Not sure but I think you hjave to register on the Wikka to be able to read it.Slapdash wrote:I literally laughed out loud when I went to the wiki and clicked on the 'Black Ops' article and all I got was "You are not allowed to read this page". Figures.
It may be merely a glitch. Then again... how deep does the conspiracy go?
Black Ops Puppy
Isolated, pristine OS - every boot.
I'd rather see the following concepts in a Secure Puppy. We have so many Puplets focused on hobby/entertainment/play. In a time of war and ever smarter cyber-crime, why not at least one little Puppy with a growing reputation for exceptional privacy and security.
These are from design concepts guiding "Ubuntu Privacy Remix" - based on Ubuntu 9.04
"Editing, de- and encryption of sensitive data should ... be done with a system that -
"- never has or had contact to untrustworthy networks like the internet
"- cannot leave data unencrypted on the hard drive, not even unnoticed or by accident
"- offers no opportunity to spyware to permanently install onto the system
"[UPR] tries to create such a working environment on any PC with the following measures:
"- the system resides on a read-only CD, i.e. it is in the original state after every reboot and cannot be modified afterwards. Spyware and other mailicious software cannot be installed permanently.
"- The system completely ignores any potentially compromised local (S-)ATA hard disks. Neither can they be used by malicious software to save 'stolen' data from UPR, nor could malicious software be loaded from hard disk into UPR
"- The system kernel is modified so that it cannot activate any network hardware. UPR therefore is an isolated system where it is impossible to exchange data via LAN/WLAN/Bleutooth/Infrared etc.
"- The system is based on free software which can be verified in source code.
"- To ease working with a non-modifiable system, UPR introduces "extended TrueCrypt-Volumes", which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume. These settings are automatically made available after opening such an "extended TrueCrypt-Volume". This method is only an optional alternative to using standard TrueCrypt volumes.
"Ubuntu Privacy Remix therefore has two levels of security:
1: By being non-modifiable, it is impossible to permanently install malicious software, neither by network nor by local hard disks.
2: Even if it were possible for malicious software to load into memory (e.g. carried in and executed from removable media), there is no possibility to save or send captured data anywhere outside.
(On boot, you may select F2, English. Of course, it requires 384mb RAM - Wouldn't it be better as a light weight Puppy?)
These are from design concepts guiding "Ubuntu Privacy Remix" - based on Ubuntu 9.04
"Editing, de- and encryption of sensitive data should ... be done with a system that -
"- never has or had contact to untrustworthy networks like the internet
"- cannot leave data unencrypted on the hard drive, not even unnoticed or by accident
"- offers no opportunity to spyware to permanently install onto the system
"[UPR] tries to create such a working environment on any PC with the following measures:
"- the system resides on a read-only CD, i.e. it is in the original state after every reboot and cannot be modified afterwards. Spyware and other mailicious software cannot be installed permanently.
"- The system completely ignores any potentially compromised local (S-)ATA hard disks. Neither can they be used by malicious software to save 'stolen' data from UPR, nor could malicious software be loaded from hard disk into UPR
"- The system kernel is modified so that it cannot activate any network hardware. UPR therefore is an isolated system where it is impossible to exchange data via LAN/WLAN/Bleutooth/Infrared etc.
"- The system is based on free software which can be verified in source code.
"- To ease working with a non-modifiable system, UPR introduces "extended TrueCrypt-Volumes", which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume. These settings are automatically made available after opening such an "extended TrueCrypt-Volume". This method is only an optional alternative to using standard TrueCrypt volumes.
"Ubuntu Privacy Remix therefore has two levels of security:
1: By being non-modifiable, it is impossible to permanently install malicious software, neither by network nor by local hard disks.
2: Even if it were possible for malicious software to load into memory (e.g. carried in and executed from removable media), there is no possibility to save or send captured data anywhere outside.
(On boot, you may select F2, English. Of course, it requires 384mb RAM - Wouldn't it be better as a light weight Puppy?)
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
Re: Isolated, pristine OS - every boot.
I am wearing a black hat
but I am no cracker or security expert
. . . and my hat is not lined with tin foil
Well the Woof system is therekitten wrote:I'd rather see the following concepts in a Secure Puppy. We have so many Puplets focused on hobby/entertainment/play. In a time of war and ever smarter cyber-crime, why not at least one little Puppy with a growing reputation for exceptional privacy and security.
the multi user Pup is available
I feel I would use the Dpup option as my preferred route
http://www.dpup.org/
Some one will do it
Would you run it - or create your own?
I think you could be right kitten,Wouldn't it be better as a light weight Puppy?
Puppy encrypts the data of your save file
http://puppylinux.org/wikka/BlackOps
and is recommended for secure banking
http://puppylinux.org/wikka/OnlineBankingSafety
My understanding is spooks and black hats use BSD or macs
Is that correct?
