Tinfoil Hat Linux: A Distribution for the Paranoid

An Anonymous Coward writes: " Tinfoil Hat Linux is a distribution designed to allow the signing and encrypting of documents with the utmost in security. The floppy-image has numerous security features including: entering your passphrase via a video game style selection process to combat hardware keystroke loggers, turning the contrast of your screen down to foil prying eyes and cameras, and to run background PGP processes."

Uh huh...

Like I'm going to trust *them* to secure my Linux box.

Re:Uh huh...

[mar1no]

i agree, tinfoil isn't very strong if you ask me, i prefer to use a ziploc bag instead.

Re:Uh huh...

[llamalicious]

You don't have to, simply send me $50 via PayPal and drop-ship your workstation to me and I'll secure it for you.

:)

Re:Uh huh...

[TheRain]

I put a big condom over mine!

... and then what do you use it for?

I mean I've known people who are infactuated with Linux but....

Set up a "secure document" server / workstation...

[Nijika]

Cool.

I gotta try this when I get home. I guess you could have this as the workstation, and then have an OpenBSD box as a vault type NFS or something.

Announced at CodeCon

[burtonator]

For those of you not there.

This was announced at codecon. The author passed out about 50 floppies with the distribution on it.

Really good idea. I may have to run this on my laptop :)

Re:Hoax

[MaxVlast]

Seems legit to me.

Actually, a floppy-based distro that can be used for really secure work is a great idea. I can keep a trusted environemnt with me at all times, and know what's going on (I never trust another person's computer when sitting down at it. I know how my machine is set up which gives me no cause to trust others!)

UberSecureLinux

[TedCheshireAcad]

The distribution UberSecureLinux, is actually a standard distribution of RedHat Linux 6.2, default installation, but it requires you to remove the PowerCord(TM) device from your PC. With PowerCord(TM) removed, your machine is effectively hacker-proof.

UberSecureLinux hopes to dispel the myths that RedHat 6.2 is one of the most hackable distributions of Linux.

Re:UberSecureLinux

[JabberWokky]

UberSecureLinux hopes to dispel the myths that RedHat 6.2 is one of the most hackable distributions of Linux.

USL is useless. Not only was it a pain to get my wireless networking installed on it, I followed instructions precisely, disconnected the PowerCord(TM), and evil hackers still got into my laptop!

(Incidently, I prefer this USL, anyway).

--
Evan "insert SubGenius motto here" E.

Re:UberSecureLinux

[TedCheshireAcad]

Wireless networking in USL is quite simple, it only requires that you compile libpenandpaper-1.0, and exchange messages using the HandToHand networking model.

Re:UberSecureLinux

[crawling_chaos]

No, no, he needs the new release, Uber Secure Extended Linux - Enhanced Services Support. The laptop module in this release also removes the Battery(tm) in addition to the PowerCord(tm).

It's been a long day.

Re:Hoax

[CitznFish]

here si the site for those that may not get to it...
What is Tinfoil Hat linux ? It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
Tinfoil hat is useful if:

• You're using a computer that could have a keystroke logger installed. http://www.keyghost.com is an example of a tiny & cheap hardware logger.
• You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
• If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
• If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
• The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.

Tinfoil hat linux files

• readme.txt, also on the floppy image
• The source code for files on the floppy
• The tinfoilhat linux floppy image plus disk signature file Transfer this image to disk using rawrite (on windows) , dd on unix (dd if=tinfoil.img of=/dev/floppy ), or Diskcopy on a MAC.

FAQ

• Q: Why doesn't the floppy I got at codecon match the signature above?
  A: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56
• Q: How do I undo that horrible screen in paranoid mode?
  A: Type "contrast" at the command prompt, or play with ctheme.
• Q: Is this really a 1.0 stable release?
  A: Think of this as a linux kernel 1.0 . Yes, it's stable to the best of my ability, and has been tested, but not for very long or by many people.
• Q: What sort of hardware is required to run tinfoil hat?
  A: Any 386DX or faster IBM compatible with more than 8 megs of RAM. Pretty much any PC made in the last 8 years will work fine.
• Q: where do I send complaints, bugs & feature requests?
  A: anonymous AT nameless DOT cultists.net
• Q: What is the license for this distribution?
  A: The scripts, documentation, and the distribution as a collection are released under a modified BSD license. Obviously, other people's software in this distribution retain their original licenses.

