[HacktionLab] Getting data 100% safe
Charlie Harvey
charlie at newint.org
Thu Apr 5 10:45:40 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 05/04/12 10:59, enjoyeverymoment at riseup.net wrote:
Hi,
> - can be implemented with what OS people commonly use (until people using
> unix/linux based things this is better than nothing no?)
No I disagree.
If you can't examine what your OS is doing you have no way to know that
it isn't undermining your attempts to protect your data.
If your data is important and the potential threat vector involves state
or well resourced corporate attackers then you /need/ to run an OS for
which the source code is available for peer review. Otherwise you have
worse than no security because you may believe your data to be secure
when you have no way to be certain that it is.
The NSA were "involved" in writing Windows Vista and Apple OSX:
http://www.homelandstupidity.us/2007/01/09/nsa-provided-security-help-for-windows-mac-os-x/
and
http://www.schneier.com/blog/archives/2007/01/nsa_helps_micro_1.html.
The full source code of these OSes have never been released to the
public and we don't know what the NSA's involvement was.
A mysterious backdoor key called NSAKEY_ was found in Windows NT back in
the day http://www.networkworld.com/newsletters/sec/0927sec2.html IBM
gave 24bits of the key to Lotus notes to the NSA (same article),
effectively allowing the NSA to read any emails on any Lotus Notes server.
Microsoft even make a special tool for cops to circumvent many of the
built in Windows privacy protections:
https://www.microsoft.com/industry/government/solutions/cofee/default.aspx
or
http://www.slashgear.com/microsoft-cofee-security-key-sucks-criminal-data-from-locked-down-pcs-2911404/.
If you actually need your data to be secure, then you actually need to
run a peer-reviewed OS (I prefer free software ones, but the
availability of the source is the important thing here). If you just
don't want it being seen by a casual attacker (like a neighbourhood cop
or your family) then what you suggest might be enough.
Cheers,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCgAGBQJPfXfUAAoJEPytMqUZaqlzoLUQAIvH03OHYmZajkIqKuDS+Kr1
zOG53gjSFqh2nvqnvNJ8kswikZLcMTqW+W7nUpBoNq+ag5Jjj6uk12I9owc7jMro
aCa+RopxWju/h+Lf1/aYOekO6hqiH7N9bhDkIfaGuW+pJmYO/0LNfAzPbrno1kdB
m2xpNkwDnzmoqd5wX1oArARSJN0I2jp8ES28+kT5lRfmTzZn/Q0+tVpSWpb7Yare
JAiKMvlsaqcyI5cj0e5PY/G4m+vnlVP5ugu7kWG3vCHS0/ybClVTuZMucvZ713je
5kYG82hfqQvFSiP6d9MtyDgFESad28Tzfc3Aphe3fy5zZzfy9hxv7BlyM7VSmBPO
vSs8kzrbbIqMbJUw1CYgiud6cevkqMV777/QK5/6LepON2b+X4H27wzW4e3AUf3G
O9KeooCMQMP8dwDDgkRbbm5etE3ZWB6M0jO2DpY0k3rv0uDV7Kr9jpbeKwAoWO+U
2quvzrTAf72z2obLKGRLCdWR91wWPaRBj9IV2LI4gB7KMToX/i1TMr8qJEs8dJ1O
2CEfmsBcHPWfSaDY+oSvfVF05Vff4Y9nthWtWHT6BizUxpCH1P4fbUjeSSnYRv/d
tkAtRoWmMeVei4p7+gQKMw7x2En5qm6jKDfDalxLk02uJdSGjzZiEHZ+z4qOYCzg
XZDuc7C4/ZZS3o68QwT/
=Zzi0
-----END PGP SIGNATURE-----
More information about the HacktionLab
mailing list