summary: desktop hardening, ¡sí! punting online privacy, ¡no!
details:
David Schwartz[1]
>> It would appear that the defendant in this case is basically arguing
>> Heisenburg's Uncertainty Principle is at play, in that the use of a trojan
>> to identify and spy on his machine may have resulted in the files they found
>> there to have come from unspecified sources,
It would so appear if you didn't read the decision[2] :-) But if you *did*,
you'd discover, on page 2,
Henry Coke Morgan, Jr, US vs Matish, 21 Jun 2016[2]
> Defendant seeks to suppress "all evidence seized from Mr. Matish's home
> computer by the FBI on or about February 27, 2015 through the use of a
> network investigative technique, as well as all fruits of that search."
The US Government does not deny seizing files from Matish's computer via
malware, because those files are its case!
David Schwartz[1]
>> the term "online privacy" is an oxymoron, encryption not withstanding. Use
>> the interwebs at your own risk.
So you support legalizing attacks by any party on any system? Or are you merely
special-pleading for governmental attacks? Either way, your position seems
absurd. Yes, online privacy is under attack, but that empirical claim in no way
justifies the normative claim that one has no *right* to privacy--that's an
elementary category mistake. (To which, BTW, any competent
introduction-to-philosophy course cure will increase immunity. Repeat after me:
you can't get "ought" from "is.")
der.hans[3]
>>>> Maybe it's time to notch up the desktop security series to be a desktop
>>>> hardening series.
WFM. This might also be good for outreach-type events: e.g., "easy FOSS ways
you can make linux much more secure than whatever you're using now." Some
topics one might include (numbering purely for identification, and this list is
not meant to be comprehensive):
1. Firewall configuration. Esp now that easy-to-use tools like `gufw`[4] are
being included with popular distros.
2. Identifying and closing open ports ...
2.1. ... and how to test for and recover from port-closing problems (i.e.,
identifying when you have hosed services that you really want, and restoring
them)
3. Disk encryption: e.g.,
3.1. installing LUKS on both new and in-use systems
3.2. LVM integration issues: e.g., is it better to manage LVM volumes on a
LUKS-encrypted disk or partition, or to encrypt individual volumes?
3.3. encrypting backups: e.g., is it better to encrypt the disk and write files
"normally," or to keep the disk unencrypted and write encrypted backup files
(with, e.g., `duplicity`)?
4. Degrade on login failure:
Eric Oyen[5]
>>> If I had the option like I do on the iPhone, I could set it up so that so
>>> many [login] retries would erase the system.
WFM: I have good backups <genuflection to the Backup Gods/>. But the obvious
problem (IIUC--please correct me if not) is that a true erasure would take a
very long time for current-normal PC disk sizes: presumably the attacker would
just pull the battery or powercord after less time than erasure would require.
OTOH, there might be ways to do something quickly that would make data recovery
significantly more difficult/time-consuming, esp for already-encrypted contents.
5. OS hardening for {desktop users, mere mortals}:
5.1. introduction to <your tool here/>, SELinux (emphasis on "for mere mortals"
:-), LSM, AppArmor
5.2. how to test for and recover from configuration problems
6. Using self-hacking tools, e.g., Kali Linux, Metasploit
FWIW, Tom Roche <[email protected]>
[1]: http://lists.phxlinux.org/lurker/message/20160712.072528.e187e802.en.html
[2]: https://www.eff.org/files/2016/06/23/matish_suppression_edva.pdf
[3]: http://lists.phxlinux.org/lurker/message/20160712.053026.f25b8ec0.en.html
[4]:
https://en.wikipedia.org/wiki/Uncomplicated_Firewall#GUIs_for_Uncomplicated_Firewall
[5]: http://lists.phxlinux.org/lurker/message/20160712.064246.80f8300c.en.html
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
