Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure, Portable, Virtual Privacy Machine

Posted by michael on from the zero-knowledge-tried-and-failed dept.

solcity writes "Looks like an online privacy company, Metropipe, are planning to release a secure linux virtual privacy machine that runs from a USB stick. The image contains a pre-release of their new 'Metropipe Tunneler' product and also contains Firefox, and Thunderbird with the Enigmail/gpg extension. Looks like the whole thing is based on damnsmalllinux and uses qemu to boot on Windows or Linux without any installation or configuration. Very interesting use of qemu and damnsmalllinux, and all 100% GPL."

28 of 168 comments (clear)

  1. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  2. And yet... by garcia · · Score: 5, Insightful

    And yet I am tunneling through SOMEONE ELSES proxy (which isn't free) to do my "secure" work.

    I'm sorry but I cannot bring myself to trust my cookies, settings, and information to travel over anyone else's network. It's not safe unless *I* am the one controlling the proxy and the tunnel between the two.

    SSH, Putty (for Windows users), and squid on your own machine is what I use. Yeah, you still can't avoid keyloggers and the like but at least you know that you are controlling what is being logged and where.

    1. Re:And yet... by garcia · · Score: 3, Interesting

      From the README.TXT
      +++WARNING+++
      -------------
      This is a technology preview and comes with NO SUPPORT, NO WARRANTY
      and NO GUARANTEE for any purpose.

      Windows Instructions:
      Double click on 'boot-win.bat'

      Linux Instructions:
      run 'boot-linux.bat' from the command line

      Now what I find funny is that boot-win.bat doesn't exist and I believe what they meant was qemu-win.bat.

      I just can't trust my data to a piece of software that claims no responsibility and doesn't even have the correct filename in a 491 byte README.TXT.

      I'll stick w/my current methods TYVM.

    2. Re:And yet... by 26199 · · Score: 3, Informative

      How to avoid keyloggers

  3. Re:Correction by DigitalRaptor · · Score: 4, Informative

    No, PGP is a commercial, non-GPL'd product.

    They mean GPG, open source software that works in the same way.

    --
    Lose Weight and Feel Great with Isagenix
  4. Re:How big? by Anonymous Coward · · Score: 5, Informative

    The zip is 82MB. Probably want to run this on a 256MB or larger key so you have room to store data as well...

  5. So what's your point? by pavon · · Score: 4, Insightful

    The data on the laptop is insecure. Anyone with physical access to a machine can read the unencrypted data on that machine. It has been that way forever. The existance of this product doesn't make it any less secure than it already was.

    However, the person with this USB fob has increased his security. Thus a net gain in securtity. If you want to be secure you need to take care of yourself. Sticking your head in the ground is not a viable security plan.

    1. Re:So what's your point? by mukund · · Score: 4, Insightful

      Actually you could argue that trusting a method is worse than not trusting it at all. Trusting a unknown key for example, for the sake of security, and sending out private encrypted data protected by it is worse than not trusting the key at all.

      Personally, I think carrying your own laptop around is a far better approach (for what the author is trying to achieve) as you don't have to trust others' computers which may contain software to thwart the security of devices such as this USB key by reading all data off it.

      You could find flaws with what I've said too---good security is not easy.

      --
      Banu
    2. Re:So what's your point? by metlin · · Score: 4, Insightful

      True, but there are situations where having such a tool around would be quite handy.

      The problem is that one cannot always carry one's laptop all the time, wherever they are. Often times, you end up needing your laptop at a time and place when you are least prepared for it -- I'm sure those of us here who need to shuttle all over the place to meet clients have encountered this.

      And besides, the laptop is an insecurity in and of itself. Thieves view it as something that can be stolen, and it is a device that can be physically bugged.

      True, you don't necessarily trust a computer off an airport in Paris. However, using that computer with your safe-toolkit is probably a whole lot safer than using your laptop with a bug in it -- hypohetically, ofcourse :-)

      So, I suppose this is a good security tool. Not the solution to all the problems, but a good tool neverthless.

      Or maybe I'm just being too paranoid. And that black helicopter outside my apartment probably belongs to that hot chick across the street. Who knows! ;)

  6. OK, let's think this through by wowbagger · · Score: 4, Insightful

    OK, let's think this through:

    As I read it, this is a Linux session running in a virtual machine under the host operating system - the idea being that any "sensative" data resides in the virtual session, so the host has no visibility to it.

    Except that the host is providing all the screen and keyboard access, so if the host is comprimised and is running VNC the attacker can see where you are going, and what your password is.

    True, *IF* the password is only the SSH keyphrase for a private key that is only accessible to the virtual machine, then *maybe* it does him no good.

    But since the virtual machine needs to access the media through the (comprimised) host OS, the attacker can copy that data as well.

    It sounds to me like this is just giving you a false sense of security.

    --
    www.eFax.com are spammers
    1. Re:OK, let's think this through by gl4ss · · Score: 3, Insightful

      besides than that..

      you can buy dongles that record keypresses(that go into the cable).

      if it's someone elses computer and you're _really_ paranoid.. then just forget about using it.

      --
      world was created 5 seconds before this post as it is.
  7. Trust is the Key Word by ifreakshow · · Score: 5, Interesting

    Basically a USB hard-drive that auto configs ssh and your browser so novice users can access proxyies.
    A very cool idea but only "secure" if you trust the company. They say they don't keep logs, but you never know. Also a yearly fee with a limit on transfer.

  8. Not all GPL... by non-poster · · Score: 4, Interesting

    The ./ story, as well as the link (Portable Virtual Privacy Machine), say that it's 100% GPL, but at least the Mozilla parts (Firefox and Thunderbird) are under the Netscape Public License.

    Should I believe anything else these folks say?

    1. Re:Not all GPL... by juhaz · · Score: 5, Informative

      The ./ story, as well as the link (Portable Virtual Privacy Machine), say that it's 100% GPL, but at least the Mozilla parts (Firefox and Thunderbird) are under the Netscape Public License.

      Huh? NPL is Gone. Dead. Buried. Mozilla has been (mostly, and the exceptions should be BSD etc. GPL-compatible) LGPL/GPL/MPL tri-licensed for quite a while now, the new licensing policy is over three years old.

  9. Re:Who's privacy? by Ford+Prefect · · Score: 5, Insightful

    If it is using QEMU, then it's just another normal process with the same privileges (or lack thereof) as any other. QEMU's basically a PC emulator, albeit a pretty fast and compatible one.

    There is the risk that processes on the host machine can peer at its memory and fish out the unencrypted data without any way of it knowing - unlikely that someone would develop such a thing, but if you're being paranoid there's always the possibility.

    --
    Tedious Bloggy Stuff - hooray?
  10. Something like the stealthsurfer? by LocoMan · · Score: 3, Informative

    I was reading about something like this on a PC Magazine sometime ago called the stealthsurfer (http://www.stealthsurfer.biz/). I guess it's like this except that this one uses GPL software (stealthsurfer uses a personalized version of netscape 7)

  11. only limited protection by jeif1k · · Score: 5, Insightful

    Such approaches give you only limited protection: if you don't trust the systems you plug into, you may still be subject to key logging, screen recording and other attack.

  12. Nope by RealProgrammer · · Score: 5, Informative

    RTFA: it's run on the qemu emulator. You first boot the host OS, and your qemu session is just a process under that, with no more rights than otherwise.

    If you had a boot CD, now that would a problem. Would I let someone boot my laptop from Knoppix? Not unless I would trust them to sysadmin my laptop :-).

    As the above poster says, security accepted wisdom is that physical control implies vulnerability.

    --
    sigs, as if you care.
  13. Oh, man ... by gstoddart · · Score: 3, Interesting
    Secure, Portable, Virtual Privacy Machine


    I'm reading that headline thinking I finally have a cone of silence with tinted windows I can carry around, and it's just same dorky VM. ;-P

    Sheesh. Next you'll tell me I still don't get my flying car and robot sex-slave^H^H^H^H^H^H^H^H^Hmaid any time soon.

    =)
    --
    Lost at C:>. Found at C.
  14. Life span? by Remlik · · Score: 4, Interesting

    I thought USB type keys were limited to 100k writes before failure. How many times or how long can you use this device before wearing out the key?

    --
    Apple free since 1990!
    1. Re:Life span? by FirstTimeCaller · · Score: 3, Insightful

      How many times or how long can you use this device before wearing out the key?

      Well, if you set up a RAM disk and only store personal settings on the USB key -- then I suspect that it would last for quite some time. If you don't care about saving settings, then you can boot off the key as a read-only media and never write back to it. So I don't think this would be a major concern.

