Black Ops Puppy

[Trobin]

I literally laughed out loud when I went to the wiki and clicked on the 'Black Ops' article and all I got was "You are not allowed to read this page". Figures.

It may be merely a glitch. Then again... how deep does the conspiracy go?

Not sure but I think you hjave to register on the Wikka to be able to read it.

[Lobster]

You have to register - that is right. Preferably at night, from a secret location.

Thanks for the fish oil tips.

[kitten]

I'd rather see the following concepts in a Secure Puppy. We have so many Puplets focused on hobby/entertainment/play. In a time of war and ever smarter cyber-crime, why not at least one little Puppy with a growing reputation for exceptional privacy and security.

These are from design concepts guiding "Ubuntu Privacy Remix" - based on Ubuntu 9.04

"Editing, de- and encryption of sensitive data should ... be done with a system that -

"- never has or had contact to untrustworthy networks like the internet

"- cannot leave data unencrypted on the hard drive, not even unnoticed or by accident

"- offers no opportunity to spyware to permanently install onto the system

"[UPR] tries to create such a working environment on any PC with the following measures:

"- the system resides on a read-only CD, i.e. it is in the original state after every reboot and cannot be modified afterwards. Spyware and other mailicious software cannot be installed permanently.

"- The system completely ignores any potentially compromised local (S-)ATA hard disks. Neither can they be used by malicious software to save 'stolen' data from UPR, nor could malicious software be loaded from hard disk into UPR

"- The system kernel is modified so that it cannot activate any network hardware. UPR therefore is an isolated system where it is impossible to exchange data via LAN/WLAN/Bleutooth/Infrared etc.

"- The system is based on free software which can be verified in source code.

"- To ease working with a non-modifiable system, UPR introduces "extended TrueCrypt-Volumes", which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume. These settings are automatically made available after opening such an "extended TrueCrypt-Volume". This method is only an optional alternative to using standard TrueCrypt volumes.

"Ubuntu Privacy Remix therefore has two levels of security:

1: By being non-modifiable, it is impossible to permanently install malicious software, neither by network nor by local hard disks.

2: Even if it were possible for malicious software to load into memory (e.g. carried in and executed from removable media), there is no possibility to save or send captured data anywhere outside.

(On boot, you may select F2, English. Of course, it requires 384mb RAM - Wouldn't it be better as a light weight Puppy?)

[Lobster]

I am wearing a black hat
but I am no cracker or security expert
. . . and my hat is not lined with tin foil

I'd rather see the following concepts in a Secure Puppy. We have so many Puplets focused on hobby/entertainment/play. In a time of war and ever smarter cyber-crime, why not at least one little Puppy with a growing reputation for exceptional privacy and security.

Well the Woof system is there
the multi user Pup is available
I feel I would use the Dpup option as my preferred route
http://www.dpup.org/

Some one will do it
Would you run it - or create your own?

Wouldn't it be better as a light weight Puppy?

I think you could be right kitten,

Puppy encrypts the data of your save file
http://puppylinux.org/wikka/BlackOps
and is recommended for secure banking
http://puppylinux.org/wikka/OnlineBankingSafety

My understanding is spooks and black hats use BSD or macs
Is that correct?

[Trobin]

My understanding is spooks and black hats use BSD or macs
Is that correct?

They do but linux was used to hack the Xbox, Windows, ipod, etc.

They even use Opera, to defend themselves against other hackers, because tghey know that Opera doesn't get hackes as often as IE explorer.

[Lobster]

Thanks Trobin

Disciple has found this link from Nathan
which explains about Puppy 'running as route'
http://web.archive.org/web/200806040340 ... age_id=243

[TheProphet]

yes, I'm steeling myself up to work on yet another MS computer infected with that fake pop-up. One big difference now as opposed to Then (2 years ago) when last I dealt with the Nasty Satanic Device is that now all the Virus definitions have been updated about a gazillion times... and now it's listed as a trojan.

