RE Re: Ubuntu ISO Testing team: New buildnotification-why Ubuntu-Studio-devel Digest, Vol 56, Issue 2
lukekuhn at hotmail.com
Fri Dec 2 18:55:14 UTC 2011
The function of encrypted disks is twofold. One is that, assuming an "evil maid" multi-visit attack is not the issue, it protects data in the event of a police raid or "burglary." The second is that recovery and failure to penetrate one such encrypted computer deters future raids and "burglaries," on grounds or limited manpower and resources. People don't fish in places where the fish don't bite. Doesn't work all the time, but as part of "defense in depth" it helps a LOT. They sure as hell never made another attempt to get computer information from me.
There is a serious privacy concern in Ubuntu, hopefully not in Ubuntustudio by default-Zeitgiest, with so far lacks controls to turn off logging. I remove it, accept that Unity's menus won't work at all, and turn ~/.recently-used.xbel into a directory. This both protects people I give an unencrypted build of the OS I use (because they don't want to be bothered with memorizing a secure passphrase) ands removes a file of great use to a skilled attacker if one finds a way to read it online.
The other factors you mention are beyond the scope of a default OS install for the most part. I will now discuss some of the measures that are used with encryption when it is necessary to presume that a national government and not just a local police department is the opposition. One should always prepare as though the most capable adversary they will face will be the opponent. I will now discuss encryption and computer "tradecraft" for this level:
CRT monitors should never be use where security is an issue, their RF radiaiton is far too strong. In rural areas where you can control a large space and move back the listening post (LP), RF signals travel a hell of a long way. In urban areas they die really fast-but the LP could literally be on the other side of the wall, so that's a wash. In the US, the codeword for the defense against this mode of attack is "TEMPEST" and a tempested installation is one that is RF shielded, by shielding the room, the installation, or both against RF leakage. In the real world, RF chokes on power and other leads, an LED monitor, a case with NO plastic panels lacking metal backings, and reportedly not using analog VGA cables to the monitor all reduce RF leakage and force the LP to be much closer and more easily detected. I've never heard of a TEMPEST attack beng sucessfully used by the FBI against any activist in the US. If they have it and don't want to admit to it, the data becomes far less useful.
ISP and phone snooping is another matter. No connection registered to the user by a real name is safe, no home connection is safe, even wireless broadband with GPS jammed and prepaid with fake personal info could be triangulated and the right house guessed-or ALL houses in the triangulation zone raided in some countries or low density areas. Assume your carrier copies everything you do and keeps it forever. Use SSL for any site that supports it. Presumably intellegence agencies can crack it, but Carnivore cannot, and neither can your ISP. What your ISP cannot read, they cannot pass on to the FBI. the secret police, or whoever.
Just using Ubuntu instead of an Adroid or iOS smartphone and using it on the road is a big start, because the latter two OS's have been revealed to often contain commercial spyware alled "CarrierIQ" that reports back URL's visited, etc to the carriers. Once there, the security forces have access to it. Then we can get into MAC address spooking, disposable external USB wifi cards on the hardware side, and site selection on the user side.
I would not worry about raw video files being copied over the Internet, that requires more bandwidth than most connections have. I suppose the FBI could order a cable provider to give them a fast connection into someone's system though. Raw photos this might be possible, same for text. Monitor your bandwidth, watch for suspicious activity or processes
The "evil maid" boot keylogger attack is harder to implement against Ubuntu than against Truecrypt, as everyone's initramfs is a little different and the attack script will have to generate it locally without access to /etc/initramfs-tools, just the existing initramfs. There are no published reports of any intelligence service using this in the field, if this is an issue keeping /boot on a falsh drige on your physical keyring makes this attack impossible without access to that keyring.
The real dangers, assuming you use disk encryption, are this:
1: ANY unencrypted email on ANY server containing infomation that cannot be told to a cop and a reporter at the same time.
2: A poorly-motivated member of the crew with custody of important information snitching under pressure-NEVER share passphrases between users!
3: :Weak passphrases vulnerable to dictionary or publised-writing attacks, widely used by the Secret Service.
4: : Smudges left on touch screens from password entry-this is a known and published from of pass-pattern recovery.
5: Using public access wifi without consideration for the locations of security cameras, or using the same site repeatedly for secure work.
6: Logging into personal email or social networking from any location while doing secure work
7:Browsers that snoop: Chrome or Chromium without turning off the spyware, ANY browser in it's default settings
8: THE WORST OFFENDER: Facebook! Don't use it at all.
9: Google. They keep EVERYTHING, always use Tor and/or the Scroogle anonymizer to reach them
> Subject: Re: RE Re: Ubuntu ISO Testing team: New buildnotification-why
> encryption support is needed
> Message-ID: <op.v5uuiwdrqhadp0 at suse11-2>
> Content-Type: text/plain; charset=iso-8859-1; format=flowed; delsp=yes
> Note, at least if you are using a CRT, no disc encryption isn't your
> biggest issue, since everybody able to use an antenna, is able to see
> everything on your screen from the house from the other side of the road.
> "Explicit" anarchistic data has no place on a computer. Encryption is
> completely safe. No intelligence service is able to do refactoring of
> primes, assumed the encryption avoids pseudo-primes, such as some Fermat
> The weak spot is the computer in general, there are several ways to spy,
> if a computer is used.
> Anyway, I agree that for states like China, encryption of discs is
> important, for western countries we need other methods to be more safe,
> assumed the data is explicit-explicit anarchistic. Writing about weed to
> e.g. some southern states in the USA, you only need 1024 encryption for
> your mails.
> Note, anonymous surfing and mailing isn't safe, if everybody is able to
> get access to e.g. your two telephone cables.
> 2 cents,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ubuntu-Studio-devel