Linux). The
person who wrote the files will read them, to verify they contain the
correct information.
Questions:
What else should I do?
What about a malware compressing the data, using the extra space for
additional data?
If I compress the data to avoid further compression, how can the person
verify it contains exactly what it should?
What can I not defend against?
Are such malware as I imagine known? For Linux? Windows?
Thanks for considering the problem,
--
Orna Agmon Ben-Yehuda.
http://ladypine.org
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
You describe a completely untrusted system.
Print the documents, seriously.
Convert them back to digital media by OCR or just re-typing.
Counting words, computing "correct" size - all can be compromised
by infected file system.
If you can verify the original files on the source machine then
the problem is solvable - take the disk, physically, to a safe machine.
Don't mount it remotely.
--
Moish
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
