Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://todon.eu/users/ljrk/statuses/113905195969227616">lj·rk (ljrk@todon.eu)'s status on Tuesday, 28-Jan-2025 18:36:38 JST</a><a href="https://todon.eu/@ljrk" title="ljrk@todon.eu"><img src="https://gnusocial.jp/avatar/105402-48-20250524164819.webp" width="48" height="48" alt="lj·rk" style="position: absolute; left: 0; top: 0;">lj·rk</a><div><ul><li></ul></div></section><article><p><a href="https://hol.ogra.ph/@sour">@sour</a> <a href="https://kolektiva.social/@hakan_geijer">@hakan_geijer</a> Absolutely! Security focused live systems are neat for some throwaway work, just do recognize that if the hardware is tampered with, it's hard for the OS to defend against that. </p><p>But most attacks that work well against Linux but not so against modern Windows/macOS are attacks targeting the installed OS. With a live system you circumvent that. In theory, you can harden a Linux to a similar degree as Windows BitLocker (i.e., measuring Secure Boot state + long password or fido2 stick, using<br>signed UKIs, etc.) or perhaps even more than that, but it's not the default and requires quite some knowledge.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4463481#notice-8737041">In conversation</a><time datetime="2025-01-28T18:36:38+09:00" title="Tuesday, 28-Jan-2025 18:36:38 JST">about 4 months ago</time> <span>from <span><a href="https://todon.eu/@ljrk/113905195969227616" rel="external" title="Sent from todon.eu via ActivityPub">todon.eu</a></span></span><a href="https://todon.eu/@ljrk/113905195969227616">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
lj·rk (ljrk@todon.eu)'s status on Tuesday, 28-Jan-2025 18:36:38 JSTlj·rk
- Håkan Geijer
@sour @hakan_geijer Absolutely! Security focused live systems are neat for some throwaway work, just do recognize that if the hardware is tampered with, it's hard for the OS to defend against that.
But most attacks that work well against Linux but not so against modern Windows/macOS are attacks targeting the installed OS. With a live system you circumvent that. In theory, you can harden a Linux to a similar degree as Windows BitLocker (i.e., measuring Secure Boot state + long password or fido2 stick, using
signed UKIs, etc.) or perhaps even more than that, but it's not the default and requires quite some knowledge.
In conversationabout 4 months ago from todon.eupermalink

Public

Embed Notice

HTML Code

Corresponding Notice