Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 30 Sep 2014, 18:43
All times are UTC - 4
 Forum index » Off-Topic Area » Security
I have specific needs for a live OS
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 3 [31 Posts]   Goto page: Previous 1, 2, 3 Next
Author Message
Bruce B


Joined: 18 May 2005
Posts: 11109
Location: The Peoples Republic of California

PostPosted: Wed 17 Nov 2010, 03:57    Post subject: Re: I have specific needs for a live OS
Subject description: An explanation of why I need a live OS and my requirements.
 

Sideshow Todd wrote:

My my user-names and passwords are in jeopardy.


Unencrypted usernames and passwords are always in jeopardy, because they
are sent as plain text which could be captured in a variety of places. This
would typically be the case with http:// sites such as
this site.

Encrypted usernames and passwords leave the browser encrypted, even the
OS shouldn't know what it is that the browser sends. Nothing
should* be able to decrypt it except the destination. This would
typically be the case with https:// sites

Keystroke loggers I think could be a risk on any public computer of the kind
you use. But they log keystrokes. I don't think they log copy and paste
maneuvers.

Usernames and passwords can be copied and pasted.

~

* Remember we are living in the era of trustworthy computing. Which I
translate from Microsoft babel to mean - You cannot be trusted. To the
extent the OS Vendor refuses to trust us, who knows what is
possible?

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 17 Nov 2010, 14:51    Post subject:  

No Todd, I understood. If you were running Puppy, you wouldn't need to worry about Windows spying on you as long as you leave no files behind (the only thing I would worry about is Puppy automatically trying to use swap - I don't know how current versions of Puppy behave in that regard, but worst case you could manually tell it to stop using swap with the "swapoff" command). You are right about that part.

The problem is that you can't run Puppy without risk unless you power down the computer and boot directly into Puppy (we're going to assume the BIOS on the computer has not been compromised).

I do believe that there is a way to get Windows to give up control and switch the computer over to Puppy without rebooting, but doing so would not be secure if you don't trust the computer. You can't be sure that Windows will completely go away if it has been tampered with (though I doubt anybody would have messed with it to that extent).

However, even if it were secure, this would hardly be better than rebooting the computer, because there would be no way to switch back into Windows from Puppy, so you would still need to reboot the computer when you were finished with it.

And no, this isn't just a matter of reversing the process that I mentioned could take you from Windows into Puppy. Running that, if it works correctly, would essentially shut down Windows without shutting down the computer. So if you did find or create an equivalent program to switch from Puppy into Windows, it would be like booting Windows, just as though the computer had been powered off.

The only way you could do what you are asking is if you had a way to save the complete state of a random Windows, switch over to another OS, and then when finished, restore the complete state of Windows, all without rebooting. As far as I'm aware, there does not exist a way to do this at all, with any OS, not just Puppy. And even if there was, the step where you switched out of Windows would need to be performed in Windows, which is a big security hole. And of course initiating the process would require administrator privileges.

Unfortunately, privacy is not always as convenient as we would like. Since as far as I'm aware what you want does not exist yet, unless you are ready to devote several years toward learning low-level OS architecture so that you could do the programming yourself, your best bet will likely be a netbook - which as I said would be far more secure anyway.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
Sideshow Todd

Joined: 14 Nov 2010
Posts: 6

PostPosted: Thu 18 Nov 2010, 14:04    Post subject:  

jemimah wrote:
Unless the proxy is lame and entirely client-side, you won't be able to get around it this way.

You usually need to buy your own server somewhere in the cloud that's not blocked and route your encrypted traffic through there. As Pizzasgood said, your mileage may very on how well encryption will protect you, and it's no good against local hardware sniffers.

There's plenty of proxy avoidance servers on the net, but net-nanny software generally becomes aware of them quickly - which is why you have to host it yourself and tell no one.

Sometimes Tor will work for proxy avoidance - but using that may cause problems on the local network. Not recommended for the library or workplace.


Good god, jemimah, you won't believe some of the lame azz security measures that some libraries employ. Many of times I've used public library computer that use firewalls/filter apps that were entirely client side.

And even more lame is those that do use server side firewall/filters, but leave the the hard drive(s) open for anyone to poke around, thus giving one the opportunity to shut the offending apps off or (if passwords get in the way) to do consul/registry hack and temperately shut the security down. Or they allow access my favorite VPN site that I use, with gives me access to any site that please me.

not for porn, as I explain in an earlier post in this thread, but so can chat on face book and to access innocent sites that are sometime block by overly strict filtration rules.

Most of the time restrictions are nothing more than a time consuming pain in the azz to get around, however, sometimes the admin knows what he's/she's doing, thus making it impossible for me to bypass the firewalls/filters.

But if I can figure all this out, then it wouldn't matter if the firewall/filters are on the server side because I'd have my own client side VPN.

REPLY TO moB: Thanx. This post has lead me down a path of thought, and I'll look more into this.


REPLY TO Pizzasgood: I'll look into moB's suggestion, but I'll use the host's swap because of the number write limitation of flash. Feel free to correct me if I'm wrong: I don't think user names and passwords would be left on the swap. I can compromise that much, for it's not like that conducting criminal acts or transmitting state secrets, or doing anything else wrong.
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Thu 18 Nov 2010, 14:57    Post subject:  

Any data that you input into the computer could appear in swap. Whether that's worth the risk is up to you.


Running Puppy in an emulator is a great way to be able to operate in a more confortable and familiar OS without having to reboot, but I don't think it provides very much more security. I'm no expert but I kind of doubt that running Puppy inside a virtual machine will protect you from keyloggers. I'm pretty sure that when you type the original OS will first receive the keystrokes. Then it will pass them on to the virtualization software, just the same as it would pass them on into Word or Firefox or any other program. At that point the virtualization software would cause the virtual machine in which Puppy was running to mimic having those keys pressed.

In other words, if you emulate Puppy, Puppy's keyboard drivers aren't going to interact with the physical keyboard. They will interact with a virtual keyboard, which is simulated to match the keys being pressed on the real keyboard based on the information that the real OS gives to the virtualization software. This separation between the emulated OS and the physical hardware is one of the main points behind virtualization.

The ways around that are using copy/paste as BruceB said, or to install a program (in Puppy) that makes a keyboard appear on the screen with keys you can click on, to use for anything that requires privacy (passwords, love letters, schemes for world domination, etc.).

Using Puppy inside VirtualBox or Qemu would still be a bit more secure than directly using Windows though, mainly in that the virtual Puppy would not leave any files lying around on the physical harddrive, and also wouldn't involve running potentially infected programs - for example if the computer's installation of Firefox had a malicious plugin installed, it wouldn't bother you. The main things you'd want to be worried about are keyloggers, programs that scan the RAM for informations, and people/programs who later examine the computer's swap for information. Running a virtual Puppy increases the memory demands of the system, therefor increasing the chances that swap will be used, but also increasing the amount of irrelevant stuff somebody would have to search for to find anything useful, so I suppose it's a tradeoff.

Just my thoughts, so you can make as informed a decision as possible.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 18 Nov 2010, 15:21    Post subject:  

But would the software installed allow one to run that virtual puppy at all?
_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Sideshow Todd

Joined: 14 Nov 2010
Posts: 6

PostPosted: Thu 18 Nov 2010, 17:06    Post subject: Steping back  

You've raised some good point in the last post, pizzasgood. You've been helpful all in all, and now I think I have to step back and take all in and reflect and make a decision on what the hell I'm going do.
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Fri 19 Nov 2010, 01:05    Post subject:  

Quote:
schemes for world domination


If planning world domination, you need to think about security in a different way. For example generating spurious noise for librarians watching your activities as you browse as some systems are designed to do . . .

Operating from a trusted and secure cloud based system. These probably exist but cost money - maybe someone will know of penguin run alternatives?
For world domination set up your own and divert and monitor traffic. [practice evil laugh]

Security is inconvenient. It needs specialized knowledge.
You might for example use, modify and add to
my GROWL program.
http://www.murga-linux.com/puppy/viewtopic.php?p=335216#335216

My favourite technique is to practice
Uttana Shishosana (extended Puppy pose)
and other techniques
http://www.yogajournal.com/poses/2476
which helps me to worship my fears, sleep soundly at night and not need to use the GROWL program.

Hope that helps Very Happy

Puppy Linux
Vigilant penguins

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Fri 19 Nov 2010, 01:27    Post subject:  

nooby wrote:
But would the software installed allow one to run that virtual puppy at all?

The computers in question would almost certainly not have programs like VirtualBox or Qemu installed. However, that is a non-issue. You can install programs onto a flash drive and then run them on any computer with a compatible OS that you plug it into.

Of course there are programs that are not cooperative with such behavior. Some programs require registry entries or having support files in specific locations and other nonsense. It depends on the program. Programs that are happy being run from any location are often called "portable", and I believe there are actually a pretty good number of quite useful programs that support this. I think people even sell flash drives with a bunch of such programs preinstalled and configured on them, and I'm fairly sure there are "bundles" you can download and easily install as well.

Virtual Box and Qemu can both be installed to a flash drive, as far as I am aware.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Fri 19 Nov 2010, 06:13    Post subject:  

I guess it is different for each Library or Internet Cafe one visit.

Many of our Public Library have free access to computers but you have to write down your true name and true mobilenumber and you get access to a screen and a mouse and a keyboard. The computer itself is hidden under a wood work or in a locked box and you have no USB slot access on it.

And if you try to download a program to do a Vbox install then they ask for Amin rights to do such thigns and only the IT department are allowed to do such things.

So sure when it works it works but in many places it is a big NoNo to even attempt it.

But one can sometimes use their open wifi wireless hot spot but then one are open to being sniffed at by others there too. So is it as easy as some say?