Links

• Aluminum foil deflector beanie from zapatopi
• The man in the Tinfoil Hat . A good example for people confused by the tinfoil hat reference.
• http://www.gnupg.org
• Joelm's comprehensive TEMPEST site.
• Tempest for Eliza A fun tool for observing the radiation from your computer. If anybody ports this to Direct FB, I'll put it on tinfoil hat in a flash.
• Diceware a tool for generating very secure passphrases.

Copper cube ?

[ZeroZenith]

From the readme:
If at all possible, boot THL on a laptop & disconnect all external
cables, including the power & mouse. Turn off nearby
radios, including cell phones and microwaves. Put yourself
and the computer in a well grounded opaque copper cube. Download
your tinfoil hat plans from http://zapatopi.net/afdb.html.
Boot the floppy....

Where can I get well grounded opaque copper cube? Can't find any on ebay.

Re:Copper cube ?

[cduffy]

Where can I get well grounded opaque copper cube?

The NSA has a big one -- but I don't think they'll share.

For the paranoid?

[FortKnox]

Yeah, your distro might be secure, but the illuminati can watch you type, and can enter your hardware. It'll just be a matter of time until they can read the software indirectly.

Do what I do. Compute ONLY in your head! They'll never get that data!!

Oh shit... the orderly is comi...

Re:For the paranoid?

[gnovos]

Yeah, your distro might be secure, but the illuminati can watch you type, and can enter your hardware. It'll just be a matter of time until they can read the software indirectly.

Um, I think you are forgetting something... The Illuminati are the ones BEAMING THE THOUGHTS TELEPATHICALLY INTO YOUR HEAD, so they don't need to watch what you type, they are already know it!

Re:Hoax

[JabberWokky]

Considering that he distributed floppies of this at codecon, you're wrong.

It's rather tongue-in-cheek, and more of a tech demo of what can be done than a useful configuration, but it sure has loads of nifty ideas.

--
Evan

You need instructions?

[Chris+Burke]

Just surround your computer with a cage made of chicken wire.

The problem is that as soon as you have to connect to the world outside (like through a network cable... or a power cord) you break the cage, and you've pretty much defeated the whole purpose.

And don't tell me about the incredibly tiny radiation leakage from your monitor carried by the power cord! The Illuminati can still read it!

Re:You need instructions?

[Chris+Burke]

WAIT! I have just received the instructions via
my tinfoil head mounted satellite dish!
Never mind............

Sorry. I'd assumed you'd already had the instructions downloaded into your head. I got mine yesterday...

Re:You need instructions?

[gnovos]

The problem is that as soon as you have to connect to the world outside (like through a network cable... or a power cord) you break the cage, and you've pretty much defeated the whole purpose.

You aren't using microwave lasers to send power to and from your monitor through the cage? And you call yourself a paranoid nutball? You should be ashamed!

Coka? Cola?

[Graymalkin]

So..does it come with TEMPEST-proof console fonts too? I think that would be the big todo for the really paranoid (aside from coming with a foldout F cage). Highly anti-aliased fonts work decently (in theory) thrwarting VE screen captures but if you're running soley in the console I would think you're at a decent risk of having your data captured considering the regularity of the screen and the unique shaping of console fonts. A little off topic but I was wondering if one could impliment a Matrix style command shell where white space was replaced on screen from /dev/rand in a light font like light grey and then when you type the letters would either be dark grey or white to distinguish them from the random letter replacing white space. While somewhat hard to read it would cause so much static VE screen captures which of crappy monitors can be done with a slightly hacked AM radio, would be pretty difficult to make out. It would just be cool to make a shell that just did that to begin with. Pop open a terminal and have it look super funky would make a pretty badass shell theme.

Re:Coka? Cola?

[swb]

From the description of "video-game style selection" I was assuming that instead of typing, they'd put an (ascii-)graphical collection of letters and numbers on the screen, in a random pattern, that you would click on. Since no real text characters were written to the screen, the character-replacements are in random places on the screen each time you use it (annoying as shit for repetition) it would be tough to guess from afar what you were clicking on.

Re:Coka? Cola?

[Graymalkin]

There's two problems with the picture click password schemes. Both methods are susceptible to keystroke logging programs as the authentication module is going to have entry and exit points which means they can be monitored. The second problem is specifically with choosing icons as a password. There's a definite feasible number of icons you can fit on a screen and have people be able to distinguish, this limiting factor affects your ability to have a complex enough password so that it can't be easily guessed. With a typed ASCII password you've got 2^128*n password combinations (where n is the number of symbols in your password), with an iconic password you've only got y^n password combinations (where y in the total number of icons which is limited to how many can be displayed on the screen at once). You could have as many icons as ASCII characters I suppose but that would be difficult for many people to cope with. Any two similar icons would cause confusion in users. If you remember an icon by general visual cues you might end up screwed over if multiple icons had the same cues with slightly varying colours or something. This is an Roman alphabet reading American point of view though, Asian readers probably think I'm retarded because my alphabet has less than 3000 characters.

