Secure, Portable, Virtual Privacy Machine 168
solcity writes "Looks like an online privacy company, Metropipe, are
planning to release a secure linux virtual privacy machine that runs from a USB stick. The image contains a pre-release of their new 'Metropipe Tunneler' product and also contains Firefox, and Thunderbird with the Enigmail/gpg extension. Looks
like the whole thing is based on damnsmalllinux
and uses qemu to boot on Windows or Linux
without any installation or configuration. Very interesting use of qemu and damnsmalllinux, and all 100% GPL."
Comment removed (Score:4, Insightful)
Re:Who's privacy? (Score:2, Insightful)
Re:Who's privacy? (Score:2)
So what's your point? (Score:5, Insightful)
However, the person with this USB fob has increased his security. Thus a net gain in securtity. If you want to be secure you need to take care of yourself. Sticking your head in the ground is not a viable security plan.
Re:So what's your point? (Score:5, Insightful)
Actually you could argue that trusting a method is worse than not trusting it at all. Trusting a unknown key for example, for the sake of security, and sending out private encrypted data protected by it is worse than not trusting the key at all.
Personally, I think carrying your own laptop around is a far better approach (for what the author is trying to achieve) as you don't have to trust others' computers which may contain software to thwart the security of devices such as this USB key by reading all data off it.
You could find flaws with what I've said too---good security is not easy.
Re:So what's your point? (Score:5, Insightful)
The problem is that one cannot always carry one's laptop all the time, wherever they are. Often times, you end up needing your laptop at a time and place when you are least prepared for it -- I'm sure those of us here who need to shuttle all over the place to meet clients have encountered this.
And besides, the laptop is an insecurity in and of itself. Thieves view it as something that can be stolen, and it is a device that can be physically bugged.
True, you don't necessarily trust a computer off an airport in Paris. However, using that computer with your safe-toolkit is probably a whole lot safer than using your laptop with a bug in it -- hypohetically, ofcourse
So, I suppose this is a good security tool. Not the solution to all the problems, but a good tool neverthless.
Or maybe I'm just being too paranoid. And that black helicopter outside my apartment probably belongs to that hot chick across the street. Who knows!
Re:Complications- (Score:3, Informative)
That's not really a problem. Damnsmalllinux is a livecd distro and the concept is similar when you boot off a flashdrive. The boot media is mounted readonly and the OS actually runs in a ramdisk (these days it's called a shared memory filesystem). The only writes would be user data which is very little compared to the OS.
As far as disposing of a broken flashdrive, I'd say take a hammer to the thing and be sure to smash up the flash chips very w
Re:Complications- (Score:2)
Re:So what's your point? (Score:2)
For example, if I want to connect to my IMAP server securely without this device, my option is web mail over SSL...even then, who knows what keystroke loggers are running on the public machine I might be using. Plug in this, reboot and unless there's some Van Eck device around
Re:So what's your point? (Score:2)
I am no expert in this area and not claiming to be one, if I have a conceptual error, be gentle.
For years, I've been using a similar method [everybody.org] with fetchmail to get my email via IMAP with SSH preauth from my shell provider through a cron job. Of course fo
Re:So what's your point? (Score:1)
Admittedly, since the system runs on a virtual machine loaded from the memory stick it's difficult for a process on the host machine to access it's data but it's not impossible. Unless you can actually boot completly (no windows bootstrapping) from the usb stick and know that there's noth
Re:So what's your point? (Score:1)
Re:So what's your point? (Score:1)
Of course, that's a Mac, but I'm sure similar utilities exist for Linux or Windows.
Filevault works by transparently putting your home directory onto an encrypted disk image and mounting it at /Users/username. Files are encrypted/decrypted as they are written to/read from the folder.
Re:Who's privacy? (Score:3, Insightful)
Re:Who's privacy? (Score:5, Insightful)
There is the risk that processes on the host machine can peer at its memory and fish out the unencrypted data without any way of it knowing - unlikely that someone would develop such a thing, but if you're being paranoid there's always the possibility.
Nope (Score:5, Informative)
If you had a boot CD, now that would a problem. Would I let someone boot my laptop from Knoppix? Not unless I would trust them to sysadmin my laptop
As the above poster says, security accepted wisdom is that physical control implies vulnerability.
