Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure, Portable, Virtual Privacy Machine

Posted by michael on from the zero-knowledge-tried-and-failed dept.

solcity writes "Looks like an online privacy company, Metropipe, are planning to release a secure linux virtual privacy machine that runs from a USB stick. The image contains a pre-release of their new 'Metropipe Tunneler' product and also contains Firefox, and Thunderbird with the Enigmail/gpg extension. Looks like the whole thing is based on damnsmalllinux and uses qemu to boot on Windows or Linux without any installation or configuration. Very interesting use of qemu and damnsmalllinux, and all 100% GPL."

16 of 168 comments (clear)

  1. Trust is the Key Word by ifreakshow · · Score: 5, Interesting

    Basically a USB hard-drive that auto configs ssh and your browser so novice users can access proxyies.
    A very cool idea but only "secure" if you trust the company. They say they don't keep logs, but you never know. Also a yearly fee with a limit on transfer.

  2. Re:miscategorized by daxxar · · Score: 2, Interesting

    Heh, you don't find this useful?
    I find any gadget which enables me to boot a decent Linux distro useful ('decent' being relative), if it can increase your privacy it's just an added treat.

    Signed email is pretty handy, and setting up that stuff is a bit tiresome if you have to do it for *each* workstation you come to.

    I'm assuming you can 'preconfigure' it, or atleast that it stores your settings? (in contrast to your average LiveCD)

    --
    Kindest regards, daxxar.
  3. Not all GPL... by non-poster · · Score: 4, Interesting

    The ./ story, as well as the link (Portable Virtual Privacy Machine), say that it's 100% GPL, but at least the Mozilla parts (Firefox and Thunderbird) are under the Netscape Public License.

    Should I believe anything else these folks say?

  4. Isn't this an LFC spinoff? by Anonymous Coward · · Score: 1, Interesting

    DMT, LESE, Orlingrabbe.com, et.al?

  5. Re:Who's privacy? by theManInTheYellowHat · · Score: 2, Interesting

    It would only work if the person was logged in and had access to the USB ports (which I understand some places are locking down now).

    I don't believe that you can get a program to run at the login splash screen.

    So shame on them for leaving their computer logged in.

  6. Can be subverted by Anonymous Coward · · Score: 1, Interesting

    Didn't somebody prove a while back that virtual machines could be subverted by flipping a few bits in memory? As I recall, it was a story on Slashdot a year or more ago. Anybody remember that?

    1. Re:Can be subverted by pkhuong · · Score: 2, Interesting

      IIRC, it doesn't apply here. The research was made on the JVM, showing that its security was vulnerable to gamma rays, etc, which isn't a big surprise. I'd expect the same for any other program. However, they also managed to craft their program in such a way to basically escalate the program's (class?) privilege level reliably. QEMU has different goals than JVM's security, and it being vulnerable to mutated data isn't more critical for it than any other program. You might be referring to another study. though; that's all IIRC.

      --
      Try Corewar @ www.koth.org - rec.games.corewar
  7. Oh, man ... by gstoddart · · Score: 3, Interesting
    Secure, Portable, Virtual Privacy Machine


    I'm reading that headline thinking I finally have a cone of silence with tinted windows I can carry around, and it's just same dorky VM. ;-P

    Sheesh. Next you'll tell me I still don't get my flying car and robot sex-slave^H^H^H^H^H^H^H^H^Hmaid any time soon.

    =)
    --
    Lost at C:>. Found at C.
  8. Life span? by Remlik · · Score: 4, Interesting

    I thought USB type keys were limited to 100k writes before failure. How many times or how long can you use this device before wearing out the key?

    --
    Apple free since 1990!
  9. hail open source! hail freedom! by museumpeace · · Score: 4, Interesting

    Good bye Carnivore?
    James bond wants one of these. The FBI, when they finally figure out what this is, will want it banned. I have dreamed of doing something like this with an applet but this is much slicker and more powerful.
    Next questions, can I tunnel through with VOIP? How "special" does my correspondent/recipient have to be for the trail for eavesdroppers to go cold on both ends of the connection?

    --
    SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
  10. Re:And yet... by garcia · · Score: 3, Interesting

    From the README.TXT
    +++WARNING+++
    -------------
    This is a technology preview and comes with NO SUPPORT, NO WARRANTY
    and NO GUARANTEE for any purpose.

    Windows Instructions:
    Double click on 'boot-win.bat'

    Linux Instructions:
    run 'boot-linux.bat' from the command line

    Now what I find funny is that boot-win.bat doesn't exist and I believe what they meant was qemu-win.bat.

    I just can't trust my data to a piece of software that claims no responsibility and doesn't even have the correct filename in a 491 byte README.TXT.

    I'll stick w/my current methods TYVM.

  11. Waaaaaait. by cbiffle · · Score: 4, Interesting

    Okay, lemme get this straight.