Re:Coka? Cola?

[swb]

I was asssuming that the "icons" would actually be somewhat representative of the characters displayed. If you can't fit the full alphabet on the screen at once, make it scrollable. I would however randomly position the character/icons on the screen so that the x,y coords of a click wouldn't be translatable into a specific character by coordinate.

Any system securable enough is also going to be so unusable from a get-shit-done perspective that criticizing some security feature as "difficult to cope with" implies that security breaches are easy to cope with.

Re:Coka? Cola?

[Zerth]

Why would you limit yourself to how many can fit on one screen? Take the video game idea, run with it and have many, many icons over an area larger than the screen and you have to chase them down(pun intended).

Re:Coka? Cola?

[jgerman]

I would however randomly position the character/icons on the screen so that the x,y coords of a click wouldn't be translatable into a specific character by coordinate

That's going to make it awfully difficult to enter a password isn't if there's no way to map a click to a symbol :)

Re:Coka? Cola?

[swb]

No, you can map a click to a symbol, but there's no guarantee that the symbol for "A" will appear in the upper left corner of the display the next time its entered. The character positions are randomized each time the symbol matrix is displayed. To be truly user hostile and spy hostile, randomize the display each time a character is clicked so that even "AAAA" will appear to be a bunch a different characters since the icon location would change every time its clicked.

Re:Coka? Cola?

[Graymalkin]

The video game idea is still iconic, if you run around selecting the proper icon (eg. character model standing around) you're still limited by the number of character models you've got available and the number of them you've got to select. The only real benefit iconic password schemes have over is it is sort of difficult to use a wetware exploit by watching over someone's shoulder or spying on what they type on the keyboard. I can still attack the password conventionally and with a limited set of icons it would be fairly quick work to search through the possible keyspace for the correct password. That's what I'm getting at here. Iconic video game passwords only add complexity to an already complex system for a user. Sure remebering to click a white rabit model and then a japanese schoolgirl model and then a red suited super hero model might be easy to remember but the interface is going to suck and far too much time is going to be wasted jumping through those hoops.

Re:Coka? Cola?

[Graymalkin]

That would work only so far as to disgruntle both the intended user and unintended user. If it took me a minute to type in my username and password how often do you think I would do it? Would I maybe leave myself logged in when I got up to take a walk or to get a drink? That'd set me up for a whole new security mess. It's been shown that difficult to use authentication schemes are far too often left unused simply because users are too lazy (even the security conscious). This of course makes you question your paranoia level. If you wanted to impliment this sort of thing on your system I'd say go for it but if you were my sys admin and I had to hunt for every character of my password you'd end up with a shoe shoved sideways up your ass.

Re:Coka? Cola?

[swb]

But the original specification was to defeat keyboard loggers and to confuse ESCHELON-type listening devices which otherwise might be able to grab the screen (and can be confused by obfuscated color schemes).

I didn't say it was easy, but it would be nearly impossible through remote monitoring to figure out what the fuck was going on, which was the primary goal.

I think'd be a waste of time as a real-world system. Too hard, too complicated.

Re:Coka? Cola?

[Corgha]

With a typed ASCII password you've got 2^128*n password combinations (where n is the number of symbols in your password), with an iconic password you've only got y^n password combinations (where y in the total number of icons which is limited to how many can be displayed on the screen at once).

I think you are confused. The number of combinations of N characters in a character set of size Y is y^n, not 2^y*n (if order is significant and repetition is allowed, both of which are usually the case for passwords). ASCII does not have 2^128 characters; it has 128 (0x00 through 0x7F), but that's not necessarily equivalent to what one can type on a keyboard. If one could type all of them and only all of them on the keyboard, that would allow 128^n passwords of length n.

In any case, even with a relatively modest 80x25 grid (much like a standard DOS or Linux console screen), one can fit 80 * 25 = 2000 symbols on the screen, giving 2000^n possible combinations, provided one can come up with 2000 easily distinguishable symbols (well, the Chinese have done it) and display them in a resolution at which they could be distinguished.

If one just wanted to display 128 characters, one could use an 8 x 16 grid. That is hardly a challenge. Then the user can select whatever ASCII characters he/she wants to select in whatever order he/she wants to select them, again yielding 128^n possible passwords of length n.