Re:Who's privacy? (Score:3, Interesting)
I don't believe that you can get a program to run at the login splash screen.
So shame on them for leaving their computer logged in.
Re:Who's privacy? (Score:3, Interesting)
Go into the BIOS settings, set a boot password, and then disable USB boot devices. No, it's not totally impenetrable, but it's better than nothing - at least your attacker will be forced to haul out a screwdriver. And for laptops, probably a soldering iron too, which sort of obviates a quick hit-and-run attack while you're away from your desk ;)
Re:Who's privacy? (Score:2)
Re:Who's privacy? (Score:2)
OH, before if forget:
== Prologue==
The stick OR bootable CDs are a GREAT way to test laptops at stores. Hell, NOW you can test a laptop for ACPI and other problems. You can TRY before you BUY, as long as a CD/DVD or USB port are installed and working... And, the best part is that as long as it's a demo rig, is not connected to a LAN, and has no wireless to inadvertently sniff the store, then the store REALLy
Re:Who's privacy? (Score:3, Insightful)
Re:Who's privacy? (Score:3, Informative)
Of course, you shouldn't be using someone else's computer anyway, god knows what kind of keyloggers or whatever it has lurking in it...
Re:Who's privacy? Why the term "circumvention"? (Score:2)
We need to get out of the habit of calling this circumvetion. If we don't then this usage will lend further credence to ms and furter reinforce some badly-written legislation. If Linux is to be used (as it is now and can be in the future), this notion of "hijacking a box" should be described more discretely.
Putting Linux on a box and being able to "see" the file system is not a guarantee that useful passwords will be found or enable a malicous log in. True, the
jepurdee (Score:2)
*bing*
Alex: AC?
AC: Who's privacy?
Alex: Judges? .... Yes, we'll accept that. Technically the correct question would have been "What is privacy?" Select again.
AC: I'll take "your and you're" for $200 Alex...
And yet... (Score:5, Insightful)
I'm sorry but I cannot bring myself to trust my cookies, settings, and information to travel over anyone else's network. It's not safe unless *I* am the one controlling the proxy and the tunnel between the two.
SSH, Putty (for Windows users), and squid on your own machine is what I use. Yeah, you still can't avoid keyloggers and the like but at least you know that you are controlling what is being logged and where.
Re:And yet... (Score:2)
Re:And yet... (Score:1, Offtopic)
That aside...
Sure, it's nice to have your cookies and whatnot stored on a USB key but that data is still traveling to your USB device via their hardware. It's NOT secure and they shouldn't infer that it is.
Re:And yet... (Score:4, Interesting)
+++WARNING+++
-------------
This is a technology preview and comes with NO SUPPORT, NO WARRANTY
and NO GUARANTEE for any purpose.
Windows Instructions:
Double click on 'boot-win.bat'
Linux Instructions:
run 'boot-linux.bat' from the command line
Now what I find funny is that boot-win.bat doesn't exist and I believe what they meant was qemu-win.bat.
I just can't trust my data to a piece of software that claims no responsibility and doesn't even have the correct filename in a 491 byte README.TXT.
I'll stick w/my current methods TYVM.
Re:And yet... (Score:4, Informative)
How to avoid keyloggers [columbia.edu]
Re:And yet... (Score:2)
it tells you how to not give away your permanent password while on an insecure machine.
everything you type during your session can still be key logged.
Re:And yet... (Score:2)
Of course. But the most damaging use of key loggers is collecting passwords. I don't particularly care if someone logs me hacking at some code, writing an email, or printing out work in one of my uni's computer labs. But if they get my password they can compromise my machine, and that I do care about.
Re:And yet... (Score:2)
True. Does that actually happen? It sounds like it'd be technically a lot harder to do than keylogging... and since few people use one-time passwords, there wouldn't be all that much point.
Dynamic Forwarding (Score:2, Informative)
SSH basically includes a builtin socks proxy. Download putty and create a dynamic port on locahost:1080 and say goodbye squid.
Of course there are still advantages to having a local squid proxy, but in most cases it's not worth the effort anymore.
