Domain: kaos.to
Stories and comments across the archive that link to kaos.to.
Comments · 15
-
Re:we need an antivirus vendor
that supplies cd images online with their own mini boot os, updated monthly, that you download, burn, and then reboot into via cd
90% of users wouldn't bother. its just a giant hassle. but amongst the ultraparanoid, which you are if you know even just a little about what goes on out there, it would be a nice piece of mind guarantor
of course, this product probably already exists. in which case PLEASE TELL ME WHERE
;-)Why not simply boot into a live CD whenever you want to do online banking or other such sensitive tasks if you're that paranoid? Nearly all allow for writing to the hard drive, so it's not a problem to save any data you want around after the task is completed like online statements, etc. If you're really paranoid, use Anonym.OS put together by Kaos.Theory Security Research and based on OpenBSD with hard encryption and use of TOR as defaults?
Download here: http://sourceforge.net/projects/anonym-os/
More information: http://kaos.to/cms/projects/releases/anonym.os-livecd.html
Cheers!
Strat
-
Re:Human curiosity kills the computer
"create non privliged testuser account on your linux (or other non standard OS) box"
Better idea... use any live CD, and make sure that it doesn't mount any of your real hard drives before you plug the USB stick in. For more paranoia, use Anonym.OS, the OpenBSD live CD: http://kaos.to/cms/content/view/14/32/. For maximum paranoia, unplug your hard drives entirely before booting the CD... maybe the stick exploits a security vulnerability in your live CD to gain root access and mount your hard drives. -
Re:Make it hard for them: Anonym.OS!!
I think what you and many here may be looking for is Anonym.OS http://kaos.to/cms/content/view/14/32/
It's an OpenBSD 3.8-based LiveCD (read: no installing, nothing left on a hard-drive to search, usable from any net-connected PC with a CDROM drive that can be booted from).
It includes pre-configured TOR onion-routing, STRONG encryption that OpenBSD is (in)famous for, and is very simple to use..even for those with little computer/*nix knowledge. Everything is pre-configured for maximum security and anonymity.
Plus, it appears to be developed and hosted outside the U.S., so restricting it's availability or use would be very hard to accomplish for the U.S. government.
Also, being OpenBSD-based, it will run on minimal hardware resources. It includes the Fluxbox desktop, with Thunderbird e-mail client, Firefox webbrowser, and Gaim multiprotocol IM/chat client.
Even having nothing to hide, this is a handy liveCD to have in the toolbox. I highly recommend downloading an .ISO and giving it a spin. It's amusing to open Firefox to "whatsmyip.com" and see your IP address change to another region of the world every few minutes. Also, the dire-sounding warning from Yahoo Chat "Notification: We are currently recording IP addresses of all Yahoo! Chat us
ers" becomes quite humorous. :D
Cheers!
Strat -
Watch For Follow-Up Laws To Ban Things Like...
..Anonym.OS http://kaos.to/cms/content/view/14/32/
Until then, consider contributing to these kinds of projects, as they soon may be the only things standing between you and governments being able to track and parse every communication you make.
Does anyone else find it ironic that some of the most "free" countries are some of the former Soviet Unions' 'client' states?
Cheers!
Strat -
Re:Reporting vulnerabilities safely?
I think a vulnerability can be reported anonymously quite safely (for a good deal of people anyway). Try the following:
1) Get a laptop with wireless.
2) Boot with knoppix, change mac adress.
3) Walk around until you find unsecured AP.
4) Post said vuln everywhere (including /.)
Easier than that, just download and burn the .iso of Anonym.OS http://kaos.to/cms/content/view/14/32/
Boot off the CD, which uses OpenBSD and TOR plus encryption. E-mail from a throw-away free webmail account created while using Anonym.OS. Rinse and repeat as necessary. No need to even leave home.
Cheers!
Strat -
Re:*BSD is Dying
There are currently 4 bsd projects that i'm aware of. They include FreeBSD, NetBSD, OpenBSD and DragonFlyBSD. In addition to these projects which each develop their own kernel and userland, there are linux style distros PC-BSD and DesktopBSD which do not develop their own kernel or low level userland. (they add gui shit) These two track freebsd progress as well as other projects like frenzy that do live cds.
Just to add to what you've listed, there are some lesser-known but quite interesting *BSD projects out there.
AnonymOS, an OpenBSD 3.8-based LiveCD with strong encryption and a preconfigured TOR proxy service for net anonymoity.
http://kaos.to/cms/content/view/14/32/
NeWBIE, a NetBSD-based LiveCD aimed at being a desktop LiveCD that includes the Fluxbox desktop environment.
http://arudius.sourceforge.net/
FreeeSBIE, a FreeBSD-based LiveCD (includes install script) which includes Fluxbox and XFCE4 desktop environments. The FreeSBIE toolkit to produce custom LiveCDs is even included in FreeBSDs' ports tree. (There is a Romanian-created flavor called RoFreeSBIE, links at Softpedia http://linux.softpedia.com/progDownload/RoFreeSBIE -Live-CD-Download-9067.html).
http://www.freesbie.org/
There may be other projects, but those are the ones I'm familiar with. They are all very nice, and worth a try.
As to PC-BSD, I'm more knowledgeable than the average PC user, but I found PC-BSD to be quite impressive and usable, without being too terribly dumbed-down.My G/F (Yes, I have one, but I'm 48 and also play lead guitar in a gigging and recording blues band. :-P) actually prefers it over XP or Mandriva.
The .PBI software packages aren't too numerous as yet, but there has been steady development with new .PBIs appearing at a fast enough pace that I'm sure the number will be respectable before too long.
Bravo, laffer! I wish you luck with MidnightBSD, and I'll keep checking that URL. I look forward to any new ideas being applied to FreeBSD, as it seems a very solid base, and IMHO has not been taken anywhere near its' capabilities yet as a desktop.
