Slashdot Mirror
A Secure OS For the Dalai Lama?
Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.)
Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?
(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"
(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"
With purchase of Tibet of equal or lesser value.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
If *I* was in charge of the DL's computer, I wouldn't put on *only* Linux or *only* Windows or what have you. I think the DL needs a multiboot machine, and would really appreciate it if you tried to make him one with everything.
Do daemons dream of electric sleep()?
I am Suleman , IT Manager of Zenith Bank, Lagos, Nigeria. I have urgent and very confidential business proposition for you. On June 6, 1997, a Foreign IT consultant/contractor with the Nigerian National IT Corporation, Mr. Barry Kelly made a numbered time (Fixed) request for twelve calendar months, for a secure OS. Upon maturity, I sent a routine notification to his forwarding address but got no reply. After a month, we sent a reminder and finally we discovered from his contract employers, the Nigerian National IT Corporation that Mr. Barry Kelly died from an automobile accident. On further investigation, I found out that he died without making a WILL, and all attempts to trace his next of kin was fruitless. I therefore made further investigation and discovered that Mr. Barry Kelly did not declare any kin or relations in all his official documents, including his Bank Deposit paperwork in my Bank. This sum of US$26,500,000.00 has carefully been moved out of my bank to a security company for safe-keeping. Consequently, my proposal is that I will like you as an Foreigner to stand in as the owner of the money I deposited it in a security company in two trunk boxes though the security company does not know the contents of the boxes as I tagged them to be photographic materials for export. This is simple. I will like you to provide immediately your full names and address so that the Attorney will prepare the necessary documents which will put you in place as the as the owner of the boxes. The money will be moved out for us to share in the ratio of 60% for me and 40% for you. There is no risk at all as all the paperworks for this transaction will be done by the Attorney and this will guarantees the successful execution of this transaction. If you are interested, please reply immediately via my email address.And also send your Telephone and fax numbers so that we can have a smooth communication. Upon your response, I shall then provide you with more details and relevant documents that will help you understand the transaction. Awaiting your urgent reply via my email. PLS REPLY TO MY PRAVATE BOX suleman775@mailsurf.com Thanks and regards. Dr.Suleman .
Apparently this Vista thing is the most secure os on the planet.
The obvious solution is Yellow Hat GNU/Linux.
Seriously, this is a great project. Surely the appropriate solution is a version of either GNU/Linux, such as SELinux, or OpenBSD. No system is entirely secure, but the idea that MS Windows could be as secure as GNU/Linux or BSD is wild.
Upgrade to Vista, install the latest updates, leave auto-updates on, enable DEP for all processes adding exceptions to the DEP exception list if necessary (i.e. app crashes occur) - use IE8, lock down the internet zone so that all active-x and .net stuff is disabled, add trusted sites to the trusted sites zone that need those things, enable IE 'protected mode' for all zones, run users as standard users.
Use strong passwords, teach users basic computer security, including no clicking on email links, no downloading anything from the web. Tell them to trust no one (and no web page,) make sure they understand that they are under siege from one of the most powerful governments on the planet, and so on. Give users 'tests' on this stuff, to make sure they understand it.
There may also be security apps for windows that do more than signature scanning, something that cryptographically signs files and checks signatures, and alerts users/admins to any new processes that auto-start. Or perhaps writing/contracting one might be something you may want to look into.
That's enough to get started, but the key thing is update to Vista, it has so many security features added that it's very hard to break into relative to most other feasible OSes.
"...I think the Microsoft hatred is a disease." - Linus Torvalds
After all, this is the worst possible article in which to lose karma.
Red Flag Linux ? ;)
it's like the soul of Debian, but reincarnated in a new body.
His Holiness merely needs to look inside his heart, and ask himself; "What is the sound of one server booting?" and then he will know the answer to which platform he should choose. Personally, I think he should go with Amiga. After all, Guru Meditation is what the Lama is all about.
... and then they built the supercollider.
Or the English Queen?
Do you mean Her Majesty Elizabeth the Second, by the Grace of God, of Great Britain, Ireland and the British Dominions beyond the Seas Queen, Defender of the Faith, Duchess of Edinburgh, Countess of Merioneth, Baroness Greenwich, Duke of Lancaster, Lord of Mann, Duke of Normandy, Sovereign of the Most Honourable Order of the Bath, Sovereign of the Most Ancient and Most Noble Order of the Thistle, Sovereign of the Most Illustrious Order of Saint Patrick, Sovereign of the Most Distinguished Order of Saint Michael and Saint George, Sovereign of the Most Excellent Order of the British Empire, Sovereign of the Distinguished Service Order, Sovereign of the Imperial Service Order, Sovereign of the Most Exalted Order of the Star of India, Sovereign of the Most Eminent Order of the Indian Empire, Sovereign of the Order of British India, Sovereign of the Indian Order of Merit, Sovereign of the Order of Burma, Sovereign of the Royal Order of Victoria and Albert, Sovereign of the Royal Family Order of King Edward VII, Sovereign of the Order of Mercy, Sovereign of the Order of Merit, Sovereign of the Order of the Companions of Honour, Sovereign of the Royal Victorian Order, Sovereign of the Most Venerable Order of the Hospital of St John of Jerusalem?
It's bad enough using this shorthand without her non-regnal titles.
But converting the religious leader and all his followers to Linux is definitely a workable thing to do.
Exactly. AndyCater must not have much system security experience. People hate to admit it, but aside from users clicking on malicious software while being administrator, windows is pretty solid in the security front.
put together their own Linux distro
Dalai Linux!
myselfmusic
So is the new college slogan "FREE (LIBRE) TIBET!"?
I just call her HRH E2R. Although sometimes I mistake that name for a postal code.
Do daemons dream of electric sleep()?
No, I think the FOSS acronym for Free & Open Source Software would become "Oppressed But Engaging In Passive Resistance Software".
I'm not sure, however, what RMS would make of the acronym OBEIPRS.
I hate printers.
Buddhabuntu perhaps?
several decades in a little box with no windows.
Sounds like FOSS heaven
"It's the Law of the Universe, and I'm the sheriff." Slash-cott 2/10-2/17
Yes. Congratulations. You've just demonstrated that the C programmming language makes the difference between a hack and an evaluation statement come down to nothing more than an extra "=."
Every OS sucks, because C sucks.
--
Toro
(Spot the syntax error in this post!)
GNU/OBEIPRS, duh!
Does it include Enlightenment?
I'm not sure, however, what RMS would make of the acronym OBEIPRS.
He'd complain that it really should be properly named GNU/OBEIPRS.
Dalai Linux!
It really whips the Llama's ass!
Dalai Linux!
Whatever you do, don't use Winamp as the media player as that would be a security breach. You see, it kicks the Lama's a$$. It tells me so every time I install it.
These posts express my own personal views, not those of my employer