Comment Q5EY Re: Floppy disks more secure?

Story

Why the floppy disk is still used today

Preview

Floppy disks more secure? (Score: 1)

by tanuki64@pipedot.org on 2015-10-11 11:51 (#Q4S7)

The security of this outmoded technology was difficult to replicate with modern materials.
This I don't understand. In what way are floppy disks more reliable? Sure, everything is bigger on a 8-inch floppy disks. You probably can see individual bits with a magnifying glass <---- slight exaggeration, I know. But does this really matter? A floppy contains data. In really mission-critical environments I certainly would not rely alone on what data I get from some hardware... regardless of new or old hardware. And exactly for this reason all kinds of techniques like checksums were invented to detect data corruptions.

My guess is that old floppy drives might be more resistant against EMPs. But then... perhaps someone should tell them about punch tapes. Even more secure. Can even be read manually in case of an emergency.

Re: Floppy disks more secure? (Score: 2, Insightful)

by evilviper@pipedot.org on 2015-10-11 14:03 (#Q51C)

I assume they're talking about sneakernet, in general, being more secure than any kind of live data connection. The critical system can be completely isolated.

Punch-cards may have too-little capacity to be practical (otherwise, they could just write it out) and I know the card reader is much more elaborate and prone to mechanical failures than a floppy drive. EMP isnt likely a big concern, as they're already shielded and sheltered deep undeground.

And finally:

"The disks also have a built-in protection against portable-storage attacks like Stuxnet, which was introduced to Iran’s Natanz nuclear plant via a thumb drive, since the disks don’t have nearly enough space to hold such a sophisticated piece of malware."

Re: Floppy disks more secure? (Score: 1)

by tanuki64@pipedot.org on 2015-10-11 15:34 (#Q56V)

I assume they're talking about sneakernet, in general, being more secure than any kind of live data connection. The critical system can be completely isolated.
Critical systems can also be completely isolated when thumb dives are used.
Punch-cards may have too-little capacity to be practical
According to Google such an 8" floppy has a capacity of 80kb to 1024kb. Punch tapes should in theory have an unlimited capacity.
The disks also have a built-in protection against portable-storage attacks like Stuxnet,
Sounds convincing... at first glance. But it is not that they downgraded their modern technology with 8" floppies after Stuxnet. If this really was the reason to keep the old tech, for the first time people had a foresight, which I would call superhuman. The 5 1/4" disks came out 1978. They were more stable and convenient than the 8" disk. 1982 the even more stable 3-1/2" disk was introduced. What kept them from using those? Do you really think that 1982 someone was able to anticipate Stuxnet?

Re: Floppy disks more secure? (Score: 1)

by evilviper@pipedot.org on 2015-10-11 17:04 (#Q5CN)

Critical systems can also be completely isolated when thumb dives are used.
You should at least have said CDs/DVDs or other similar data-only media. Thumb drives are HORRIBLE for security. The protocol is extremely complex, perfect for innumerable types of exploitation.

A thumb drive could easily be an input device, keylogger, etc., instead of a dumb storage device:

http://www.thice.nl/hide-your-data-in-plain-sight-usb-hardware-hiding/

http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle

It could cause electrical damage to connected systems:

http://kukuruku.co/hub/diy/usb-killer

It can have bad firmware that causes subtle corruption:

http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/

etc.
Punch tapes should in theory have an unlimited capacity.
I don't want any life-critical systems to depend on proper and careful handling a fiddly roll of paper tape. Floppies are incredibly convenient and extremely durable by comparison to paper tape. And what about very high-humidity?
Do you really think that 1982 someone was able to anticipate Stuxnet?
No, it was a happy accident that not upgrading provided some benefits, but it is a benefit just the same.

Re: Floppy disks more secure? (Score: 1)

by tanuki64@pipedot.org on 2015-10-11 17:40 (#Q5EY)

You should at least have said CDs/DVDs or other similar data-only media.
I did not do this on purpose. I 100% agree with all you said about thumb drives. The point was just that to isolate a system the external storage type is not really relevant. For me an isolated system is a system, which is not connected to any network. Ok, perhaps to a well defined local network with no connection outside this local network. The horrible security of thumb drives is a different problem. And... I would not even raise a brow when they just have said that thumb drives are an absolute no-no, on the contrary.

I was looking for the capacity of punch tapes, but only found 'a few dozen kilobytes'. The first 8" floppies also had only a 'few dozen kilobytes. But more interestingly:

https://en.wikipedia.org/wiki/Punched_tape#Current_use
Use of punched tape today is very rare and is used only in military systems.
Unfortunately "citation needed"... but it looks like I wasn't that far off with my 'punch tape joke' :-D

Junk Status

Not marked as junk