Re:Coka? Cola?

[Kanasta]

Yes

But what would you do once you become blind trying to read your own screen?

Re:Coka? Cola?

[Graymalkin]

I'm not really sure even a iconic password is going to be secure from key loggers as they can just as easily monitor mouse click events as they can monitor keyboard click events. A slightly sophisticated trojan could easily so screen captures and correlate them with mouseclicks or key presses. Remember Back Orifice, it was basically remote desktop mirroring with a remote control function. The infiltration of a system inserting a slightly perverted system service the user wouldn't notice would be pretty effective at stealing passwords. Whether you're clicking icons in a 3D game or typing them. Maybe though you could make a self contained system consisting of an infrared camera and IR lighting to track the focus of someone's eyeballs. They would just focus on the icon and click a button to select it, after all the icons were selected it could send a hash of your password to the system for verification. At least then snoopers would have to get REALLY sophisticated to figure out what your password was, at least replace your camerawith an uber-hacked version.

Re:Coka? Cola?

[Graymalkin]

Security problem solved, no one can snoop your password if you can't type it in anymore. Unless of course they phreak your brain with a PET scanner or crush your balls in a walnut cracker until you tell them. Methods to circumvent either wetware attack is an exercise for the reader.

White glove Linux

[ajaygautam]

White Glove Linux is another similar distro. Ajay

Fired for Playing Games?

[MattRog]

I can see it now:

PHB: Johnson! Are you playing space-invaders again?

Johnson: :amidst the beeping and explosions: No, I'm logging into my Linux box!

PHB: Oh.. Can I get one for my system, too? That looks fun!

/.'d already - Google to the rescue

[h2so4]

Google's Cache of the page

Re:Hoax

[HCase]

I think people managed to miss the humor in your claiming the "tin hat" story to be a hoax.... i laughed though. For anyone confused, the writer of the post most likely had to rest his own tin hat to write it. didncha?

Bootable cdroms

[rangerx]

Instead of a floppy, why not use a cdrom? It can hold alot more, has faster load times, and many other features.
PLAC - Portable Linux Auditing CD

LNX-BBC

LBT

Mark McGuire

[sharkey]

But does it keep Major League Baseball from spying on us from space?

Re:Mark McGuire

[MattRog]

Nothing can keep the MLB out of your life. By the way, here's an autographed baseball bat.

Re:Mark McGuire

[sharkey]

Sigh. Not even a tank, I suppose.

Re:Mark McGuire

[Snap+E+Tom]

We can keep discussing Linux thing, but wouldn't you rather watch me hit some dingers?

Re:Mark McGuire

[rsteele19]

ok, I don't get it. What's the reference here?

Re:Mark McGuire

[sharkey]

At least from me, anyways.

Re:Tinfoil Hats

[heliocentric]

A) Your linkage is bad, you mean to go http://zapatopi.net/afdb.html

B) The real link to the zapatopi page returned this message to me: "Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."

C) The link in question is also on the bottom of the main story page (ie, the Tinfoil Hat Linux).

D) The site at zapatopi has a discussion about Tin vs. Aluminum as well as which direction you should point the shinny side.

Another safety feature ...

[A+nonymous+Coward]

Slashdot your box, then nothing gets in or out.

I'm confused by the Tin Foil Hat Link

[Desperado]

The writeup has a link to Tin Foil Hat which is really a rant on how Liberals and Democrats are insane and cites the Presidential election of 2000 as proof.

It seems to me that Liberals and Democrats have historically been supporters of an Individual's right to privacy. Which is what this Linux distro. aims to provide. So why put in an inflamatory reference like this?

Could that link be the best explanation of the origin of the "Tin Foil Hat"? I shure hope it isn't.

Re:I'm confused by the Tin Foil Hat Link

[connorbd]

Yeah... the first half of the piece was good reading, but the second half... Knee-jerk conservatism. The problem with conservatives is that they scoff before thinking about it.

As for the election -- both sides tried to steal it. The Republicans succeeded, and Gore botched it (he'd have lost when he should have won if they'd done it his way). But that's a debate for another day (a year ago).

/Brian

Re:I'm confused by the Tin Foil Hat Link

[JCCyC]

Ask Mr. Keller (the author of the rant) if maybe he's guilty of tinfoilhatism too. But be sure to have two bulky male nurses between you and him.

