Re: [tor-talk] Fwd: SecureDrop, new whistleblower submission system
Micah Lee wrote (31 Oct 2013 22:24:13 GMT) : With SecureDrop, the viewing station requires Tails with persistent storage, and you can only use persistent storage if you boot off of a USB stick. FTR: you can boot from DVD and use persistence on a USB stick. It's not documented nor formally supported, but I'm told it works fine. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: SecureDrop, new whistleblower submission system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Oracle Virtualbox (GPL, free) and VMware Fusion (Proprietary, not-Free), VMware Player (Proprietary, free), etc all works on MacOSX (or OSX86). Oracle VirtualBox and VMware WorkStation and VMware Player, etc all works on Linux, Windows, etc Host OS. In VMware Player a new VM cannot be created, copied VM can be used, and then can be modified. In VMware WorkStation, VM can be created modified. WorkStation (it comes with the free Player) can be downloaded as Trial usage mode. These hypervisor software will allow to create VM (Virtual Machines) for Guest OS, running on top of the Host OS/machine. Everything inside a VM is virtual/emulated/simulated. (Almost) ANY bootable or Live-Bootable DVD/CD ISO files, Physical DVD/CD-ROM drives, Bootable or Non-Bootable Physical USB flash drives/sticks, etc all can be directly attached with a VM, and then run inside a VM. Inside a VM, virtual empty drive or virtual formatted drive, etc can be attached created. VM and Virtual drive's can be encrypted too. Such virtual empty-drive or formatted-drive will actually exist as a physical file in Host OS. On older FAT32 based host OS, file will/may span over multiple files distributed on 1024 MBytes files. On NTFS, HPFS, LVM, ext2/3, etc file will remain as 1 large file. You can create VM with a virtual drive, or without a virtual drive, upto you. Inside a VM, a physical drive partition can also be used as a virtual-drive. And compacting features can be used to reduce physical file-size, related to any VM. Oracle VirtualBox and VMware WorkStation/Fusion/Player etc all have extension-packs, which contains latest virtual drivers. Some are generic, GPL. Some are proprietory. If the Guest-OS disk/disc/drive/stick, pre-includes those virtual-drivers, then such Guest-OS can run even better inside the VM. Before installing VirtualBox or VMware, etc hypervisor software, do this : Go inside your physical HOST computer's UEFI/EFI/BIOS (usually by pressing F2, F10, F8, F1, Command, etc keboard buttons), and enable feature such as : Virtualization, AMD-V, Intel VT-x, etc ... whichever you will see inside your BIOS/firmware. Physical computers which will have those Hardware(HW) based virtualization support, then VM will run smoothly faster in those computers, videos will play better, OR ELSE, those hypervisor software will create partial virtualization or para-virtualization environment/container based VM ... which will be slow and less smooth ... but will at-least run. TAILS should release a VirtualBox VM based edition. And disable/disconnect usb web-cam inside a VM, and better is to cover the web-cam with a white-or-black small piece of paper. Some computers model already comes with a physical shutter to cover the web-cam glass-hole. PCI-passthrough features in hypervisor software can be used to connect extra/2nd PCI / PCIe based keyboard interface or other physical hardware devices DIRECTLY with the Guest-OS VM, to use a completely separate keyboard or other device, than host's keyboard. And there are GRUB, etc boot-manipulation software based tiny bootable iso which can also be used with hypervisor/VM, to boot from a Physical Bootable USB sticks, inside VM, directly. Bootable USB sticks can be imaged, and can be booted inside the VM as well. Hope these info helps, - -- Bright Star. Received from intrigeri, on 2013-11-01 2:30 AM: Micah Lee wrote (31 Oct 2013 22:24:13 GMT) : With SecureDrop, the viewing station requires Tails with persistent storage, and you can only use persistent storage if you boot off of a USB stick. FTR: you can boot from DVD and use persistence on a USB stick. It's not documented nor formally supported, but I'm told it works fine. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJSc5IwAAoJEID2ikYfWSP6MCoP/1oPgNRqqSp6TIKBywk2f8It k05p/wbhHkncBolhrSrae5uXPIpaSm61xjod4tODVv9Sdql4OIlHKuf2lCwhhFBm Yc9WdkeeISLfgOAJ1Xx+lQS/63SYfFG/rGqykcide/S/ffaB+MC2BO6qWhpsoPNr OhGoT+xmS+5wU/LmXvav7xGPIw8jM21R7Ow6j0IntLEW5DlELgLDAMQqFyrT1rVs 2junaPn+cXM1fmtLORQUzUVqtnyKMAjCY5/qqWxNuBdCbjjff8MKM/BTYU7SH71i gEhmvCsI3+muKbqtBC8yLSOYxxwbMEAQTA0eOKlHi6dfmPaqy5uXWjhKpHjiM5qW 4j3LSgReNlEK+9XKrUYZmy6LZ2p73CdhRnhmjLJP6D05Xs3cXhanqdYc9IRtCgsf gZsC03aBQ6/JcGURr8YJ6IJeBWxdbKbdMUUjoI3/FCGsjVTkdoeJ8DE2yTgSvB8+ 6YCIaGLT/qI3SYgWMzYYtl2Q0y0D2Ht7RAMjmVVu+SnUCeqxUjo7G4kJYiOM0pC7 vcTNOVKiFhp192PGVc+j4vCcpfKwkBdBcbSpuhaA6QUQqEUor4U0FcjiV4NqdfYh qRCUZbDOZgxwcgdj6oHhLfUYKc5uCkO3qsl3RTxpPUQecNbXBiXxQUOdM7Cn9Wvt Xq7wBEVIwABkWijLgJrS =/iHe -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: SecureDrop, new whistleblower submission system
Il 11/1/13 12:36 PM, Bry8 Star ha scritto: TAILS should release a VirtualBox VM based edition. The use of Tails with a Virtual Machine would break the SecureDrop threat model, so virtualization cannot be used in that context. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: SecureDrop, new whistleblower submission system
On 11/01/2013 02:30 AM, intrigeri wrote: FTR: you can boot from DVD and use persistence on a USB stick. It's not documented nor formally supported, but I'm told it works fine. Really? I need to try this. I'd prefer to boot from a DVD and use an internal hard drive or sdcard or something for persistence anyway. I hope someone documents this :). -- Micah Lee @micahflee signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: SecureDrop, new whistleblower submission system
Here is an interesting TAILS and Tor-based application and project. TL;DR go to developer site: https://github.com/freedomofpress/securedrop/ Also some off-topic info about whistleblowers and their trials. -- Forwarded message -- From: *Freedom of the Press Foundation* i...@pressfreedomfoundation.org Date: Wed, Oct 30, 2013 at 2:47 PM Subject: Introducing SecureDrop, the new whistleblower submission system Freedom of the Press Foundation Visible: Supporting transparency journalism in the face of adversity /a publication of the Freedom of the Press Foundation/ Volume #01; Issue #04 *Introducing SecureDrop, the New Whistleblower Submission System* Freedom of the Press Foundation has taken charge of and upgraded the DeadDrop project, an open-source whistleblower submission system originally coded by the late Aaron Swartz. In the coming months, the Foundation will also provide on-site installation and technical support to news organizations that wish to run the system, which has been renamed SecureDrop. Forbes just launched the first updated version of SecureDrop, and a half dozen more organizations will launch their own in the coming months. As our founder and board member JP Barlow recently said: We’ve reached a time in America when the only way the press can assure the anonymity and safety of their sources is not to know who they are. SecureDrop is where real news can be slipped quietly under the door. Please help us keep SecureDrop alive and as secure as possible by helping fund the project. You can donate to SecureDrop here: https://pressfreedomfoundation.org/securedrop#donate *How We Crowd-Sourced Transcripts of the Entire Chelsea Manning Trial* On May 9, 2013, we made a bold claim on the Freedom of the Press Foundation website: we would crowd-fund enough money to hire independent court reporters to provide same-day transcripts of the entire Chelsea Manning court martial to the press and public since the government refused to release its own. We knew that it was vital that the public have a virtual seat in Chelsea Manning’s trial, and paying professional court reporters to transcribe the proceedings seemed like the perfect way to add transparency to the secretive trial. But we had no idea how many obstacles we would face. Here’s the story of how, with your help, we raised $100,000 to transcribe the entire trial – and how your donations helped us document history: Read more: https://pressfreedomfoundation.org/blog/2013/10/how-we-crowd-sourced-transcripts-entire-manning-court-martial *Will Attorney General Eric Holder Guarantee the First Amendment Rights of the NSA Journalists? * Guardian journalist and founding board member Glenn Greenwald's partner, David Miranda, was detained at Heathrow airport for almost nine hours, while on a journalistic mission paid for by the Guardian. His electronics were seized, and he was forced to hand over his social media passwords under the threat of imprisonment. He was detained