Slashdot Mirror


A Secure OS For the Dalai Lama?

Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.) Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?

(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"

4 of 470 comments (clear)

  1. Something that helps by DeltaQH · · Score: 5, Interesting

    Boot always from an trusted, read only media, like CD/DVD or locked USB thumb drive.

    Media should contain not only OS but applications in trusted configuration. No updates allowed from outside trusted entities

    Use only boot media provided from trusted entity

    Maybe use also something like tripwire to detect change in the OS/applications files checking changes by comparing sensitive file

    Full encryption on sensitive data/drives

  2. Re:Huh? by whoever57 · · Score: 5, Interesting

    Microsoft knows the social security numbers, bank accounts, and in most cases close associates of all these people.

    So what? China plays a long game, people could have been sent to immigrate to the US years ago. With travel to the China very common these days, could you be sure that China has not succeeded in planting spies?

    I'm sure that were one to dig deep enough, you'd find that the xp kernel (like some central parts of the linux kernel) has been vetted by NSA experts.

    Forget the kernel -- it's the compiler that is the key. Didn't someone show years ago how code could be inserted into a compiler and once it was there, there was no way to remove it -- apart from going back through the archives and finding a sufficiently old and uninfected compiler? If the compiler adds code to the kernel every time the kernel is built, you can spend forever vetting the kernel source code, but not find the vulnerability that the compiler inserted.

    --
    The real "Libtards" are the Libertarians!
  3. Re:Physical Security First by fluffy99 · · Score: 4, Interesting

    Not the entire US Govt - just the state department. It was a political pissing contest over which contract was used and that Congressman Wolf didn't get a kickback if the contract went through Lenovo who was doing business out of New York. If Chinese made computers or Chinese controlled companies were the issue, they wouldn't have bought any computers. There are no computers made solely with US parts on US soil.

    Computers aren't that big of a deal. You inspect for physical anomalies, wipe the HD and install the OS. You never use the default factory install as its untrustworthy. Same reason you wipe thumb drives on a standalone computer before issuing to your users.

    Now if you want to talk about untrustworthy sources - there are legitimate reasons for the US govt to avoid Kasperasky A/V as the company is owned by an ex-KGB type and has connections to russian hackers.

  4. Re:Lack of font? Design your own! by speedtux · · Score: 4, Interesting

    Also, changing your society to match the capabilities of some software is -always- the wrong way.

    Sorry to be so blunt, but that's bullshit. Europe made massive changes to its writing systems with the advent of new writing and printing technologies. And that was the right thing to do because it greatly increased literacy.

    Tibetan literacy rates historically have been atrocious, and even today, they are worse than many other nations. Reform and simplification of the Tibetan writing system might well be the right thing to do, and the requirements of software generally coincide with sensible simplification.