Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> There has to be something more sophisticated than single-use CD-ROMs

But why, when a DVD-R handles most use cases at a cost of < $0.25 each, are reliable and ubiquitous, the hardware is likely already there (unless you are using Apple - caveat emptor) and they close the threat vector posed by read/write USB devices.

Sometimes the simplest solution is the best solution.



DVD-R is read/write unless you are very careful to have read-only hardware on the destination device.


Even if the destination device were to write something to said discs, the optical media are cheap enough that it makes sense to destroy them (or archive them in case they become useful for forensic purposes) rather than reusing them.

Plus, compared to a USB form factor, one imagines it’s harder to sneak in circuitry that could retransmit data by unexpected means.


Why "very" ?

Also, if you think that the seller is lying to you, can't the drive be opened up and inspected to check for that kind of capability ?


You can always shred the DVD afterwards I guess!


I would guess having a CD/DVD drive opens another attack surface. Similar to why people gluing their USB ports closed.


Right — but the question isn’t CD/DVD versus nothing. It’s CD/DVD versus USB; and which has a smaller attack surface.

I’d argue that read-only CD/DVD has a smaller attack surface than USB, so of the two, it’s preferable. I’d further argue that a CD/DVD (ie, the actual object moved between systems) is easier to inspect than USB devices, to validate the behavior.


The CD/DVD discs used can also be retained and later audited to verify what was moved to and from the systems.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: