thanks but no thanks
|
| Author | Content |
|---|---|
| herzeleid Apr 29, 2008 7:48 PM EDT |
The absolute last thing in the world I'd ever need is to have microsoft messing with my unix boxes. I think I'll pass - give me one or two good unix guys instead and I'll be fine, thanks. Sure, microsoft frantically desires to be relevant, and they really really badly want to create a world where you'd need ms windows to manage unix - but how does that help me? I can see how it would benefit microsoft, but what's the benefit for me? |
| tuxchick Apr 29, 2008 9:09 PM EDT |
Yeah, like we want the masterminds behind DRM and selling out users wholesale to get their grubby paws on our poor innocent Unix systems. "The growing use of encryption software -- like Microsoft's own BitLocker -- by cyber criminals has led Microsoft to develop a set of tools that law enforcement agents can use to get around the software" http://www.pcworld.com/businesscenter/article/145318/microso... |
| Scott_Ruecker Apr 29, 2008 9:26 PM EDT |
I almost posted that article to the newswire Carla, almost.. :-) |
| Bob_Robertson Apr 30, 2008 6:45 AM EDT |
The issues involved in that article are excellent, regardless of platform. I am curious just how hard an encrypted partition is to crack. Guess I'll just have to wait to see how things go in the future. |
| dinotrac Apr 30, 2008 7:13 AM EDT |
Unlike you mindless naive fantatical religious cult ant-Microsoft Linux bigots, I actually got the software and tried it out. Things went pretty well for the first day, then I started to get warnings of "unanticipated condition -- investigate immediately". Couldn't find anything wrong, so I turned the warnings off. Next day, my machines started beeping as well as giving warnings: "Uptime 48 hrs. Unanticipated condition -- must be alien science. Wiping all hard drives to protect earth from attack." Fortunately, the Windows machine had been infected by a denial of denial of service virus, so none of the boxes were actually touched. The Windows machine, however, suffered a nervous breakdown and will need years of therapy. |
| tuxchick Apr 30, 2008 8:36 AM EDT |
Bob, from the reading I've done capturing data while it's still in memory is a proven way to get around encryption. Provided the data you want are there, and if you're lucky your user is using some sucky encryption product that leaves the keys in memory too. dino, finally you have found proof of Microsoft's supposed push towards interop- unhelpful error messages. At last, common ground. |
| Bob_Robertson Apr 30, 2008 9:07 AM EDT |
Here's how I want to do it: Two partitions, one unencrypted boot and the rest encrypted. The encrypted boot has most of what is needed to unencrypt, but no keys. The USB thumbdrive has the keys, and a boot image. Booting with the USB makes the system work, booting from the HD asks for a passphrase which is never correct. After successfully logging in, a background process compares the unencrypted boot partition against a copy inside the encrypted area. Any changes are reported. "Someone installed a sniffer on your machine while you were at the pool, 007." |
| techiem2 Apr 30, 2008 9:13 AM EDT |
Here's what my friend did on his linux laptop:
He had an encrypted /home partition.
The key was on a thumbdrive.
If he booted with the thumbdrive connected, it would mount his encrypted /home.
If he booted without it, it would mount a generic /home. |
| herzeleid Apr 30, 2008 9:30 AM EDT |
Quoting:If he booted with the thumbdrive connected, it would mount his encrypted /home. If he booted without it, it would mount a generic /home.Clever, I like it... |
| Steven_Rosenber Apr 30, 2008 9:34 AM EDT |
I've experimented with encrypted LVM in Debian, and I believe it's also available with Ubuntu if you use the "alternate" install disk. For the equally paranoid, Puppy also offers an encryption option. If I wasn't using this laptop to test distros so much, I'd make a huge partition, totally encrypted LVM for everything, with a smaller unencrypted partition just in case I wanted to run a live CD and have a place to store the configuration. The one problem with dual-booting and encryption is that you can't get to your encrypted partitions if you're not running the installation that made 'em. Still, for laptops, I think this kind of encryption is extremely important. And I will follow my own advice -- I will! |
| jdixon Apr 30, 2008 9:40 AM EDT |
> I am curious just how hard an encrypted partition is to crack. There was a study just recently which determined that if you power a machine off and back on the encryption keys will still be in memory and can be recovered. I think LXer had a link to it, but it may have been on the Register. |
| Bob_Robertson Apr 30, 2008 11:00 AM EDT |
> the encryption keys will still be in memory and can be recovered. Sounds like a good reason for a shutdown process that cleans out memory. |