Re: Isolated, pristine OS - every boot.
They do but linux was used to hack the Xbox, Windows, ipod, etc.Lobster wrote:
My understanding is spooks and black hats use BSD or macs
Is that correct?
They even use Opera, to defend themselves against other hackers, because tghey know that Opera doesn't get hackes as often as IE explorer.
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
Thanks Trobin
Disciple has found this link from Nathan
which explains about Puppy 'running as route'
http://web.archive.org/web/200806040340 ... age_id=243
Disciple has found this link from Nathan
which explains about Puppy 'running as route'
http://web.archive.org/web/200806040340 ... age_id=243
-
- Posts: 174
- Joined: Mon 18 Feb 2008, 06:22
yes, I'm steeling myself up to work on yet another MS computer infected with that fake pop-up. One big difference now as opposed to Then (2 years ago) when last I dealt with the Nasty Satanic Device is that now all the Virus definitions have been updated about a gazillion times... and now it's listed as a trojan.
They DO look incredibly like a Windows Internals message.This morning (I have had this before)
my computer suddenly turned into a Windows machine
- yes really
AND I was magically infested with virii
that is what it SEEMS happened
In fact it was a redirect of the browser
and then an animated 'Windows page'
with javascript messages of infection
In other words a scam saying my Windows
machine was infected
Only I was running Puppy and had taken my fish oil
and other brain vitamins
He who skydive without parachute, jumps to own conclusion.
-
- Posts: 174
- Joined: Mon 18 Feb 2008, 06:22
As the screen was flipping, after I hit the Submit button, there was an advert for Spyware Doctor.
Here's a couple of "social engineering" things I've noticed a lot of people doing.
One, I was at the pharmacy getting my prescription filled, and they had a security camera right behind the druggist's counter, looking right at his keyboard. The display for which was not visible to the customer at the counter, but if you're standing in line it is.
So you get to watch the druggist log on.
E..v..e..r..y k..e..y..s..t..r..o..k..e...
But there's yet another, more sinister... I learnt it while playing cards.
Eyeglasses are mirrors. When someone is wearing dark glasses it's even more obvious, but any spectacles will do.
So, use a non-standard keyboard layout for logging on. Dvorak works best for me. AND while logging on, take your glasses off if there's anybody in the room.
And unless you have much money to just give away, free charity like, don't wear dark glasses while playing poker.
Here's a couple of "social engineering" things I've noticed a lot of people doing.
One, I was at the pharmacy getting my prescription filled, and they had a security camera right behind the druggist's counter, looking right at his keyboard. The display for which was not visible to the customer at the counter, but if you're standing in line it is.
So you get to watch the druggist log on.
E..v..e..r..y k..e..y..s..t..r..o..k..e...
But there's yet another, more sinister... I learnt it while playing cards.
Eyeglasses are mirrors. When someone is wearing dark glasses it's even more obvious, but any spectacles will do.
So, use a non-standard keyboard layout for logging on. Dvorak works best for me. AND while logging on, take your glasses off if there's anybody in the room.
And unless you have much money to just give away, free charity like, don't wear dark glasses while playing poker.
He who skydive without parachute, jumps to own conclusion.
There's online banking and then there's Black Ops
Lobster asked,
Online Banking...
All I first need is (like most of us, I'd bet)... a special boot CD/USB, used for online banking only (i.e. anytime my identity gets linked to money transactions) -- with both less and a little more than the cybercop recommended, above.
At minimum, it's only a secure core with a locked-down browser -- and as little else on the disk as possible, beside access to a printer receipt, like an ATM machine would provide -- i.e. no user data writes to disk, RAM gets overwritten on shut-down or reboot.
This Linux core could be BareBonesPup, Arch, TinyCore, etc. -- whatever can make the best case for security at the core level.
Before optional multiuser feature becomes part of the various Puppy cores, this unprivileged setup could be used.
With total disk encryption, and (say) the PerfectPaperPassword enhancement as above, the disk or stick becomes its own token device to your account -- isn't this is 3-Factor Authentication: Name/PW, crypt disk, wallet passcard for a 1-time PIN?
Here for example, is a step-by-step for total disk encrypting Slackware12 drive.
This "browser only" disk could also take us to an httpS, encrypted webmail site like this, HushMail
Black Ops...
The image of some cute little puppy trained for black ops, alongside German Shepherd, Doberman Pinscher war dogs... -- great logo and handle for promotion, cartoonists, and for a little levity -- and great goal for perfectionists to pursue -- a branch -- a different repository for all things tricky/secure.
But from TOR's privacy plan, (maybe more related to a Black Ops approach), at least I found *their* example of such a locked-down browser, reassuring for online banking. It came as part of this XP privacy package with their special Firefox (intentionally hobbled.) So far, this 4th browser is living without conflict with my previous 3 XP browsers -- (TOR travels slow, and still needs user diligence and forethought, but seems very promising as it grows nodes.)
With the help of this thread's focus, and with the 1st 20% of our Scroogling here -- we may have 80% of the security info most of us are after, even if it will take 80% more time and minutia to close that final 20% gap -- to the Black Ops (implied military-grade) level.
Well I'd rather not have to trust my own creation, but I'm determined to have it, even if I have to make it. (On my XP CPU *today*, 13 new security patches were applied, and the business app that keeps me on XP+ is now recommending I go to quad-core and 8GB RAM. )Some one will do it
Would you run it - or create your own?
Online Banking...
All I first need is (like most of us, I'd bet)... a special boot CD/USB, used for online banking only (i.e. anytime my identity gets linked to money transactions) -- with both less and a little more than the cybercop recommended, above.
At minimum, it's only a secure core with a locked-down browser -- and as little else on the disk as possible, beside access to a printer receipt, like an ATM machine would provide -- i.e. no user data writes to disk, RAM gets overwritten on shut-down or reboot.
This Linux core could be BareBonesPup, Arch, TinyCore, etc. -- whatever can make the best case for security at the core level.
Before optional multiuser feature becomes part of the various Puppy cores, this unprivileged setup could be used.
With total disk encryption, and (say) the PerfectPaperPassword enhancement as above, the disk or stick becomes its own token device to your account -- isn't this is 3-Factor Authentication: Name/PW, crypt disk, wallet passcard for a 1-time PIN?
Here for example, is a step-by-step for total disk encrypting Slackware12 drive.
This "browser only" disk could also take us to an httpS, encrypted webmail site like this, HushMail
Black Ops...
The image of some cute little puppy trained for black ops, alongside German Shepherd, Doberman Pinscher war dogs... -- great logo and handle for promotion, cartoonists, and for a little levity -- and great goal for perfectionists to pursue -- a branch -- a different repository for all things tricky/secure.
But from TOR's privacy plan, (maybe more related to a Black Ops approach), at least I found *their* example of such a locked-down browser, reassuring for online banking. It came as part of this XP privacy package with their special Firefox (intentionally hobbled.) So far, this 4th browser is living without conflict with my previous 3 XP browsers -- (TOR travels slow, and still needs user diligence and forethought, but seems very promising as it grows nodes.)
With the help of this thread's focus, and with the 1st 20% of our Scroogling here -- we may have 80% of the security info most of us are after, even if it will take 80% more time and minutia to close that final 20% gap -- to the Black Ops (implied military-grade) level.
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
Chris bear sent me this link recommending Linux Live disks for banking
http://voices.washingtonpost.com/securi ... nk_on.html
Military grade Puppy?
m m m . . .
I think I would start with woof (a new gui is available as a separate download for 4.3.1 rc2)
http://www.puppylinux.com/blog/?viewDetailed=01169
I would build on a machine not connected to the internet
and assuming secure communication would be one of the aims I would . . . well I can't really tell you. It might compromise my security . . . and then I would be fish food
http://voices.washingtonpost.com/securi ... nk_on.html
Military grade Puppy?
m m m . . .
I think I would start with woof (a new gui is available as a separate download for 4.3.1 rc2)
http://www.puppylinux.com/blog/?viewDetailed=01169
I would build on a machine not connected to the internet
and assuming secure communication would be one of the aims I would . . . well I can't really tell you. It might compromise my security . . . and then I would be fish food
Nine ways LiveCD security could be defeated
Look how clearly solutions to the online banking problem were laid out five years ago...
http://www.1729.com/secureinternetbanking/index.html
Wouldn't a bank be smart to offer its customers secure on-line banking that included -- (for a profit line set-up fee)
1: a business card size CD, that was the only way they could access their account via internet. Its single ap would be a locked-down browser that could only access their secure servers, using the account name and key for user to which it was issued.
2: a 2nd factor, wallet PIN card where PIN was only good for single transaction login. For deny ability, a customer could destroy its function by some special duress/panic PIN, like "911".
Since this problem is so technical to set up right, and fraught with slip up peril...
http://www.1729.com/blog/TenWaysLiveCDS ... dFail.html
This is a problem for some BANK's big-bucks marketing and IT teams?
Consumers only get what they demand. Customers refusal to bank on-line costs banks money. I'd sure be attracted to a bank that offered the plan above.
And surely there is a way in this money area to raise contributions for Puppy's advancement.
http://www.1729.com/secureinternetbanking/index.html
Wouldn't a bank be smart to offer its customers secure on-line banking that included -- (for a profit line set-up fee)
1: a business card size CD, that was the only way they could access their account via internet. Its single ap would be a locked-down browser that could only access their secure servers, using the account name and key for user to which it was issued.