Re:I'm confused by the Tin Foil Hat Link

[Rick+the+Red]

The only people who would call Bill Clinton a "Liberal" are Republicans on the far Right (am I being redundant? I don't think so). I tend to vote Democrat (when there isn't a Libertarian on the ballot) and FWIW I certainly don't consider him very Liberal. The only real difference between the Democrats and the Republicans is who's money they're pocketing (and, lately, the answer on both sides has been "Micro$oft's").

Re:I'm confused by the Tin Foil Hat Link

[cduffy]

Neither major party has historically been a supporter of the individual's right to privacy. Democrats have historically been more concerned with effective law enforcement than individual privacy. Look at Truman's role with the CIA or Roosevelt's founding of the FBI -- and both were Democrats. See Clinton's emnity towards public availability of strong crypto, or just see http://www.spintechmag.com/9911/ma1199.htm for another take.

The Libertarian party is the only political party I know of that takes a consistant, strong view on defending individual privacy rights.

Re:Free bundled DVDs?

sorry, but The Net should not come bundled with anything. If you want something to be paraniod about, it is the fact that sandra bullock still gets to make movies after that piece of crap.

Re:say what?

[autocracy]

Try again. Passphrase not entered directly by typing. Enjoy!

Wierd Error

[autocracy]

Anybody else find this: "INVALID DNS SERVERS CONFIGURED AT CLIENT." on the site? Seems that there front page prints that, and anything else just shows up as not being there. A move to duck the Slashdotting?

If *I* were the Illuminati

[BranMan]

I'd just put the spy code in the Bios. What else is distributed on every computer, and run every time they boot?

BWAHAAAAAHAAAA

Re:If *I* were the Illuminati

[angst_ridden_hipster]

What else is distributed on every computer, and run every time they boot?

Uh... Memory chips? Realtime clock chips? Capacitors and resistors and power supplies?

Interesting side links..

[Lumpy]

follow to the diceware link off of the main page. pretty neat idea except for this ....
Recently, she wanted to give her Internet password to her husband so that he could get on line. However, she still wanted to be
able to exchange private messages with me that he would not be able to read. I, of course, introduced her to PGP.

Sorry, why the hell was that woman married? sorry but if you cant trust your spouse then you need to not be married, not ever get married, and probably even stop dating for that matter.

Re:Interesting side links..

[david+duncan+scott]

Planning a surprise party?

Seriously, though, maybe she (gasp!) married the wrong guy! Maybe they should get divorced.

Maybe he was a nice guy, once, and then he changed. It happens.

Re:Interesting side links..

[Rick+the+Red]

The better question is "Why would they share the same email account?"

There are lots of things I might email my sister that I wouldn't want my wife to see (such as "what do you think I should get her for our anniversary?")

Tempest fonts

[morcheeba]

A nice addition would be tempest-resistant fonts! Here's a great article on tempest about tempest & creating fonts that are unreadable. Basically, the tempest setup only picks up the upper 30% of the frequency range, so this font has those components filtered out. But, the cool thing is that you can superimpose a (low amplitude) high-frequency pattern that isn't very visible to the user, but is visible to the tempest receiver. A whole fake Win98 screen transmitted? Here's the slide presentation for the above article (if you just want to look at the pretty pictures)

Re:Hoax

[Tackhead]

> FAQ:
>[...]
>Q: Why doesn't the floppy I got at codecon match the signature above?
> A: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56

Hah! A likely story!

As if I'm gonna trust that They(tm) didn't h4x0r Slashdot and change the MD5sum in CitznFish's FAQ repost to the MD5sum for Magic Lantern Linux!

(For the record, I wear mine shiny side out. Shiny-side-in folks are nuts or part of the Conspiracy. Though I suppose I could transmit messages by switching back and forth between shiny-side-out and shiny-side in on a daily basis. Bandwidth would kinda suck, though. ;-)

http://www.linuxfromscratch.org/

[corebreech]

The tinfoil hat only serves to deliver a false sense of security.

To be truly secure, you need to build your own distribution. You need to understand what is being put on your system, and why. You need to be able to verify that the program that says it edits streams really does that, and does it without any funny business.

I ***know*** what it running on my system. I know this because I built the binaries myself. I know this because I can look at the source code and see what it does. This is the most beautiful feature of open source; the ability to let tinfoil hat wearers like myself have near-total assurance that our systems are running only the code we want them to run.

You don't get to say that if you're running Red Hat or Suse, or Windows or Mac. How do you know that any of these companies haven't been approached by the Feds and forced to include code that compromises your security and privacy?

Admittedly, it's going to be some time before I get to running KDE or Gnome. Of course, I can always install a standard distribution and see what is available today. But I appreciate the ability not to have to trust one of these distributions with my personal data, or my source code.

Actually, I'm still not to the point where I can run XFree86 yet, but EMACS using SVGATextMode on new hardware is so obscenely fast, why should I care? Except when I want to look at naked women.

That's why I have a Mac.

Re:http://www.linuxfromscratch.org/

[autocracy]

Where are you stuck? As soon as I get through the book and the system is usable, X is one step away. And KDE is compilation of QT and a few KDE packages. Feel free to post to the list for help here or e-mail me... (note: I'm only on the blfs-support list!)

Re:http://www.linuxfromscratch.org/

[GGardner]

What about the compilers? Are you sure they aren't inserting any funny business into the binary code?

While we're at it, what about the CPU, and other support chips? Have you inspected the VHDL?

Re:http://www.linuxfromscratch.org/

[Ratbert42]

But how did you build your binaries? You really should read this before you trust a compiler that you didn't bootstrap yourself.

Re:http://www.linuxfromscratch.org/

[corebreech]

It ain't that I'm stuck. It's only that I don't want to install packages that I'm not prepared to fully understand.

No doubt most of the new stuff available today only needs a ./configure and a make install, and there it is, on your disk.

But in my mind that's no different than installing using somebody else's distribution.

I should fess up and say that I don't always use my installation, but that's mostly because my paycheck demands I use other code.

That doesn't change my lust for a system I can understand, down to the statement, and one that I have complete control over. I'm sure that a lot of you who've been with Linux forever you've acquired a sense for this a long time ago; I'm kind of new to the OS though, I've only been using it for a couple of years.

It's biggest attraction for me is that I get to be anal about learning it. Taking it one step at a time, and leaving nothing to chance.

So what if I don't have windows! Most everything I end up doing on the Mac or on Windows is all text-based anyways. Look at the interface for Visual C or Codewarrior on the Mac and tell me exactly what I'm missing when using something like EMACS on a screen that has a resolution of over 200 characters across.

Pretty colors? Alpha-blending? Anti-aliased fonts? It's all shit! It makes everything go slower, while making me put my nose up to the monitor so I can see what the fuck is going on!

Why do I need that?

Re:http://www.linuxfromscratch.org/

[Lionel+Hutts]

Absolutely. For those who haven't read it, "Reflections on Trusting Trust" is Ken Thompson's story of the greatest hack of all time: changing a compiler so that it not only created a backdoor whenever compiling login.c, but so that the modification persisted when the modified compiler was applied to the source of a standard C compiler. There's just no easy way to do without trusting anyone at all.

Re:http://www.linuxfromscratch.org/

[autocracy]

Words of the wise there. I've done the same thing. I'm getting ready to try mass-rolling this thing out in a corporate style environment. My experience is that the first time, you are better off just doing it so that you can. Then scrap it and do it "perfect" the next time. More effort to be used this way, but I found it easier. Regardles...

Re:http://www.linuxfromscratch.org/

[Laplace]

You want to look at naked women on your terminal? Try using the aalib (ascii art library). It does an outstanding job of converting graphics files to ascii output.

Re:http://www.linuxfromscratch.org/

[corebreech]

Note that I said "near-total assurance".

I have a lot of faith in you guys, even though I realize that when the gcc source is broadcast that not everybody reads through every single expression.

But we're all single-stepping through the code it produces at some point.

I've seen people reporting compiler bugs that makes you wonder just what the fuck these people are doing. When you read the back-and-forth between the people who use the compilers and those who write them it's pretty clear who's on top.

Plus, there's Codewarrior, and Borland (is that right?) and there's always the archived compilers to compare against.

In short, it's all out there in the open, and there are like at least ten million eyeballs on the case.

I'm willing to risk letting the compiler prove me to be the fool.

Re:http://www.linuxfromscratch.org/

[corebreech]

Yes!

Er, no!

Um, sort of.

glibc, gcc, emacs, gawk... there is some non-trivial code here, I'm not sure I'll ever understand gcc completely, for instance, but the others over time I'm sure I will learn.

This is why I haven't moved to XFree86 yet. It's going to be some time before I'm comfortable with even the few components contained within the basic linuxfromscratch distro.

I'm not committing myself to *understanding* it all, as much as I am being *comfortable* with it. In other words, if there's a program that has had its source out there for over ten years, and I can inspect all the patches made to it over that time, and see that nothing funky was inserted while at the same time noticing that none of you guys found anything funky with the code, well... where I come from that's good code.

You know, it's not like the effort to understand this code is a waste. There's a lot I've learned from even the simplest programs here.

Also, one of the things to remember when perusing this code is that the ratio of dangerous code to harmless code is fairly low. Which is to say, you don't need to spend a lot of time looking at whether somebody's pointer arithmetic is correct, but you do need to take a close look at the system calls, like when files are being played with.

I figure in another couple of years I'll have this shit down cold. Maybe to some it seems like I'm mastering the obvious... I see it more as building a sturdy foundation.

To each his own.

Re:http://www.linuxfromscratch.org/

[GGardner]

I suppose that is reasonable. How many security problems have you found in your audit?

Re:http://www.linuxfromscratch.org/

[corebreech]

None.

Then again, the software contained in the stock LFS system is pretty minimal, and has been around forever.

The other thing I should mention is that at some point I want to put some machines on the Net and I am convinced that the best way to achieve security is through simplicity. By building your own system you know very well what is and isn't running on it.

Re:say what?

[FrostyWheaton]

I dont see how software will help you get around this

It gets around this by not allowing users to input their passwords by using the letters on the keyboard. They use something similar to the arcade "Insert your name here:" interface where you move a cursor up and down to select the letters/numbers/symbols/spaces. It would probably start at a random place in the sequence too, so that the keylogger's capture of up x 15 down x 27 etc. is rendered useless.

Re:say what?

[LMCBoy]

As I understand it, that's where the "video game" interface comes in. It displays all the letters of the alphabet on screen, and you "type" your passphrase using the mouse, naver touching the keyboard.

The keylogger will get all your other keystrokes, but not your GPG passphrase...maybe the onscreen keyboard can be invoked at other times too.

Even easier: LCD (was: Tempest fonts)

[dstone]

Operator: Main LCD turn on
Cat: All my fonts are not belong to Tempest
Captain: What you say!!
Captain: You know what you doing

Another option

[the_rev_matt]

KRUD (http://www.tummy.com/krud) is another great secure option. A hardened Red Hat, comes out every month with all security updates/patches/etc. It's put together by Kevin Fenzi (author of the Security HOW-TO).

Re:Faraday cage????

[Chris+Burke]

Not true. That's why Faraday Cages are the primary way to reduce EM emissions... That's what your PCs case is doing, and the metal case on your microwave.

Re:UberSecureLinux (and wireless)

[McFly777]

Wireless networking in USL is quite simple, it only requires that you compile libpenandpaper-1.0, and exchange messages using the HandToHand networking model.

No No No! ... The HandtoHand protocol is succeptable to a "man in the middle" attack. Even worse, if you don't properly install the BicLighter module it can be subject to a DOS (Dumpster OutSide) attack.

Re:Faraday cage????

[VikingBerserker]

to prevent someone from detecting your computer using a faraday cage, you'd need to put THEM inside a cage...

...or you can install this on a computer built to Tempest specs (http://www.eskimo.com/~joelm/xtempestsource.html) . Not only are these systems shielded with various metals in places (lead's a good choice), but some circuitry is reconfigured to make emissions less likely to be decoded remotely.

The main use for such hardware is for spyproofing your data. The business was booming around Desert Storm, but pretty much dried up after that. Apparently the Government figured they'd never need machines faster than 386's.

Say What?

[clump]

Like I'm going to trust *them* to secure my Linux box.

So you not only make your own distribution, but you make your own userland tools? Unless yes to the above, your trusting someone.

You gotta love...

[Jon+Abbott]

...the reference he gave for a keylogger:

http://www.keyghost.com is an example of a tiny & cheap hardware logger.

The price of Keyghost Keylogger: $999.

Re:You gotta love...

[Jon+Abbott]

I noticed that immediately after posting (doesn't it always work that way?). Still, at $200, it's a far cry from cheap.

Re:Hoax

[Russ+Steffen]

But, how can you be sure your tin wasn't pre-tained? Do you mine the tin yourself? The Reynolds people have great influence over those who provide tin. And, if you're thinking of switching to aluminum, forget it. The Alcoa people are iluminati as well.

In PDF format?

[isotope23]

Yep, just got them in PDF, format!

Paranoid
Delusional
Freak

HA HA!

I'm late I'm Late for a very important date
no thorazine and so I cry, I'm late I'm late I'm Late!

Alright Ill bite, this is cooler, from their links

[CDWert]

http://www.erikyyy.de/tempest/

Ive heard about scavenging screenshots from computers a couple hundred feet away using the EM signal, but had serious questions on how easy this was.

