Floppy disks more secure? (Score: 1) by tanuki64@pipedot.org on 2015-10-11 11:51 (#Q4S7) The security of this outmoded technology was difficult to replicate with modern materials.This I don't understand. In what way are floppy disks more reliable? Sure, everything is bigger on a 8-inch floppy disks. You probably can see individual bits with a magnifying glass <---- slight exaggeration, I know. But does this really matter? A floppy contains data. In really mission-critical environments I certainly would not rely alone on what data I get from some hardware... regardless of new or old hardware. And exactly for this reason all kinds of techniques like checksums were invented to detect data corruptions.My guess is that old floppy drives might be more resistant against EMPs. But then... perhaps someone should tell them about punch tapes. Even more secure. Can even be read manually in case of an emergency. Re: Floppy disks more secure? (Score: 2, Insightful) by evilviper@pipedot.org on 2015-10-11 14:03 (#Q51C) I assume they're talking about sneakernet, in general, being more secure than any kind of live data connection. The critical system can be completely isolated.Punch-cards may have too-little capacity to be practical (otherwise, they could just write it out) and I know the card reader is much more elaborate and prone to mechanical failures than a floppy drive. EMP isnt likely a big concern, as they're already shielded and sheltered deep undeground.And finally:"The disks also have a built-in protection against portable-storage attacks like Stuxnet, which was introduced to Iran's Natanz nuclear plant via a thumb drive, since the disks don't have nearly enough space to hold such a sophisticated piece of malware." Re: Floppy disks more secure? (Score: 1) by tanuki64@pipedot.org on 2015-10-11 15:34 (#Q56V) I assume they're talking about sneakernet, in general, being more secure than any kind of live data connection. The critical system can be completely isolated.Critical systems can also be completely isolated when thumb dives are used.Punch-cards may have too-little capacity to be practicalAccording to Google such an 8" floppy has a capacity of 80kb to 1024kb. Punch tapes should in theory have an unlimited capacity.The disks also have a built-in protection against portable-storage attacks like Stuxnet,Sounds convincing... at first glance. But it is not that they downgraded their modern technology with 8" floppies after Stuxnet. If this really was the reason to keep the old tech, for the first time people had a foresight, which I would call superhuman. The 5 1/4" disks came out 1978. They were more stable and convenient than the 8" disk. 1982 the even more stable 3-1/2" disk was introduced. What kept them from using those? Do you really think that 1982 someone was able to anticipate Stuxnet? Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-11 17:04 (#Q5CN) Critical systems can also be completely isolated when thumb dives are used.You should at least have said CDs/DVDs or other similar data-only media. Thumb drives are HORRIBLE for security. The protocol is extremely complex, perfect for innumerable types of exploitation. A thumb drive could easily be an input device, keylogger, etc., instead of a dumb storage device:http://www.thice.nl/hide-your-data-in-plain-sight-usb-hardware-hiding/http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongleIt could cause electrical damage to connected systems:http://kukuruku.co/hub/diy/usb-killerIt can have bad firmware that causes subtle corruption: http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/etc. Punch tapes should in theory have an unlimited capacity.I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape. Floppies are incredibly convenient and extremely durable by comparison to paper tape. And what about very high-humidity?Do you really think that 1982 someone was able to anticipate Stuxnet?No, it was a happy accident that not upgrading provided some benefits, but it is a benefit just the same. Re: Floppy disks more secure? (Score: 0) by Anonymous Coward on 2015-10-12 19:14 (#Q8WJ) I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape.Two words: mylar tape Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-12 22:23 (#Q9BD) Mylar seems strong, until it gets nicked... One tiny little puncture, and the tear will propagate wildly, basically shredding. Even if you eliminated material strength concerns, it's still a huge step backwards. Hard to believe someone found some way to make 8" floppies sound like a technically superior and more convenient option...
Re: Floppy disks more secure? (Score: 2, Insightful) by evilviper@pipedot.org on 2015-10-11 14:03 (#Q51C) I assume they're talking about sneakernet, in general, being more secure than any kind of live data connection. The critical system can be completely isolated.Punch-cards may have too-little capacity to be practical (otherwise, they could just write it out) and I know the card reader is much more elaborate and prone to mechanical failures than a floppy drive. EMP isnt likely a big concern, as they're already shielded and sheltered deep undeground.And finally:"The disks also have a built-in protection against portable-storage attacks like Stuxnet, which was introduced to Iran's Natanz nuclear plant via a thumb drive, since the disks don't have nearly enough space to hold such a sophisticated piece of malware." Re: Floppy disks more secure? (Score: 1) by tanuki64@pipedot.org on 2015-10-11 15:34 (#Q56V) I assume they're talking about sneakernet, in general, being more secure than any kind of live data connection. The critical system can be completely isolated.Critical systems can also be completely isolated when thumb dives are used.Punch-cards may have too-little capacity to be practicalAccording to Google such an 8" floppy has a capacity of 80kb to 1024kb. Punch tapes should in theory have an unlimited capacity.The disks also have a built-in protection against portable-storage attacks like Stuxnet,Sounds convincing... at first glance. But it is not that they downgraded their modern technology with 8" floppies after Stuxnet. If this really was the reason to keep the old tech, for the first time people had a foresight, which I would call superhuman. The 5 1/4" disks came out 1978. They were more stable and convenient than the 8" disk. 1982 the even more stable 3-1/2" disk was introduced. What kept them from using those? Do you really think that 1982 someone was able to anticipate Stuxnet? Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-11 17:04 (#Q5CN) Critical systems can also be completely isolated when thumb dives are used.You should at least have said CDs/DVDs or other similar data-only media. Thumb drives are HORRIBLE for security. The protocol is extremely complex, perfect for innumerable types of exploitation. A thumb drive could easily be an input device, keylogger, etc., instead of a dumb storage device:http://www.thice.nl/hide-your-data-in-plain-sight-usb-hardware-hiding/http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongleIt could cause electrical damage to connected systems:http://kukuruku.co/hub/diy/usb-killerIt can have bad firmware that causes subtle corruption: http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/etc. Punch tapes should in theory have an unlimited capacity.I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape. Floppies are incredibly convenient and extremely durable by comparison to paper tape. And what about very high-humidity?Do you really think that 1982 someone was able to anticipate Stuxnet?No, it was a happy accident that not upgrading provided some benefits, but it is a benefit just the same. Re: Floppy disks more secure? (Score: 0) by Anonymous Coward on 2015-10-12 19:14 (#Q8WJ) I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape.Two words: mylar tape Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-12 22:23 (#Q9BD) Mylar seems strong, until it gets nicked... One tiny little puncture, and the tear will propagate wildly, basically shredding. Even if you eliminated material strength concerns, it's still a huge step backwards. Hard to believe someone found some way to make 8" floppies sound like a technically superior and more convenient option...