Re:Dynamic Forwarding (Score:2, Informative)
Now in Firefox, Thunderbird, Trillian, whatever... tell it to use a socks proxy on 127.0.0.1:1080.
Before dynamic forwarding you would need to have squid and/or manually forward
Re:And yet... (Score:2)
So While I can see how it would be easy to poke fun at a Warp-Time bubble causing the intersection of the Enterprise (in all its
What algorithm? (Score:1)
miscategorized (Score:2, Informative)
Re:miscategorized (Score:2, Interesting)
I find any gadget which enables me to boot a decent Linux distro useful ('decent' being relative), if it can increase your privacy it's just an added treat.
Signed email is pretty handy, and setting up that stuff is a bit tiresome if you have to do it for *each* workstation you come to.
I'm assuming you can 'preconfigure' it, or atleast that it stores your settings? (in contrast to your average LiveCD)
Re:miscategorized (Score:2)
OK, let's think this through (Score:5, Insightful)
As I read it, this is a Linux session running in a virtual machine under the host operating system - the idea being that any "sensative" data resides in the virtual session, so the host has no visibility to it.
Except that the host is providing all the screen and keyboard access, so if the host is comprimised and is running VNC the attacker can see where you are going, and what your password is.
True, *IF* the password is only the SSH keyphrase for a private key that is only accessible to the virtual machine, then *maybe* it does him no good.
But since the virtual machine needs to access the media through the (comprimised) host OS, the attacker can copy that data as well.
It sounds to me like this is just giving you a false sense of security.
Re:OK, let's think this through (Score:4, Insightful)
you can buy dongles that record keypresses(that go into the cable).
if it's someone elses computer and you're _really_ paranoid.. then just forget about using it.
Trust is the Key Word (Score:5, Interesting)
A very cool idea but only "secure" if you trust the company. They say they don't keep logs, but you never know. Also a yearly fee with a limit on transfer.
Not all GPL... (Score:4, Interesting)
Should I believe anything else these folks say?
Re:Not all GPL... (Score:3, Informative)
Re:Not all GPL... (Score:5, Informative)
Huh? NPL is Gone. Dead. Buried. Mozilla has been (mostly, and the exceptions should be BSD etc. GPL-compatible) LGPL/GPL/MPL tri-licensed [mozilla.org] for quite a while now, the new licensing policy is over three years old.
Re:Not all GPL... (Score:2)
The previous post whas not there when I clicked "reply".
And besides, it was wrong too, since Mozilla is not just MPL, but GPL and LGPL too, whichever fits you.
Anyway, my point was that the thing claims to have 100% GPL'ed software, but not everything on it is GPL'ed.
Except that you chose to drive that point with an example that is in fact GPL'd, so shouldn't you find another one before the point will stand?
Sure, it might, but I for one don
Re:Not all GPL... (Score:2)
Mozilla (Firefox, Thunderbird) are indeed GPLed. Period. If any user can take the app, modify it, and release it under the terms of the GPL, then that does indeed count as the app being GPLed. At any rate, from a simple user's perspective (that is, a person that just wants to run the software, not modify and/or distribute it), it's totally irrelevant what the license is, as l
Something like the stealthsurfer? (Score:3, Informative)
Isn't this an LFC spinoff? (Score:1, Interesting)
only limited protection (Score:5, Insightful)
Re:only limited protection (Score:3, Informative)
This is more secure than nothing (although there is the danger of a false sense of security!) and it would allow you to use portable encryption on machines that belong to people you trust, but that's all.
It would be much better to boot a secure OS from the
Can be subverted (Score:1, Interesting)
Didn't somebody prove a while back that virtual machines could be subverted by flipping a few bits in memory? As I recall, it was a story on Slashdot a year or more ago. Anybody remember that?
Re:Can be subverted (Score:2)
Re:Can be subverted (Score:3, Interesting)
Oh, man ... (Score:4, Interesting)
I'm reading that headline thinking I finally have a cone of silence with tinted windows I can carry around, and it's just same dorky VM.
Sheesh. Next you'll tell me I still don't get my flying car and robot sex-slave^H^H^H^H^H^H^H^H^Hmaid any time soon.
