Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 21 Oct 2014, 23:22
All times are UTC - 4
 Forum index » Off-Topic Area » Security
LightweightPortableSecurity vs Puppy - Puppy wins
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 4 of 5 Posts_count   Goto page: Previous 1, 2, 3, 4, 5 Next
Author Message
d4p


Joined: 12 Mar 2007
Posts: 407

PostPosted: Fri 22 Jul 2011, 06:23    Post_subject:  

LPS v1.2.2 is released

"And the advice given in the FAQs and manual, telling the user how to maintain security, as, for example, for making secure banking transactions to start up, "

Ctbankix is designed specifically for secure online banking
Base on ubuntu
multi-session CD possible
read/write access to ufd only

Bitbox is designed for secure online also
base on ubuntu and run in virtual
need big ram memory
Back to top
View user's profile Send_private_message 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Fri 22 Jul 2011, 18:33    Post_subject:  

The perennial problem with doing banking, or anything else you want sure security for, from anywhere out and about is router insecurity. Router insecurity can be "router security", and is in most provided wifi settings. This because "for security", meaning for defense against being caught in a legal tangle for "culpably allowing" one's facilities to be used for an illegal purpose, providers engage in "monitoring" traffic through their wifi routers, so they may claim to have "attempted to prevent", which establishes them a victim, not a participant.

In publicly available situations the monitoring is not done by security-cleared individuals. Essentially, the monitoring soft-ware is there. For this everyone with access to the router (onsite and off) has access to monitored data, and anyone of those with access to decoding and decrypting programming can mine, even back in time, since it is always safer to save, in case someone (or agency) should ask. This means, in hotels, restaurants, coffee-shops, kiosks, etc., any tech-savvy waiter, busboy, janitor, counterperson, temporary, contractor, etc., or "friend of" any one can real-time monitor, or mine back. The router-in-the-middle is is a weak link.

So, if you are public even with LPS you are depending mostly on anonymity for security, that is, on your transmissions being lost in the flow of traffic. The best alternative is to make a tunnel to a secure router first, then transmit data through to that and on from there. This is what the CAC-secured connect-to-your-government-system capability that LPS developers will set up for government clients does for them.
Back to top
View user's profile Send_private_message 
dawg

Joined: 09 Aug 2009
Posts: 113
Location: still here

PostPosted: Sat 23 Jul 2011, 06:22    Post_subject:  

LPS is bound to have a backdoor installed for the control-freak spooks somewhere.
_________________
I used to only like Puppy as a friend, but now I think our relationship is starting to develop into something more... Very Happy
Back to top
View user's profile Send_private_message 
ICQ 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Sat 23 Jul 2011, 10:07    Post_subject:  

some observations

» one thing that makes it safer is lack of tools to mess with the hard disks as well as no ability to mount the partitions

» it is easy to install on the hdd

» one could easily modify init (the file with the programs) to personalize it

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
cowboy


Joined: 03 Feb 2011
Posts: 247
Location: North America; the Western Hemisphere; Yonder

PostPosted: Sat 23 Jul 2011, 16:21    Post_subject: surely  

dawg wrote:
LPS is bound to have a backdoor installed for the control-freak spooks somewhere.


in general, one might say the same thing about "The Internet".

_________________
"Everywhere is within walking distance, if you have the time." - Steven Wright
Back to top
View user's profile Send_private_message 
cowboy


Joined: 03 Feb 2011
Posts: 247
Location: North America; the Western Hemisphere; Yonder

PostPosted: Sat 23 Jul 2011, 16:24    Post_subject: lps more  

Bruce B wrote:
some observations

» one thing that makes it safer is lack of tools to mess with the hard disks as well as no ability to mount the partitions

~


Good thought. Recently worried about some thread on BarryK's blog where a few folks mentioned adding in auto-mounting as a feature. LPS security, like that of Puppy, seems to involve a couple of simple ideas - no automounting of drives, and non-persistence of the operating system. LPS forces non-persistence.