    You take this USB key and plug it into an untrusted machine (since, if you had a trusted machine, you wouldn't have to go through these hoops). It fires up a virtualized PC that runs Linux and lets you get out to the web using an encrypted proxy.

    I fail to see the utility of this. You're running QEMU on the host. If the host is compromised (and it's best to assume that any untrusted host is), it has full access to your keystrokes, I/O, and the entire memory image of your system.

    Good crypto software for Unix makes sure to prevent its sensitive data from going out to swap by negotiating with the virtual memory system. This keeps your passphrases and keys from showing up in a swapfile if the machine is compromised. This type of system has no control over that -- if the host decides to swap the emulator out, foom! your entire system image is now on disk. A disk you don't trust.

    Not to mention that processes on the host could simply read through your memory in real time.

    So, in short, an untrusted computer is still an untrusted computer. While this sounds useful for encrypting one's network connections, it seems like an awfully complex solution to reinvent the concept of a VPN.

    1. Re:Waaaaaait. by Ifni · · Score: 2, Interesting

      The simple answer as to what utility this has is that it solves a number of issues all at the same time.
      First, all of your settings are immediately available - your bookmarks, your cookies, your saved emails, etc, on any computer anywhere without any complicated configuration.
      Second, it is very portable - much moreso that a laptop. And as they say, you don't have to demonstrate that it isn't a bomb to the airport security guard.
      Thirdly, it leaves no lasting record of your activities on the host machine. Yes, if the machine is compromized with memory scanners and key loggers and remote viewing applications (oh my!), this provides no appreciable increase in security. But if you go to your local library's computer you don't have to remember to clear the browser cache, you don't have to be restricted by their web filter, and you don't have to configure their mail client to check your pop3 account (and remember to have it not delete messages it checks for fear of wanting to keep a message that you have now deleted from the server when you checked your mail account). So, for a computer that you have a reasonable level of assurance that it is not compromized, this provides some nice utility.
      Plus, this gives you a portable version of Linux that you can use even if surrounded by Windows machines, and it fits in your pocket more conveniently than a CD. It provides a significant amount of utility in a small, portable package.
      Is it perfect? No. Is it circumventable? Yes. Should you rely on it explicitly? No. But if you don't know what layered security is, this is STILL a better solution than none at all.
      My question is whether or not the QEMU image is encrypted or not, should I lose my USB key and it end up in the wrong hands.
      If you want a solution that is more resistant to the vagaries of untrusted machines, boot the computer off of your own Knoppix CD, then run this from a terminal window. You have eliminated the possibility of any spyware in the machine compromizing your session, and you still have a nice modifiable virtual playground to keep all of your passwords, cookies, email messages, etc. Just be sure to make sure no one is looking over your shoulder and that there are no hardware keyloggers hooked up to the machine.
      For me, it can provide a convenient way to keep commonly used data available to me whether I am on my work laptop (which I have complete control over) or my home computer (which I also have complete control over). That is why I bought the USB key in the first place - to move data back and forth between these two computers and keep some commonly used software/documents available when working on client computers. This just makes parts of that easier.

      --

      Oh, was that my outside voice?

  12. Re:Who's privacy? by general_re · · Score: 2, Interesting
    Stick one of these into someone else's laptop and don't you circumvent the default OS thereby having full access to their filesystem?

    Go into the BIOS settings, set a boot password, and then disable USB boot devices. No, it's not totally impenetrable, but it's better than nothing - at least your attacker will be forced to haul out a screwdriver. And for laptops, probably a soldering iron too, which sort of obviates a quick hit-and-run attack while you're away from your desk ;)

    --
    ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
  13. Complications- by Commander+Trollco · · Score: 1, Interesting

    Unfortunately, that flash fob is of very limited lifespan.

    The limitation on the number of writes to a particular area of memory has been known since flash memory first started to appear. Most devices or drivers should account for the issue by either rotating writes to avoid overusing one particular region or by remapping failing sections into other areas. Remapping failing areas will cause the available capacity of formatted flash devices to gradually shrink, while rotating writes will attempt to keep any areas from wearing out too fast (making it more likely that multiple areas will start to fail around the same time). Someone who's done more looking into this should be able to give a good idea which technique(s) are most widely used.
    Short lifespan translates into disposability; this creates a security problem: what to do with the old drives?

    --
    http://persianews.on.nimp.org/?u=Tar_Baby
  14. Re:Slow as hell by kelnos · · Score: 2, Interesting

    I'm not sure what the point would be of running it using cygwin. The idea here is to run the entire "secure environment" inside the virtual machine that qemu provides. As others have noted, there are still some problems with this approach, but if you're going to run it in cygwin, you might as well just run the normal native apps. Then basically you'd just have a thumb drive with some privacy-related apps (such as thunderbird+enigmail) on it, which you can make in your spare time; no need to have this productised.

    --
    Xfce: Lighter than some, heavier than others. Just right.