=)
Re:Oh, man ... (Score:1)
Life span? (Score:5, Interesting)
Re:Life span? (Score:4, Insightful)
How many times or how long can you use this device before wearing out the key?
Well, if you set up a RAM disk and only store personal settings on the USB key -- then I suspect that it would last for quite some time. If you don't care about saving settings, then you can boot off the key as a read-only media and never write back to it. So I don't think this would be a major concern.
Re:Life span? (Score:5, Informative)
Re:Life span? (Score:2, Informative)
- The maximum number of writes a particular area of flash can sustain has been increasing as the technology has matured. Better manufacuter are now promising, in writing, endurance in the 100,000's and even 1,000,000's of erase/write cycles.
- Better manufacturers do both the "rotating," called wear-leveling, and "remapping," called spare sectors management or sparing.
- Flash memory modules already come with reserved spare sectors th
Re:Life span? (Score:2)
secret decoder ring (Score:2)
hail open source! hail freedom! (Score:5, Interesting)
James bond wants one of these. The FBI, when they finally figure out what this is, will want it banned. I have dreamed of doing something like this with an applet but this is much slicker and more powerful.
Next questions, can I tunnel through with VOIP [usatoday.com]? How "special" does my correspondent/recipient have to be for the trail for eavesdroppers to go cold on both ends of the connection?
Re:hail open source! hail freedom! (Score:3, Insightful)
You are still trusting the person at the other end. After all this, if the spooks could install sniffers at the other end, your data is still compromised.
Why go that far, the spooks need install stuff on just your machine, or use other means [wikipedia.org].
Carnivore will never entirely go out of the pictures, it's always a Cat & Mouse game. If this becomes widespread, something else would come up to counter it.
Besides, all this is good only until QC becomes viable and widespread, and at which point your existin
whats the root passwd? (Score:2)
The Netherlands and Germany privacy friendly? (Score:1, Informative)
"MetroPipe's proxy servers are located in the privacy friendly jurisdictions of The Netherlands and Germany."
The Netherlands and Germany privacy friendly? Yeah, sure, compared to China maybe.
The Netherlands is known as the country where the most phone-taps are placed.
Germany and The Netherlands are preparing Europian legislation to log every email message you send, to log every url you are visiting for at least a year "to fight terror".
Europe is getting even worse compared to
Re:The Netherlands and Germany privacy friendly? (Score:2, Informative)
Well, as opposed to other nations that are doing that, at least they are passing legislation...
Re:The Netherlands and Germany privacy friendly? (Score:2)
I know, because I'm dutch (and have read a lot of articles etc about the demonstrations about this subject)
Waaaaaait. (Score:5, Interesting)
You take this USB key and plug it into an untrusted machine (since, if you had a trusted machine, you wouldn't have to go through these hoops). It fires up a virtualized PC that runs Linux and lets you get out to the web using an encrypted proxy.
I fail to see the utility of this. You're running QEMU on the host. If the host is compromised (and it's best to assume that any untrusted host is), it has full access to your keystrokes, I/O, and the entire memory image of your system.
Good crypto software for Unix makes sure to prevent its sensitive data from going out to swap by negotiating with the virtual memory system. This keeps your passphrases and keys from showing up in a swapfile if the machine is compromised. This type of system has no control over that -- if the host decides to swap the emulator out, foom! your entire system image is now on disk. A disk you don't trust.
Not to mention that processes on the host could simply read through your memory in real time.
So, in short, an untrusted computer is still an untrusted computer. While this sounds useful for encrypting one's network connections, it seems like an awfully complex solution to reinvent the concept of a VPN.
Re:Waaaaaait. (Score:3, Informative)
A computer at an internet cafe is likely to have spyware on it, but it would take more work for them to install a physical keylogger. So if you sit down at one of those, you should at least check it for one of these [keyghost.com].
So this will protect you when you're borrowing a friend's computer or dropping in on a client or customer. Probab
Re:Waaaaaait. (Score:2)
But... this is still susceptible to software compromises. Keyloggers will still work on it. Memory dumps might be able to get sensitive information out of it. Sensitive information might still be written into the OS's paging file.
It's nothing like as good as it sounds like it should be.