Re: Floppy disks more secure? (Score: 1) by tanuki64@pipedot.org on 2015-10-11 15:34 (#Q56V) I assume they're talking about sneakernet, in general, being more secure than any kind of live data connection. The critical system can be completely isolated.Critical systems can also be completely isolated when thumb dives are used.Punch-cards may have too-little capacity to be practicalAccording to Google such an 8" floppy has a capacity of 80kb to 1024kb. Punch tapes should in theory have an unlimited capacity.The disks also have a built-in protection against portable-storage attacks like Stuxnet,Sounds convincing... at first glance. But it is not that they downgraded their modern technology with 8" floppies after Stuxnet. If this really was the reason to keep the old tech, for the first time people had a foresight, which I would call superhuman. The 5 1/4" disks came out 1978. They were more stable and convenient than the 8" disk. 1982 the even more stable 3-1/2" disk was introduced. What kept them from using those? Do you really think that 1982 someone was able to anticipate Stuxnet? Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-11 17:04 (#Q5CN) Critical systems can also be completely isolated when thumb dives are used.You should at least have said CDs/DVDs or other similar data-only media. Thumb drives are HORRIBLE for security. The protocol is extremely complex, perfect for innumerable types of exploitation. A thumb drive could easily be an input device, keylogger, etc., instead of a dumb storage device:http://www.thice.nl/hide-your-data-in-plain-sight-usb-hardware-hiding/http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongleIt could cause electrical damage to connected systems:http://kukuruku.co/hub/diy/usb-killerIt can have bad firmware that causes subtle corruption: http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/etc. Punch tapes should in theory have an unlimited capacity.I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape. Floppies are incredibly convenient and extremely durable by comparison to paper tape. And what about very high-humidity?Do you really think that 1982 someone was able to anticipate Stuxnet?No, it was a happy accident that not upgrading provided some benefits, but it is a benefit just the same. Re: Floppy disks more secure? (Score: 0) by Anonymous Coward on 2015-10-12 19:14 (#Q8WJ) I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape.Two words: mylar tape Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-12 22:23 (#Q9BD) Mylar seems strong, until it gets nicked... One tiny little puncture, and the tear will propagate wildly, basically shredding. Even if you eliminated material strength concerns, it's still a huge step backwards. Hard to believe someone found some way to make 8" floppies sound like a technically superior and more convenient option...
Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-11 17:04 (#Q5CN) Critical systems can also be completely isolated when thumb dives are used.You should at least have said CDs/DVDs or other similar data-only media. Thumb drives are HORRIBLE for security. The protocol is extremely complex, perfect for innumerable types of exploitation. A thumb drive could easily be an input device, keylogger, etc., instead of a dumb storage device:http://www.thice.nl/hide-your-data-in-plain-sight-usb-hardware-hiding/http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongleIt could cause electrical damage to connected systems:http://kukuruku.co/hub/diy/usb-killerIt can have bad firmware that causes subtle corruption: http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/etc. Punch tapes should in theory have an unlimited capacity.I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape. Floppies are incredibly convenient and extremely durable by comparison to paper tape. And what about very high-humidity?Do you really think that 1982 someone was able to anticipate Stuxnet?No, it was a happy accident that not upgrading provided some benefits, but it is a benefit just the same. Re: Floppy disks more secure? (Score: 0) by Anonymous Coward on 2015-10-12 19:14 (#Q8WJ) I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape.Two words: mylar tape Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-12 22:23 (#Q9BD) Mylar seems strong, until it gets nicked... One tiny little puncture, and the tear will propagate wildly, basically shredding. Even if you eliminated material strength concerns, it's still a huge step backwards. Hard to believe someone found some way to make 8" floppies sound like a technically superior and more convenient option...
Re: Floppy disks more secure? (Score: 0) by Anonymous Coward on 2015-10-12 19:14 (#Q8WJ) I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape.Two words: mylar tape Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-12 22:23 (#Q9BD) Mylar seems strong, until it gets nicked... One tiny little puncture, and the tear will propagate wildly, basically shredding. Even if you eliminated material strength concerns, it's still a huge step backwards. Hard to believe someone found some way to make 8" floppies sound like a technically superior and more convenient option...
Re: Floppy disks more secure? (Score: 1) by evilviper@pipedot.org on 2015-10-12 22:23 (#Q9BD) Mylar seems strong, until it gets nicked... One tiny little puncture, and the tear will propagate wildly, basically shredding. Even if you eliminated material strength concerns, it's still a huge step backwards. Hard to believe someone found some way to make 8" floppies sound like a technically superior and more convenient option...