_________________
"Everywhere is within walking distance, if you have the time." - Steven Wright
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Sat 23 Jul 2011, 17:29    Post_subject:  

The initrd is a squashfs version 3

I can't mount it in Lupu 5.20 because it is an earlier version 3 than the one Lupu supports. Which brings me to this question. Which Puppies used the earlier squashfs version 3?

My idea is to modify, personalize, initrd.

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
muggins

Joined: 20 Jan 2006
Posts: 6688
Location: lisbon

PostPosted: Sat 23 Jul 2011, 18:54    Post_subject:  

I think earlier than p431.
Back to top
View user's profile Send_private_message 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Sat 23 Jul 2011, 19:27    Post_subject:  

Bruce B,

Under "Utilities" in the puppy menu there is an "SFSConverter" utility. It should be able to make 4-series sfs files 3-series. If not you unsquash a 4-series and resquash it a 3.

You would also have to install puppy's sfs mounting at startup system, in the boot-manager section of the set-up system, or the add sfs-files on the fly pet.

I don't think LPS allows user modification, though. It is part of the system's attacks-prevention hardening. See the documentation html file with the download, which lets you open pdfs of LPS documents, also provided with the download. These are also available in LPS when it is installed.

The hardening, preventing ANY modification is good for in-organization general use and users, who can trust the system as provided by fellow members of their organization. The problem for non-members (like us of the general public, around the world) is that we are not U.S. DoD, and need to be able to assure ourselves there is no DoD monitoring of our non-DoD systems. Once it would have been normal to assume the U.S. Dod would simply make a secure system and provide it for anyone to use. But nowadays spying and intruding have become so ubiquitous even those who one would normally trust one needs to confirm one can trust.

Puppies you can get into and look around in and remove what you don't trust from. That, with a vigilant community, active at programming levels, is about the best anyone can hope today for base system security.
Back to top
View user's profile Send_private_message 
gcmartin

Joined: 14 Oct 2005
Posts: 4355
Location: Earth

PostPosted: Tue 02 Aug 2011, 16:33    Post_subject: Drones and Spy-planes you requested  

Security....why concern yourself? Someone, earlier commented, that they used LPS and "no drones ...." Well, here are the drones and the spy planes you asked for.

Firstly, Try to be a little conscious of finding some tool which is useful and offers resonable protection for what you envision your need(s) to be. There is no "perfect" solution. But, there are many useful ones.

Secondly, I've got to get me one of those "flying machines". Maybe I can convert its use to be a router or something....maybe.

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Tue 02 Aug 2011, 20:54    Post_subject:  

I enjoyed the wasp link Cool

Quote:
Puppies you can get into and look around in and remove what you don't trust from. That, with a vigilant community, active at programming levels, is about the best anyone can hope today for base system security.


On the whole I think in terms of using what is insecure, securely.
As always the biggest liability is me.
I am using Android on my phone and realising that most apps request permission to spy on me, tweet on my behalf and empty my bank account at their discretion . . . it is a security nightmare

I would be quite happy using LPS, apart from transferring my billions of Ugandan dollars (have not heard from them for a while) from my favourite phishing expedition . . .
I would be happy using any wooflet and a few puplets that I keep an eye on . . .
Many people manage real money with their phones or with MS Windows (strange but true)

I tend to trust individual penguins and secure quantum tunneling (not yet available) but how about using an updated Onebone?
http://puppylinux.org/wikka/OneBone

A command line Puppy might be secure enough? Smile

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Tue 02 Aug 2011, 22:36    Post_subject:  

And for a next generation of drone-craft... A combination of the hacking and cracking capabilities of the WASP project with the Flying Ball the Japanese Defense Tech people have developed, demonstrated in a youtube video at: http://www.youtube.com/watch?v=7mUNIvlgYKk&feature .

