On Tue, 21 Sep 2021, Andrew M.A. Cater wrote:
Write only storage - DVD-R or equivalent Blu-Ray - but make sure to end the session. Deletion - feed through a paper shredder.
I already do that but currently that means I have roughly one month of backups on network accessible storage before I write to disc. A ransomware attack that exploits a zero day ssh vulnerability for example wouldn't be a complete disaster - this is only home usage - but it seems fairly trivial to create a 'worm' usb device using a pi. I haven't tested yet but with a blu-ray burner attached too the pi could write to disc once there's 25G written and then delete it. I'm slightly surprised someone hasn't done something like this already.