Cheers!
Strat -
Sounds Like A Job For..
AnonymOS! http://kaos.to/cms/content/view/14/32/
This could be a very powerful tool in anyones' kit that needed internet privacy.
It includes advanced cryptography, and also, maybe even more importantly in the case of China, a pre-configured ready-to-go, on-by-default TOR http://tor.eff.org/ anonymous encrypted onion-routed proxy system.
Plus, being an OpenBSD 3.8-based LiveCD, it can be used from an internet cafe or whatever net-connected PC one might have or get access to, even if only temporarily.
Of course, Chinese censors could blackhole the TOR gateway servers, but these change randomly as I understand it. I am not that knowledgeable regarding the TOR network details. Perhaps someone more knowledgeable can chime in on this.
Cheers!
Strat -
At Least Crypto isn't regulated so much anymore
You have to love anonym.OS http://kaos.to/cms/content/view/14/32/ in times like this.
-
Re:How about Tor?
Anonym.OS is a Tor-based ISO Live-CD that uses OpenBSD. Not exactly a VMware appliance, but I use it in VMware and boot from the virtual CD-ROM.
http://theory.kaos.to/projects.html
http://sourceforge.net/projects/anonym-os/ -
Anonym.OS
A recent article on Slashdot talks about Anonym.OS, which is supposed to keep your web activities anonymous. Maybe he should look into it.
-
Re:Further information from kaos.theory
-
Further information from kaos.theory
I've just updated the kaos.theory blog with some further information about Anonym.OS and some responses to blog, article, and comment criticism:
http://theory.kaos.to/blog/archives/2006/01/17/kao stheory-responds/
First of all, I'd like to take a moment to express, on behalf of kaos.theory, how excited and flattered we are by all of the attention that we and Anonym.OS have received. We always thought we were working on a cool project, but we really underestimated the overwhelming response that we've had. Scores of terabyte upon terrabytes of data have flowed and the hit counters keep on ticking. It appears that privacy is as big of a concern for a large segment of the population as it is for us.
That being said, there have been a few comments made and viewpoints published that we would like to address while we have the bully pulpit provided by the good folks at digg, Slashdot, Reddit, Wired News, and Ars Technica, among others.
USB
In the article written and posted at Wired News, Ethan Zuckerman makes the excellent point that rebooting really isn't an option for many living in oppressive, hostile regimes. Additionally, Mr. Zuckerman suggests the use of a bootable / emulated Anonym.OS environment available from a removable, USB key chain device. This is a feature that we have already incorporated into our road map and that we hope to release very soon.For now, we need as many people as can reboot or run a session in VMWare / Virtual PC / QEMU to please please please test our release. We're not at 1.0 yet, contrary to some postings and articles. Our hope with this release is to solicit feedback from the community concerning features, bugs, and suggestions for everything from desktop wallpaper to file system optimization. Immediately after the Shmoocon talk, all of the members of the group happily fielded questions and comments from audience members that included many suggestions that we intend to incorporate quickly. This type of candid environment is one of the many traits that make Open Source a success and it's what we need in order to keep Anonym.OS growing and on a positive track.
The "China Problem"
Some have asked how we intend to deal with the "China Problem," which could be rephrased as, "What can Anonym.OS do to protect a user against a monitoring party who owns the entire network that the user is using?" Ultimately, this comes down to the ability of the user to utilize covert channels for escaping the network and reaching tor servers. If the party controlling the network is serious enough about its desires and goals in censoring its users, nothing can stop them from implementing a white-list only policy, effectively blocking all tor traffic as well as access to proxies and other tools used for evading filtering.With those concerns in mind, kaos.theory will be working towards and automated egress filtering evasion script for use in conjunction with Anonym.OS. In terms of the "China Problem," this may not offer much as it will most likely require a "trusted friend" on the outside of the hostile network. In terms of a restrictive corporate network, this could be a viable solution. Again, however, these "covert channels" will likely lead to a ridiculous number of anomalous packets coming from a system (who really makes 25,000 DNS requests in an hour, anyway?) and thus are not a bullet-proof solution.
This is a staggering issue, and it's not one that's answerable entirely by technology. If a country or company chooses to restrict access for its users, and the entity is really serious in terms of throwing resources at the problem, there's not a lot we can do from the client-side.
The Naysayers
There have been two strains of objection to the project, one classical and the other uninformed. The former line of argument goes that we're simply enabling criminals to hide their illegal activities and, as suc -
Other Hardening ResourcesFor those interested, I put together a relatively comprehensive list of resources that deal with hardening linux at the kaos.theory blog.
"Bearing in mind that there are probably several hundreds of websites and whitepapers that talk to this topic, I've tried my best to filter the wheat from the chaff, leaving only those resources that I believe are valuable and offer some unique insight, perspective or technique..."
The full list is here. -
Other Hardening ResourcesFor those interested, I put together a relatively comprehensive list of resources that deal with hardening linux at the kaos.theory blog.
"Bearing in mind that there are probably several hundreds of websites and whitepapers that talk to this topic, I've tried my best to filter the wheat from the chaff, leaving only those resources that I believe are valuable and offer some unique insight, perspective or technique..."
The full list is here. -
AnonymOS
Actually, some people from kaos theory security research are developing a project called the AnonymOS which encrypts and anonymizes all traffic through tor along with using a very hardened bsd / linux system that drops all packets that aren't based on a connection that you have established. They did a presentation about this at interz0ne 4 http://interz0ne.com/ . The presentation is here http://theory.kaos.to/projects.html
.
Honestly though, I could care less what 'could' be or has been done with anonymous access to the internet. I would rather have complete anonymity than have a bunch of governments attempting to regulate and track every individual.