This morning (I have had this before)
my computer suddenly turned into a Windows machine
- yes really
AND I was magically infested with virii
that is what it SEEMS happened

In fact it was a redirect of the browser
and then an animated 'Windows page'
with javascript messages of infection
In other words a scam saying my Windows
machine was infected

Only I was running Puppy and had taken my fish oil
and other brain vitamins

They DO look incredibly like a Windows Internals message.

[TheProphet]

As the screen was flipping, after I hit the Submit button, there was an advert for Spyware Doctor.

Here's a couple of "social engineering" things I've noticed a lot of people doing.

One, I was at the pharmacy getting my prescription filled, and they had a security camera right behind the druggist's counter, looking right at his keyboard. The display for which was not visible to the customer at the counter, but if you're standing in line it is.

So you get to watch the druggist log on.

E..v..e..r..y k..e..y..s..t..r..o..k..e...

But there's yet another, more sinister... I learnt it while playing cards.

Eyeglasses are mirrors. When someone is wearing dark glasses it's even more obvious, but any spectacles will do.

So, use a non-standard keyboard layout for logging on. Dvorak works best for me. AND while logging on, take your glasses off if there's anybody in the room.

And unless you have much money to just give away, free charity like, don't wear dark glasses while playing poker.

[kitten]

Lobster asked,

Some one will do it
Would you run it - or create your own?

Well I'd rather not have to trust my own creation, but I'm determined to have it, even if I have to make it. (On my XP CPU *today*, 13 new security patches were applied, and the business app that keeps me on XP+ is now recommending I go to quad-core and 8GB RAM. )

Online Banking...

All I first need is (like most of us, I'd bet)... a special boot CD/USB, used for online banking only (i.e. anytime my identity gets linked to money transactions) -- with both less and a little more than the cybercop recommended, above.

At minimum, it's only a secure core with a locked-down browser -- and as little else on the disk as possible, beside access to a printer receipt, like an ATM machine would provide -- i.e. no user data writes to disk, RAM gets overwritten on shut-down or reboot.

This Linux core could be BareBonesPup, Arch, TinyCore, etc. -- whatever can make the best case for security at the core level.

Before optional multiuser feature becomes part of the various Puppy cores, this unprivileged setup could be used.

With total disk encryption, and (say) the PerfectPaperPassword enhancement as above, the disk or stick becomes its own token device to your account -- isn't this is 3-Factor Authentication: Name/PW, crypt disk, wallet passcard for a 1-time PIN?

Here for example, is a step-by-step for total disk encrypting Slackware12 drive.

This "browser only" disk could also take us to an httpS, encrypted webmail site like this, HushMail

Black Ops...

The image of some cute little puppy trained for black ops, alongside German Shepherd, Doberman Pinscher war dogs... -- great logo and handle for promotion, cartoonists, and for a little levity -- and great goal for perfectionists to pursue -- a branch -- a different repository for all things tricky/secure.

But from TOR's privacy plan, (maybe more related to a Black Ops approach), at least I found *their* example of such a locked-down browser, reassuring for online banking. It came as part of this XP privacy package with their special Firefox (intentionally hobbled.) So far, this 4th browser is living without conflict with my previous 3 XP browsers -- (TOR travels slow, and still needs user diligence and forethought, but seems very promising as it grows nodes.)

With the help of this thread's focus, and with the 1st 20% of our Scroogling here -- we may have 80% of the security info most of us are after, even if it will take 80% more time and minutia to close that final 20% gap -- to the Black Ops (implied military-grade) level.

[Lobster]

Chris bear sent me this link recommending Linux Live disks for banking
http://voices.washingtonpost.com/securi ... nk_on.html

Military grade Puppy?
m m m . . .
I think I would start with woof (a new gui is available as a separate download for 4.3.1 rc2)
http://www.puppylinux.com/blog/?viewDetailed=01169

I would build on a machine not connected to the internet
and assuming secure communication would be one of the aims I would . . . well I can't really tell you. It might compromise my security . . . and then I would be fish food

[kitten]

Look how clearly solutions to the online banking problem were laid out five years ago...

http://www.1729.com/secureinternetbanking/index.html

Wouldn't a bank be smart to offer its customers secure on-line banking that included -- (for a profit line set-up fee)

1: a business card size CD, that was the only way they could access their account via internet. Its single ap would be a locked-down browser that could only access their secure servers, using the account name and key for user to which it was issued.