2: a 2nd factor, wallet PIN card where PIN was only good for single transaction login. For deny ability, a customer could destroy its function by some special duress/panic PIN, like "911".
Since this problem is so technical to set up right, and fraught with slip up peril...
http://www.1729.com/blog/TenWaysLiveCDS ... dFail.html
This is a problem for some BANK's big-bucks marketing and IT teams?
Consumers only get what they demand. Customers refusal to bank on-line costs banks money. I'd sure be attracted to a bank that offered the plan above.
And surely there is a way in this money area to raise contributions for Puppy's advancement.
I'm hearing security sirens, from the Pres on down...
Here is where others with a Black Ops bent are taking their distros...
http://www.openwall.com/Owl/Owl-CD-large.shtml
or another example, this time lightweight: Note the FluxBox menus and tiny widget. Note "System Hardening" as a menu option.
http://techm4sters.org/forum/index.php? ... view;id=46
But yea, its a daunting task...
http://mirrors.unixsol.org/netsecl/docu ... ldocu.html
Yet since as even the Pres says, October "is national cyber security month in the US, with hundreds of federal, state and local government agencies, companies, non-profits and everyday citizens deploying themselves to educate millions of Americans about the importance of online security to themselves, their communities and the nation" - Peter Dinham in...
http://www.itwire.com/content/view/28614/53/
Every other day we read that Window$, unlike Linux, did not design-in security from the kernel. So now the country and the world must pay for its greed and rush to market.
Any inherent advantage the pristine Puppy CD has in privacy or security may be run over, unless we train each generation of Puppies to fight or evade new intruders and protect their RAM and their disk.
http://www.openwall.com/Owl/Owl-CD-large.shtml
or another example, this time lightweight: Note the FluxBox menus and tiny widget. Note "System Hardening" as a menu option.
http://techm4sters.org/forum/index.php? ... view;id=46
But yea, its a daunting task...
http://mirrors.unixsol.org/netsecl/docu ... ldocu.html
Yet since as even the Pres says, October "is national cyber security month in the US, with hundreds of federal, state and local government agencies, companies, non-profits and everyday citizens deploying themselves to educate millions of Americans about the importance of online security to themselves, their communities and the nation" - Peter Dinham in...
http://www.itwire.com/content/view/28614/53/
Every other day we read that Window$, unlike Linux, did not design-in security from the kernel. So now the country and the world must pay for its greed and rush to market.
Any inherent advantage the pristine Puppy CD has in privacy or security may be run over, unless we train each generation of Puppies to fight or evade new intruders and protect their RAM and their disk.
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
We have a program under Network 'MTR traceroute'
this sounds like "geeky, geeky geek geek" to me - what does it mean if anything for security?
http://en.wikipedia.org/wiki/Traceroute
Developing GROWL for simple enhancements
http://www.murga-linux.com/puppy/viewto ... 455#353455
this sounds like "geeky, geeky geek geek" to me - what does it mean if anything for security?
http://en.wikipedia.org/wiki/Traceroute
Developing GROWL for simple enhancements
http://www.murga-linux.com/puppy/viewto ... 455#353455
Some are available as pets if you search the site, others arent. What would be nice is if someone could package them all together as an SFS file that we can load/unload as needed. I've got nmap, aircrack, nessus, wireshark loaded on my system currently.droope wrote:And here I found some interesting links:
http://murga-linux.com/puppy/viewtopic. ... 90&t=24431
A user thinks we should have available:
nmap, hping2, wireshark, nessus, metsploit, ettercap, firewalk, paros, john the ripper, burp, webscarab.
BT is as far as im concerned the standard for a PenTesting Distro. And while I would never think that a puppy version could surpass it, it'd be nice if as I said above; there was a SFS file that we could load with alot of the tools that we'd use on a regular basis.
Is anyone else up for this? Making a SecTool SFS package? I'd be willing to pitch in and help on it.
Ive already got a list somewhere of what id consider a worthy addition.
Hacker_busts_IE8_on_Windows_7_in_2_minutes
"The lesson from this year's Pwn2Own is pretty simple, suggested Charlie Miller, another of Wednesday's winners. "What you can see at Pwn2Own is that bugs are still in software, and exploit mitigations like DEP and ASLR don't work. Even as [defensive measures] improve, researchers still end up winning"
More info at:
http://www.computerworld.com/s/article/ ... _2_minutes
More info at:
http://www.computerworld.com/s/article/ ... _2_minutes
Just as this fascinating thread was moving toward solutions it seems to have died ... sure was lots of fun to read!
Was a new thread started somewhere?
Please tell me that my favorite show has not been canceled!
Was a new thread started somewhere?
Please tell me that my favorite show has not been canceled!
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603