I guess one have to copy and paste passwords instead of using the keyboard on the smartphone to be fairly safe? Or copy and and paste also sent in plain text? I know too little but they did show on TV how easy it was to spy on others passwords.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
2lss

Joined: 20 Sep 2009
Posts: 225

PostPosted: Fri 19 Nov 2010, 17:37    Post subject:  

I'm not sure what your constraints are for using a laptop but if its size you could look into a small handheld like a nokia n810/n900, open pandora, or even a smartphone that runs android.

Or if your only worried about email and facebook, set up a temporary gmail account that if someone was to 'break' into, wouldn't jeopardize any personal info. I'm sure the same could be done with a facebook account; just use it for the summer and delete it when you are done.

You could also check out this http://distrowatch.com/table.php?distribution=incognito

(Its a debian live system that ships with tor and some other goodies. It's goal is to provide "Internet anonymity for the user", which I'm sure is debatable.)

But you would be in the same boat as if you used Puppy, aka have to reboot the machine and/or issues with protected bios's
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Fri 19 Nov 2010, 19:07    Post subject:  

nooby wrote:
I guess it is different for each Library or Internet Cafe one visit.

Many of our Public Library have free access to computers but you have to write down your true name and true mobilenumber and you get access to a screen and a mouse and a keyboard. The computer itself is hidden under a wood work or in a locked box and you have no USB slot access on it.

Oh, I see what you meant now. Yeah, if you can't reach the USB slots, then you're out of luck. I haven't seen many instances of that here in the USA. Granted, I haven't gone to very many areas with public computers either. But of the ones I've gone to, all had the computers right out in the open.

You mentioned open wireless. Copy-past won't make any difference for wireless. Using copy-paste for inputting passwords was suggested for when using an untrusted computer, in order to bypass keyloggers. It does nothing to address people snooping on the network.

If the website that you're sending your password to uses SSL (their address starts with "https" instead of "http" and the browser shows a lock or changes colors and such), then the data your computer sends into the internet will be encrypted, so it doesn't matter very much if you use open wireless. Nobody would be able to read what you sent. Most banks and stores and such use SSL. If one doesn't, they need to have complaints sent to them...

On the other hand, many websites and forums (including this forum) that don't deal with money don't bother to use SSL. In those cases, when you send data to them, the data is sent as plaintext. If you're using an open wireless network, or one with weak security, anybody nearby could also find out what data you send in plaintext. (Also, no matter what kind of internet connection you use, anybody who is on the path between your computer and the destination computer could read the text if it is not encrypted. In particular, the ISPs and any unethical network operators who run one of the segments your data passes through.)

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
d4p


Joined: 12 Mar 2007
Posts: 407

PostPosted: Fri 03 Dec 2010, 00:52    Post subject:  

"Yeah, if you can't reach the USB slots, then you're out of luck."

Maybe using CD/DVD.
On my test Virtualbox can be execute from cd/dvd by using the HDD space for temporary files (thanks to windows that it can execute everything).
After quit from virtualbox, it will left a 16 kb *.tmp file in %temp%.
I guess, a 16 kb file doesnt mean a lot or ?
Back to top
View user's profile Send private message 
yordanj94

Joined: 16 Sep 2010
Posts: 77
Location: Bulgaria

PostPosted: Sat 04 Dec 2010, 09:56    Post subject:  

Pizzasgood wrote:

If the website that you're sending your password to uses SSL (their address starts with "https" instead of "http" and the browser shows a lock or changes colors and such), then the data your computer sends into the internet will be encrypted, so it doesn't matter very much if you use open wireless. Nobody would be able to read what you sent. Most banks and stores and such use SSL. If one doesn't, they need to have complaints sent to them

Hi.
Let's say i use Yahoo mail.First i got "https" when i type user and pass,
but then it turns back to "http".
Does this means that they protect only your user and pass and everything else can be captured and your mail can be seen ?
Thanks in advance
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11081
Location: Arizona USA

PostPosted: Sat 04 Dec 2010, 15:36    Post subject:  

yordanj94 wrote:
Hi.
Let's say i use Yahoo mail.First i got "https" when i type user and pass,
but then it turns back to "http".
Does this means that they protect only your user and pass and everything else can be captured and your mail can be seen ?
Thanks in advance

That's right, but don't assume that just because your login information is sent over the internet encrypted, someone can't log in to your account by guessing. That's why you should use long random sequences for your password. I don't know how many login tries Yahoo or Gmail allow.
Back to top
View user's profile Send private message 
yordanj94

Joined: 16 Sep 2010
Posts: 77
Location: Bulgaria

PostPosted: Sat 04 Dec 2010, 16:22    Post subject:  

Thanks.
Gmail encrypts all its traffic but Yahoo doesn't.
Then what's the point to encrypt only user and pass if someone with enough skills can read all the information in the email ?
In that case one of the ways to be more secure would be to encrypt sensitive information as attached file.
Or am i wrong ?
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 3 [31 Posts]   Goto page: Previous 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1261s ][ Queries: 11 (0.0181s) ][ GZIP on ]