The above link does it in reverse plays MP3's through your MONITOR as an antenna !!!

Now, that said, I have more of a belief in a tempest like system, guess its time to get my copy of tinfiol linux

Re:Hoax

[Tackhead]

> But, how can you be sure your tin wasn't pre-tained? Do you mine the tin yourself? The Reynolds people have great influence over those who provide tin. And, if you're thinking of switching to aluminum, forget it. The Alcoa people are iluminati as well.

Yeah, but look at the front page of www.alcoa.com! You'll see "Reynolds Wrap" right there. Alcoa's taken over everything!

I was gonna say they were aluminati as opposed to illuminati (there's a difference, believe you me!), but then I saw Alcoa's corporate logo, and realized that it's nothing more than a stylized eye-in-the-pyramid.

Then I went to the Reynolds site. The aluminum starts out in Hot Springs, Arkanasa (Bill Clinton's home state!) Then, according to the site, the 30,000-pound aluminum coils that make Reynolds Wrap are turned into aluminum foil in two locations: Louisville, Kentucky and Richmond, Virginia. That's right! Richmond, VA! A stone's throw from CIA headquarters in Langley!

All that's left is to explain what the CIA is doing in fnord Louisville. It's all a conspiracy, I tell you, all a conspiracy! A great big giant conspir$^&}}!{!NO CARRIER.

What about monitor companies?

[sean23007]

turning the contrast of your screen down to foil prying eyes and cameras

So basically, you're going back to the old days. If monitors keep getting better and better, we'll have to make the OS interface worse and worse to compensate. Then maybe monitor manufacturing companies, when they see that demand for their new products is through the floor, perhaps they will stop advancing their technology. And when that happens, we can all blame the halt in technological advancement on Microsoft's anticompetitive business practices!

Everyone use Tinfoil Hat Linux! Surely it is the key to defeating Microsoft!

If I was using this...

[msouth]

...I would never tell _you_. Go away! Why are you reading this, anyway? Are you trackin everything I post on the net? Don't I recognize you from behind the newspaper at the coffe shop?

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

I'm the author of this program. It was intended as a clever

give away at code-con, but it should also be useful for other

people who carry their keys on floppy disks.

I hadn't intended a widespread distribution until I could put the kernel config

up & get a bunch of signatures on the signing key .

Oh well.

In response to slashdot and the email flooding in:

The key will be up on keyservers shortly (if it isn't already. )

signatures to follow in the next few days. There isn't any TCP/IP

or network on this distribution, I'm not a christian redneck, keyghost

used to be cheaper, I can't fit tempest fonts on, since the console

is only greyscale. Direct FB fonts would be the answer, but I didn't do it.

And the "video game style" entry is clumsy, since I didn't want to re-invent

curses. It's all free if you want to improve it.

And now I'm about to get on a plane and be out of communication for a while

;-)

Slashcode is certain to break the signature, but here goes:

Anonymous

~

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.0.6 (GNU/Linux)

Comment: For info see http://www.gnupg.org

iD8DBQE8csA+Fr26O2gKKPMRAp79AJ9/Ej1GyB2lnIxEPv2x Tq /MvKzBdACgg++K

uYFX2VCz3Bq9BPuv8kLGCQM=

=6oTm

-----END PGP SIGNATURE-----

Re:Free bundled DVDs?

[GigsVT]

I think you misspelled some of those movie titles:

Sneakers
Antitrust
Wargames
1984 (Yeah OK, the book is a lot better than the movie)
The Conversation

:)

Re:defeating keystroke loggers

[GigsVT]

I guess you would have to modify all your auth programs to look for that rhythm?

That won't work very well for a network login, TCP will packetize keys that are sent close to each other, throwing you off. I won't even attempt to think about how that work work over satellite, when I ssh, I usually type fast enough so that my keystrokes all get sent at once (the satellite has special proxy software that assumedly avoids sending lots of little packets).

it IS cheap

[wunderhorn1]

Well, obviously if you're a student operating on a typical student's budget, $1K is a lot to spend on compromising your roommate's box.

But to even the smallest corporation or local government, a thousand dollars is pocket change, particularly when you consider the value of the information that could be gained with such a device.

(and as the other poster pointed out, they're actually only $200, which does make it a viable option for getting at your roommate's pr0n (assuming you aren't clever enough to find a cheaper alternative))

Re:Say What?

[joto]

Well, you'd better write your own kernel as well. Come to think about, what is stored in the microcode for the P6? Better make your own computer...