under the UK Terrorism Act – for an act of journalism. This was an assault on press freedom that should make every reporter shudder, no matter their opinion on the NSA. Our board member, actor and activist John Cusack, calls on the Attorney General to guarantee all the NSA reporters safe passage back into the United States. Read more: https://pressfreedomfoundation.org/blog/2013/10/will-attorney-general-eric-holder-guarantee-first-amendment-rights-nsa-journalists *EXCLUSIVE: Clapper Memo Reveals Rationale Behind NSA Review Group Secrecy * The NSA review group was formed in response to the Edward Snowden NSA stories and is supposed to investigate the NSA’s powers and recommend changes. Obama said the panel would ponder how it could maintain the trust of the people and how we can make sure that there absolutely is no abuse in terms of how these surveillance technologies are used. But new FOIA documents obtained by investigative journalist Jason Leopold show that Director of National Intelligence James Clapper apparently had no intention of allowing the much-maligned review group to conduct its work in a transparent manner. Read more: https://pressfreedomfoundation.org/blog/2013/10/exclusive-clapper-memo-reveals-rationale-behind-nsa-review-group-secrecy * * * *Donate to support and defend transparency journalism!* You can help us guide the future of investigative reporting. Support Freedom of the Press Foundation's new SecureDrop: https://pressfreedomfoundation.org/securedrop#donate Support our National Security Bundle (WikiLeaks, Bureau of Investigative Journalism, Center for Public Integrity, TruthOut): https://pressfreedomfoundation.org/ Website: https://pressfreedomfoundation.org Twitter: https://twitter.com/freedomofpress About: https://pressfreedomfoundation.org/about Board and staff: https://pressfreedomfoundation.org/about/staff -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to
Re: [tor-talk] Fwd: SecureDrop, new whistleblower submission system
At GlobaLeaks we are using too Tails since a couple of years for the receivers. However our practical experience is that Tails is a good platform for journalists only in theory. That's because most of the journos use an Apple Macbook and Tails is very badly supported on that platform. Btw GlobaLeaks developer site: http://github.com/globaleaks/globaleaks Fabio Il 10/31/13 2:30 PM, krishna e bera ha scritto: Here is an interesting TAILS and Tor-based application and project. TL;DR go to developer site: https://github.com/freedomofpress/securedrop/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: SecureDrop, new whistleblower submission system
On Thu, 31 Oct 2013 21:06:35 +0100 Fabio Pietrosanti (naif) li...@infosecurity.ch allegedly wrote: At GlobaLeaks we are using too Tails since a couple of years for the receivers. However our practical experience is that Tails is a good platform for journalists only in theory. That's because most of the journos use an Apple Macbook and Tails is very badly supported on that platform. Could you not run tails in a VM using virtualbox on the Macs? (I ask because I have no experience of virtualbox on a Mac. I only run Linux. Tails runs fine on a VM hosted on linux so I see no reason why it could not run on a VM hosted on OSX.) (OT I know, and more appropriate for a tails list) Mick - Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net - signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: SecureDrop, new whistleblower submission system
On 10/31/2013 01:45 PM, mick wrote: Could you not run tails in a VM using virtualbox on the Macs? (I ask because I have no experience of virtualbox on a Mac. I only run Linux. Tails runs fine on a VM hosted on linux so I see no reason why it could not run on a VM hosted on OSX.) (OT I know, and more appropriate for a tails list) With SecureDrop, the viewing station requires Tails with persistent storage, and you can only use persistent storage if you boot off of a USB stick. (I haven't tried it yet, but you could probably get Tails running in a VirtualBox with persistent storage as long as you're booting the VM off of a real physical USB stick.) SecureDrop also depends on hidden services. To see a good overview of how the hidden services and Tails end up working in practice, see: https://github.com/freedomofpress/securedrop/blob/master/docs/user_manual.md -- Micah Lee @micahflee signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk