Slashdot Mirror


A Secure OS For the Dalai Lama?

Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.) Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?

(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"

2 of 470 comments (clear)

  1. Something that helps by DeltaQH · · Score: 5, Interesting

    Boot always from an trusted, read only media, like CD/DVD or locked USB thumb drive.

    Media should contain not only OS but applications in trusted configuration. No updates allowed from outside trusted entities

    Use only boot media provided from trusted entity

    Maybe use also something like tripwire to detect change in the OS/applications files checking changes by comparing sensitive file

    Full encryption on sensitive data/drives

  2. Re:Huh? by whoever57 · · Score: 5, Interesting

    Microsoft knows the social security numbers, bank accounts, and in most cases close associates of all these people.

    So what? China plays a long game, people could have been sent to immigrate to the US years ago. With travel to the China very common these days, could you be sure that China has not succeeded in planting spies?

    I'm sure that were one to dig deep enough, you'd find that the xp kernel (like some central parts of the linux kernel) has been vetted by NSA experts.

    Forget the kernel -- it's the compiler that is the key. Didn't someone show years ago how code could be inserted into a compiler and once it was there, there was no way to remove it -- apart from going back through the archives and finding a sufficiently old and uninfected compiler? If the compiler adds code to the kernel every time the kernel is built, you can spend forever vetting the kernel source code, but not find the vulnerability that the compiler inserted.

    --
    The real "Libtards" are the Libertarians!