      --
      Wanted: witty unique signature. Must be willing to relocate.
    2. Re:Life span? by Fencepost · · Score: 4, Informative

      The limitation on the number of writes to a particular area of memory has been known since flash memory first started to appear. Most devices or drivers should account for the issue by either rotating writes to avoid overusing one particular region or by remapping failing sections into other areas. Remapping failing areas will cause the available capacity of formatted flash devices to gradually shrink, while rotating writes will attempt to keep any areas from wearing out too fast (making it more likely that multiple areas will start to fail around the same time). Someone who's done more looking into this should be able to give a good idea which technique(s) are most widely used.

      --
      fencepost
      just a little off
  15. hail open source! hail freedom! by museumpeace · · Score: 4, Interesting

    Good bye Carnivore?
    James bond wants one of these. The FBI, when they finally figure out what this is, will want it banned. I have dreamed of doing something like this with an applet but this is much slicker and more powerful.
    Next questions, can I tunnel through with VOIP? How "special" does my correspondent/recipient have to be for the trail for eavesdroppers to go cold on both ends of the connection?

    --
    SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
  16. Re:Nice! by metlin · · Score: 4, Informative

    Well, they've provided a torrent too, which seems quite well seeded for the moment. So, should not be a problem!

  17. Waaaaaait. by cbiffle · · Score: 4, Interesting

    Okay, lemme get this straight.

    You take this USB key and plug it into an untrusted machine (since, if you had a trusted machine, you wouldn't have to go through these hoops). It fires up a virtualized PC that runs Linux and lets you get out to the web using an encrypted proxy.

    I fail to see the utility of this. You're running QEMU on the host. If the host is compromised (and it's best to assume that any untrusted host is), it has full access to your keystrokes, I/O, and the entire memory image of your system.

    Good crypto software for Unix makes sure to prevent its sensitive data from going out to swap by negotiating with the virtual memory system. This keeps your passphrases and keys from showing up in a swapfile if the machine is compromised. This type of system has no control over that -- if the host decides to swap the emulator out, foom! your entire system image is now on disk. A disk you don't trust.

    Not to mention that processes on the host could simply read through your memory in real time.

    So, in short, an untrusted computer is still an untrusted computer. While this sounds useful for encrypting one's network connections, it seems like an awfully complex solution to reinvent the concept of a VPN.

  18. Slow as hell by joshv · · Score: 4, Informative

    I just tried this on two reasonably modern machines, and it's slow as hell. Unusably slow. QEMU claims to be a 'FAST!' emulator. It is not.

    Why not use Cygwin instead? Almost all of the apps in this distro has have been ported to cygwin, and I doubt there'd be much trouble porting Firefox if someone got serious about it.

    A cygwin based distro could pack a minimal installation (including X) on a USB keyfob that would provide all of the same functionality, but running the apps as native code, at near native speed (minus the small cygwin/POSIX to win32 api translation penalty).

    Now of course this solution won't work on a Linux machine, but I think it would be rare that you'd encounter a Linux machine that you'd want to run this on. Most likely you'd be at a friend's house, or in a computer lab where everything runs windows.

  19. neat-o, but slow... VMware is speedier... by quinxy · · Score: 3, Informative

    Last week I was thinking about exactly this question. I've been using VMware to do the same sort of thing form my laptop, but it has the disadvantage of being costly, non-portable (no easy or possibly legal installing to usb drives/etc.), and not pre-configured for the purpose of this VPM. But in my experience VMware is quicker, feeling almost like the emulated computer was the host computer.

    At any rate, I installed and ran this VPM software, and it certainly seems to deliver, and has a very nice collection of pre-installed apps. Sadly the performance is about as poor as you might expect (that's running it off a HD, not a USB drive). Every operation takes a while to complete, click on Firefox, and wait 40 seconds for it to ask which profile you want to use (this is after first use). Type in a URL and wait at least 30 seconds for any signs that it's coming up. My laptop is only P4M 1.8Ghz, so no doubt performance would be much better on a more recent machine.

    Still, pretty neat, though not entirely usable for me.

    quincy

    --
    Don't vote for Eugene Papansanovich for Congress!
  20. I must be gettin' old... by kippa · · Score: 4, Funny

    I read...
    Secure, Portable, Virtual Piracy Machine