| tuxchick Apr 30, 2008 11:17 AM EDT |
jdixon, how would that work? Because when the power is gone, so is everything in memory. That's why law enforcement wants tools like this COFEE thang:Quoting:While COFEE doesn't break BitLocker or open a back door, it captures live data on the computer, which is why it's important for agents not to shut down the computer first, he said. COFEE runs from a USB drive, so agents o de law (smother giggles and cynical wisecracks) can capture everything in RAM on a running system. Presumably they do this right away, before it crashes or the battery dies or something else happens, and with a windoze mosheen something is guaranteed to happen. Then they have a separate image they can copy and mangle er analyze to their heart's content. Scott, you should have posted the story. Then this thread wouldn't have gotten hijacked :) |
| techiem2 Apr 30, 2008 11:22 AM EDT |
I remember reading an article about data recovery and such in memory too somewhere...something about how sometimes it can be possible to read ram even after power loss... I guess the easiest thing to do is fully show down the power and pull the plug so there is no voltage remaining in the machine and hope that clears it enough....but ideally having the system secure wipe the ram during shutdown would be good... |
| jdixon Apr 30, 2008 11:25 AM EDT |
TC. here's the link to the Register article: http://www.theregister.co.uk/2008/02/22/eff_unbitlocker/ That can probably answer your questions better than I can. |
| tuxchick Apr 30, 2008 11:54 AM EDT |
Oh, I remember that article! It says DRAM takes about a minute to clear after the power goes off. Yes, some kind of secure memory-wipe would be a good thing. |
| Scott_Ruecker Apr 30, 2008 1:55 PM EDT |
Yeah, your right about that Carla.. ;-) |
| gus3 Apr 30, 2008 8:53 PM EDT |
Maybe a Linux kernel module to flood userspace memory with zeros immediately before reboot or shutdown? Even 0xFFAA5500 or some variant thereof.... Whaddya know, a kernel module I could write. |
| jezuch May 01, 2008 3:57 AM EDT |
Quoting:Maybe a Linux kernel module to flood userspace memory with zeros immediately before reboot or shutdown? How would that handle hard resets? Or pulling memory modules from the running system? |
| gus3 May 01, 2008 7:33 AM EDT |
I didn't say it was perfect... However, for an enterprise with burdensome security needs, the physical security concerns (incl. reliable power supply and reset button disconnection) are probably already addressed. As far as the memory hot-swap, wiping it before the tri-state can be handled by the hot-swap driver. |
| tuxchick May 01, 2008 7:36 AM EDT |
Ok, so there's maybe a minute of opportunity to capture RAM contents. While it is a nice cross-platform hole, it's exploitable only under ideal and limited circumstances. I don't believe I'll be losing any sleep over it. |
| Steven_Rosenber May 01, 2008 11:43 AM EDT |
I agree. While this might be a theoretical security risk, there are more many more dangerous things that we have to worry about. |
| techiem2 May 01, 2008 12:09 PM EDT |
And now we have this to worry about:
http://news.bbc.co.uk/2/hi/technology/7377063.stm :) |
| Bob_Robertson May 01, 2008 1:19 PM EDT |
Well, if you're going to go through the effort of encrypting, then there is going to be extra effort with static ram "memristors". Maybe, just maybe, the "instant on" is going to have to be given up for the encrypted crowd. Well, boo-hoo. "lid-closed: launch memory clearing process, reset to pre-decryption state." Security is inconvenient. |
| jdixon May 01, 2008 1:26 PM EDT |
> ...there are more many more dangerous things that we have to worry about. Like a new bug in the kernel. Sigh. From the Slackware-current changelog: a/kernel-generic-2.6.24.5-i486-2.tgz: Patched to fix a security issue in fs/dnotify.c. The use of dnotify (largely replaced by inotify on 2.6.x systems) could lead to a local DoS, or possibly a local root hole. We said we wouldn't make changes now unless something was "critical" -- and it seems we got what we wished for. ;-) This flaw will also be addressed in the kernels for previous releases as soon as possible. The patch itself may be found in source/k/linux-2.6.24.5-CVE-2008-1375-patch/. For additional information (when the CVE candidate is opened), see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375 |
| Bob_Robertson May 01, 2008 3:47 PM EDT |
> Like a new bug in the kernel. Which will be fixed in the distributions very quickly. The strength of F/OSS reveals itself again. |
| jdixon May 01, 2008 4:17 PM EDT |
> Which will be fixed in the distributions very quickly. Yes, as shown, Slackware-current already has the fix, and I expect the patches for 12.0 and earlier to be out later tonight or early tomorrow. But that's still the second exploitable kernel bug in the past few weeks. That's worrisome. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!