Able to fly in closed spaces, to hover, to dodge around obstacles and into close spaces, to bounce off walls, to send back navigation and data video both, while it is cracking your encryption (or just reading your passwords from your fingers as you enter them, looking over your shoulder), it will be able to follow us over field and through forest, around rock and under tree, through thickets and culverts, right into our shelters! Perhaps even bouncing its signals off of our tin-foil hats, turning what has been our ultimate protection into its auxiliary aerial to use it against us!

Of course, the military's needs for security are the same as ours and everyone's (Who was first to recognize the wisdom of wearing tin-hats, after all?), they will have to watch out for the same things we do.

This means they have to watch out for alterations being made to their secure Light Personal Security operating system out in the field. Enemies or spies making altered forms and substituting them, swapping USB sticks on agents or service-members in the field, so their reports back would go the wrong way, or two ways instead of one. For this we can be pretty sure the LPS system does, or soon will, have a write-home as soon as a net connection is established, to send at least a hash to security check the field install, to make sure it hasn't been altered. The check will be a needed security for those of the DoD system, but it will be an insecurity for the rest of us, since the nature of spying is to use available resources.

For this nature, once it is known in bureaucratic circles that there is a civilian following using LPS for its security, and that there is a doorway, some agency will inevitably arrange to use that doorway "for security". Especially since, with the system closed, no one will ever know...

It's another reason the keys to personal security are simpicity and transparency, so wee can see where leaks might occur and how they might occur. Then we can patch as we go along, swapping info abut what leaks and what seems to work to patch in each case.
Back to top
View user's profile Send_private_message 
AF Branden


Joined: 15 Sep 2009
Posts: 175
Location: United States, WA

PostPosted: Mon 22 Aug 2011, 03:43    Post_subject:  

I really like LPS, but couldn't get my onboard via82xx ac97 sound to work.

Out of my 4 wireless cards only 1 didn't work.

Everything works fine in puppy though.

_________________

Back to top
View user's profile Send_private_message 
Bligh

Joined: 08 Jan 2006
Posts: 484
Location: California

PostPosted: Tue 23 Aug 2011, 04:10    Post_subject:  

I liked it and the oo version would be a quick easy way to have oo when I need it. For online, I can just dis-able the hdd and run Puppy.
Cheers
Back to top
View user's profile Send_private_message 
RandSec

Joined: 10 Aug 2009
Posts: 81
Location: Austin, Texas

PostPosted: Thu 13 Oct 2011, 17:47    Post_subject: LPS v Puppy
Sub_title: Inability to Update Quickly is a Security Flaw
 

I think Puppy is basically better for normal user security (like online banking) than LPS.

For one thing, LPS does not (in the version I tried) have an ability to update the boot disc with browser patches. (Puppy supports DVD updates as new "sessions" on a multi-session boot DVD.) Not allowing updates is a problem because we know from Microsoft Windows that attackers do in fact reverse-engineer patches in hours or days, to find and exploit those faults. So this is a security hole waiting to be used, even in Linux.

Another LPS security issue is Java. Currently, almost all malware will not run under Linux (except for systems with Wine), because Linux is not Microsoft Windows. But Java holds the possibility of a single platform covering both Windows and non-Windows systems, which may be fairly attractive to some attackers.

The advantage of an optical disc is that it is "difficult or impossible" to infect (especially in Puppy, where the boot DVD can be removed). To some extent, Puppy discards the DVD advantage by checking for and using existing Puppy files as it comes up. Thus, it may be possible for Puppy malware to write such a file to a hard drive, thus infecting even a DVD boot (not the DVD, but all subsequent sessions) on that system. This would imply that any Puppy system with a hard drive (or flash drive) has a security hole, even with a DVD boot.

Some (probably futile) malware advice for the government:

http://www.ciphersbyritter.com/COMPSEC/ADVISING.HTM
Back to top
View user's profile Send_private_message Visit_website 
Display_posts:   Sort by:   
Page 4 of 5 Posts_count   Goto page: Previous 1, 2, 3, 4, 5 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0968s ][ Queries: 13 (0.0059s) ][ GZIP on ]