Re:Waaaaaait. (Score:2)
It'd make it slower (probably a lot slower if you're operating in the USB stick only), but adding an encryption scheme would at least slow down someone that wanted to image your USB stick.
A keylogger would still get stuff though. Hmm...
Re:Waaaaaait. (Score:2)
Yes, of course. I think they're not very clear about what this meant to protect against. I can think of a set of assumptions under which it could be helpful, though. Assume you trust the host machine not to be compromised (so whoever administers it is not out to get you and, in addition, does timely security updates, keeps people from in
Re:Waaaaaait. (Score:2)
Re:Waaaaaait. (Score:2, Interesting)
First, all of your settings are immediately available - your bookmarks, your cookies, your saved emails, etc, on any computer anywhere without any complicated configuration.
Second, it is very portable - much moreso that a laptop. And as they say, you don't have to demonstrate that it isn't a bomb to the airport security guard.
Thirdly, it leaves no lasting record of your activities on the host machine. Y
Slow as hell (Score:5, Informative)
Why not use Cygwin instead? Almost all of the apps in this distro has have been ported to cygwin, and I doubt there'd be much trouble porting Firefox if someone got serious about it.
A cygwin based distro could pack a minimal installation (including X) on a USB keyfob that would provide all of the same functionality, but running the apps as native code, at near native speed (minus the small cygwin/POSIX to win32 api translation penalty).
Now of course this solution won't work on a Linux machine, but I think it would be rare that you'd encounter a Linux machine that you'd want to run this on. Most likely you'd be at a friend's house, or in a computer lab where everything runs windows.
Re:Slow as hell (Score:1)
Just checking.
Re:Slow as hell (Score:2)
Re:Slow as hell (Score:1)
Re:Slow as hell (Score:2)
What I am talking about is a cygwin installation with a full X server. Many of the apps in the distro mentionned in the write-up have cygwin ports (much easier than a full Windows port). As far as I know no one has yet ported Firefox to cygwin. I imagine you could run the native windows version from your keyfob, but that nixes some of the nice encapsulation cygwin provides.
Re:Slow as hell (Score:3, Interesting)
Re:Slow as hell (Score:2)
Re:Slow as hell (Score:2)
(in ie, non sp2)
Re:Slow as hell (Score:2)
neat-o, but slow... VMware is speedier... (Score:3, Informative)
Last week I was thinking about exactly this question. I've been using VMware [vmware.com] to do the same sort of thing form my laptop, but it has the disadvantage of being costly, non-portable (no easy or possibly legal installing to usb drives/etc.), and not pre-configured for the purpose of this VPM. But in my experience VMware is quicker, feeling almost like the emulated computer was the host computer.
At any rate, I installed and ran this VPM software, and it certainly seems to deliver, and has a very nice collection of pre-installed apps. Sadly the performance is about as poor as you might expect (that's running it off a HD, not a USB drive). Every operation takes a while to complete, click on Firefox, and wait 40 seconds for it to ask which profile you want to use (this is after first use). Type in a URL and wait at least 30 seconds for any signs that it's coming up. My laptop is only P4M 1.8Ghz, so no doubt performance would be much better on a more recent machine.
Still, pretty neat, though not entirely usable for me.
quincy
FYI (Score:2)
I must be gettin' old... (Score:4, Funny)
Secure, Portable, Virtual Piracy Machine
Windows on USB Flashdrive? (Score:2)
Anyone make that?
Not secure (Score:2)
It wouldn't be very hard at all to write a trojan that waits on the host machine and compromises your "Secure" data once the qemu vm boots up.
Reply from within this distro (Score:2)
Re:Correction (Score:5, Informative)
They mean GPG [gnupg.org], open source software that works in the same way.
Re:Correction (Score:1, Funny)
Re:Correction (Score:1)
Re:How big? (Score:5, Informative)
Re:How big? (Score:2, Insightful)
Re:How big? (Score:2, Insightful)
Re:Sweet (Score:2)
Paypal is now a verb, too?
Their website seems kinda slow now, but they mention somewhere that they do not accept Paypal.
Double sweet (Score:2)
The site is probably slow because it's being slashdotted...
Re:Double sweet (Score:2)
Re:Nice! (Score:5, Informative)