[Freedombox-discuss] Security Services

Eugen Leitl eugen at leitl.org
Mon Mar 5 15:56:40 UTC 2012


On Mon, Mar 05, 2012 at 06:58:37AM -0800, Mike Rosing wrote:
> On Mon, 5 Mar 2012, Jack Wilborn wrote:
>
>>
>> Please, if I'm totally off, let me know and I won't bug you about it.  I
>> was only responsible for a few trillion dollars that could disappear in a
>> few minutes....
>
> That's a really focused threat model.  There is a broader range of 
> attacks possible for an alternate network.  I would be very interested in 
> hearing a priority list of what people think the most probable attacks 
> against the Freedombox network might be.

The code-signing cert appears to be a juicy target. I'm not sure how
Debian is handling the key signing and secret security. Ability to
stealthily compromise individual boxes by MITMing updates or brick
the entire FBX network in a wide area.

It would be probably also a good idea to firewall network connections
to other Freedomboxes, disable password logins by default and audit
the SSH key/cert generation to make sure there's enough entropy.



More information about the Freedombox-discuss mailing list