2: a 2nd factor, wallet PIN card where PIN was only good for single transaction login. For deny ability, a customer could destroy its function by some special duress/panic PIN, like "911".

Since this problem is so technical to set up right, and fraught with slip up peril...

http://www.1729.com/blog/TenWaysLiveCDS ... dFail.html

This is a problem for some BANK's big-bucks marketing and IT teams?

Consumers only get what they demand. Customers refusal to bank on-line costs banks money. I'd sure be attracted to a bank that offered the plan above.

And surely there is a way in this money area to raise contributions for Puppy's advancement.

[kitten]

Here is where others with a Black Ops bent are taking their distros...

http://www.openwall.com/Owl/Owl-CD-large.shtml

or another example, this time lightweight: Note the FluxBox menus and tiny widget. Note "System Hardening" as a menu option.

http://techm4sters.org/forum/index.php? ... view;id=46

But yea, its a daunting task...

http://mirrors.unixsol.org/netsecl/docu ... ldocu.html

Yet since as even the Pres says, October "is national cyber security month in the US, with hundreds of federal, state and local government agencies, companies, non-profits and everyday citizens deploying themselves to educate millions of Americans about the importance of online security to themselves, their communities and the nation" - Peter Dinham in...

http://www.itwire.com/content/view/28614/53/

Every other day we read that Window$, unlike Linux, did not design-in security from the kernel. So now the country and the world must pay for its greed and rush to market.

Any inherent advantage the pristine Puppy CD has in privacy or security may be run over, unless we train each generation of Puppies to fight or evade new intruders and protect their RAM and their disk.

[Lobster]

We have a program under Network 'MTR traceroute'

this sounds like "geeky, geeky geek geek" to me - what does it mean if anything for security?
http://en.wikipedia.org/wiki/Traceroute

Developing GROWL for simple enhancements
http://www.murga-linux.com/puppy/viewto ... 455#353455

[clarf]

A needed read for Linux security audits:

http://www.sans.org/score/checklists/linuxchecklist.pdf

[mac84]

iway officiallyway antway othingnay otay oday ithway isthay

[SickPuppy]

Black Ops Puppy could easily become a hit in China.

[Q5sys]

And here I found some interesting links:
http://murga-linux.com/puppy/viewtopic. ... 90&t=24431

A user thinks we should have available:

nmap, hping2, wireshark, nessus, metsploit, ettercap, firewalk, paros, john the ripper, burp, webscarab.

Some are available as pets if you search the site, others arent. What would be nice is if someone could package them all together as an SFS file that we can load/unload as needed. I've got nmap, aircrack, nessus, wireshark loaded on my system currently.

backtrack, is the best I know of...
https://wiki.remote-exploit.org/backtrack/
Aitch

BT is as far as im concerned the standard for a PenTesting Distro. And while I would never think that a puppy version could surpass it, it'd be nice if as I said above; there was a SFS file that we could load with alot of the tools that we'd use on a regular basis.

Is anyone else up for this? Making a SecTool SFS package? I'd be willing to pitch in and help on it.
Ive already got a list somewhere of what id consider a worthy addition.

[clarf]

"The lesson from this year's Pwn2Own is pretty simple, suggested Charlie Miller, another of Wednesday's winners. "What you can see at Pwn2Own is that bugs are still in software, and exploit mitigations like DEP and ASLR don't work. Even as [defensive measures] improve, researchers still end up winning"

More info at:

http://www.computerworld.com/s/article/ ... _2_minutes

[edoc]

Just as this fascinating thread was moving toward solutions it seems to have died ... sure was lots of fun to read!

Was a new thread started somewhere?

Please tell me that my favorite show has not been canceled!

[Aitch]

Is anyone else up for this? Making a SecTool SFS package? I'd be willing to pitch in and help on it.
Ive already got a list somewhere of what id consider a worthy addition

seems to have been the last interesting comment, though I don't think it got implemented, doc

Aitch