The Mental Militia Forums

Please login or register.

Login with username, password and session length
Pages: 1 [2]   Go Down

Author Topic: Computer Security  (Read 7120 times)

Rabbit

  • Guest
Computer Security
« Reply #15 on: August 01, 2003, 06:47:16 am »

Quote
One thing that I won't do without on any future machines is DriveCrypt. The Thought Police can yank my plug as soon as they get their hands on my tower -- and then they won't get one damn thing from it. :D  But it's Windows only ...
However, now that you have provided the Thought Police with this helpful warning, they'll be able to work around the problem: perhaps by doing a surreptitious entry to install a keystroke logger.

Secrecy is the better part of security….

-R
Logged

Sunni

  • Guest
Computer Security
« Reply #16 on: August 01, 2003, 10:35:01 am »

Rabbie sez:
Quote
However, now that you have provided the Thought Police with this helpful warning, they'll be able to work around the problem: perhaps by doing a surreptitious entry to install a keystroke logger. Secrecy is the better part of security….

Points well taken. I thought my cover was pretty well blown on being a DC user anyway ... and it isn't as though I'm a big target ... yet.  :rolleyes:

On installing/using linux: I was on the LinuxChix discussion list for a while, and found it quite helpful. Claire provides a link to it in at least one article of hers, which I think has been referenced already on this thread.
Logged

Dana

  • Full Member
  • ***
  • Offline Offline
  • Posts: 205
Computer Security
« Reply #17 on: August 01, 2003, 11:31:21 am »

There's a world of difference in the skill/dedication level required to simply *use* a well set-up Linux system (easy) vs. creating such a system in the first place (quite a bit harder).

In the latter case, you have to make sure your hardware is penguin-friendly, probably re-partition your drive (if already using Windows), install an OS (how many people have to install Windows from scratch?), deal with boot managers (if dual boot), and potentially even deal with compiling some kernel module to support some particular hardware device.  All of this can vary from the relatively painless (if you're installing Red Hat from scratch on friendly hardware with no OS presently installed) to the quite painful (if you're adapting an existing Windows system with unfriendly hardware).  This can be quite daunting for a lot of folks, and Linux advocates would do well to acknowledge it.

If you'd like to get started with Linux and can throw money at the problem (and granted, not everyone can) then purchasing a complete system with Linux pre-installed from a reputable vendor that supports the entire package (hardware, Linux OS, etc. etc.) will go a *long* way toward having a positive experience.  If you think about it, this is how it works for 99% of end-user computer purchases in the Windows world.

An alternative (and potentially much cheaper) solution is to have someone already knowledgeable with Linux set it up on your system for you.  Of course, this depends heavily on who your friends and family members are.  It probably doesn't make sense to pay someone the going professional rate to do this.

In either case, if you can have your first Linux experience involve sitting down and simply *using* an *existing* Linux setup, you'll probably be much happier overall.

Lastly, there always seems to be the case of that one Windows application (whatever it may be) that you simply can't do without and that doesn't have a (viable) open-source equivalent.  The solution I use for this is VmWare, which I highly recommend (assuming you have reasonably powerful hardware).

VmWare will let you run genuine Microsoft Windows inside of a window on a Linux system.  This means you are running Windows and Linux at the *same time* which is infinitely more convenient than having to reboot to switch between them.  It's not cheap ($299) but you can download a fully-functional 30-day demo for free if you simply want to try it out.  There is no difference between the demo and the real product other than an expiration date when it stops working.

While some hardcore Linux advocates may claim this misses the whole point (why run Windows inside of Linux?  Aren't you trying to get rid of Windows?), I think it's an ideal solution for you to essentially have your cake and eat it too.  And in the long term, it's probably much easier to just give up that last Windows application you're running in Windows under VmWare than to switch cold-turkey to a whole new OS.

My $.02 worth.

Dana
 
Logged

enemyofthestate

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 1353
  • Banned
Computer Security
« Reply #18 on: August 01, 2003, 07:12:33 pm »

Quote
However, now that you have provided the Thought Police with this helpful warning, they'll be able to work around the problem: perhaps by doing a surreptitious entry to install a keystroke logger.

Secrecy is the better part of security….

-R
A software key logger cannot be installed if the system files are encrypted too.  A hardware logger will work but those are usually pretty easy to spot.  A good attack against software encryption of the entire drive is to install customized software in the parts that cannot be encrypted.   At a minimum you can overwrite the boot sector with a small loader which calls a workalike or wrapper program as a front end to the drive encryption software.  This is one reason the government rejected software encryption in favor of hardware encryption on laptops.  The encryption happens in the hardware interface so key has to be entered right after the POST to unlock the hardware.  Unfortunately the hardware solution is still expensive but they're spending my money so what do the snitgobbers carre...

Another alternative is to use encrypted containers that look like drives to the system.  This has a fair amount if overhead if you want to avoid running in system space so should only be used for important files.  
One advantage of container encryption is it does not interfere with regular upgrades. Another is the containers can be shared safely across the network when necessary.   I cannot really recommend it for Windows because of it's tendency to put important files in unexpected places.

With containers you can easily created thousands of symmetrical keys and store them on a CD and change keys as often as you like. The CD can be encrypted with a passphrase.  Insert the CD when you need the containers and store it flat in a microwave when not in use.  Keep the the microwave set to about ten seconds and, just before the JBT's arrive, hit the start button.  A few second of flashies and the CD is reduced to an unrecoverable mass of hot, smelly plastic.  If they cut the power first have a Bic lighter handy.  Even snapping the CD in two will allow O2 to reach the alumimum substrate and the resultant oxidation is virtually instantaneous but will not be complete because of the way the plastic is bonded to the aluminum.

There is an encryption program that uses a 6 gigabit key (~750 MB) that takes up an entire CD.  It is limited to files equal to or less than the length of the key tho.

Oh, and insure your crypto programs always use protected memory for keys.  Always!  It would be defeating the purpose if the symmetrical key was paged to disk at any time.  You have been warned! :-)
Logged
Mystical man values human life.  Rational man values the ability to value human life.
--Stephen Carville

Atheist   n.   A person to be pitied in that he is unable to believe things for which there is no evidence, and who has thus deprived himself of a convenient means of feeling superior to others
-- Chaz Bufe, The American Heretics Dictionary

amy

  • Guest
Computer Security
« Reply #19 on: August 01, 2003, 11:25:36 pm »

Quote
Quote
I am a new linux user. Had been using windows for years, and was pretty good at using it. I didn't install linux myself, my husband did it for me. But he still uses windows and doesn't know much about linux. I haven't figured out how to install anything though I have tried a couple of times. Any good sites for intro to linux? (have red hat 8.0 I think)
There are basically four ways to install software in Linux:

1.  RPM -- Redhat Package Manager

2.  APT

3. Compile from source.

4. Executable script

What is it you are trying to install?
  :D    Woo-hoo. I just got it to work! I was installing and trying to run yahoo messenger. And it is running.

I used to use trillian for im-ing, but it doesn't look it works under linux so I am going with yahoo so I can chat at least with some of the people (trillian allowed me to chat with yahoo, msn, aol, icq, and irc). If anyone knows if trillian can work with linux I'd prefer to use that.

Isn't a linux machine more secure than a windows machine? That was one of the reasons I switched, I had heard about back doors being written into some windows programs. I also didn't like internet explorer crashing a couple of times a week. Though I guess I could have just switched browsers.    <_<

 
Logged

amy

  • Guest
Computer Security
« Reply #20 on: August 01, 2003, 11:28:37 pm »

Quote
Try this, amy... http://linux.org/lessons/beginner/toc.html . It's a very good resource at the "official" Linux site.

Good luck,
--Jac
Thanks.  
Logged

amy

  • Guest
Computer Security
« Reply #21 on: August 01, 2003, 11:39:07 pm »

Quote

Except for Adobe, there are.  When I need PDF files I either export as postscript for Openoffice and convert using ps2pdf13 or I create the documents in LyX and export to PDF directly.
My version of linux comes with a program that allows me to read pdf files. I think it is called xpdf. I haven't had any trouble reading web pages that are in pdf. It is actually better in linux than when I had windows. If it was a big file, it would crash on me. And when it did work, it was a long wait to open. No problem now (thought most every thing else is slower in linux than I remember from windows 98).
Logged

Sunni

  • Guest
Computer Security
« Reply #22 on: August 02, 2003, 12:45:09 pm »

Dana,

Excellent points on "the linux experience". I set mine up as dual boot from scratch (installing both OSs myself), and had a longtime linux and Red Hat user available to walk me through the custom install. It went very well, although not flawlessly, the first time 'round. But because I did handle it competently, it made the decision to reinstall (and reinstall, and reinstall until everything was juuuust right :) ) simple. Next time I get a system, I'll keep VmWare in mind.

Thanks, enemy, for the encryption/security info and tips, too. Y'all are great!
Logged
Pages: 1 [2]   Go Up