Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
To beat evercookies, it is suggested that one uses a live CD that is used by many people, such as tails.
And to make it even harder to uniquely identify the browser PC, run the live CD in a vmware virtual machine so the hardware is identical to millions of others. And randomly change the virtual MAC address with a script in every power-up so even native execution such as trojans is hopeless.
And of course access the internet only through TOR, and do it via another PC that is set up as a gateway (non-TOR gateway) and firewall so that Flash and all active content is forced through TOR too.
EDIT: And to make behavioural tracking much harder, have the discipline to only visit one site per session, reboot the live CD between sessions, and change the TOR IP between sessions (done on the gateway).
Are there weaknesses not accounted for in the above anonymity setup?
Notice it is desirable to survive intrusions due to security holes in the browser or operating system. Is this achieved above?
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
Rep:
When using VBox with the vboxmanage command:
Code:
--macaddress<1-N> auto|<mac>: With this option you can set the
MAC address of the virtual network card. Normally, each virtual
network card is assigned a random address by VirtualBox at VM creation.
"Are there any weaknesses in this anonymity setup?"
Yes, because there are weaknesses in any anonymity setup. Using Tor (especially within an OS like Tails) can provide a high level of anonymity against certain attackers. However, other adversaries (such as the NSA) will very likely be able to de-anonymize you in spite of using Tor. The point is, you can be 100% sure that some weakness exists somewhere in *any* anonymity setup, but if you are defending against an adversary with less resources/skills, you very likely can defeat them with your less than perfect system.
And to make it even harder to uniquely identify the browser PC, run the live CD in a vmware virtual machine so the hardware is identical to millions of others.
Among other things this would also mean the user can't use any custom browser configuration and should be careful to insert enough "noise" in web visits and searches to avoid building up an unique profile and identifying a user by the URIs he or she visits regularly.
Quote:
Originally Posted by Ulysses_
And randomly change the virtual MAC address with a script in every power-up so even native execution such as trojans is hopeless.
Changing your MAC address does in no way stop execution of trojans. Is there any evidence at all of in-browser malware that suggests them using network details? If there is, what would actually stop them from using any other browser or hardware identifiers instead?
Quote:
Originally Posted by Ulysses_
And of course access the internet only through TOR, and do it via another PC that is set up as a gateway (non-TOR gateway) and firewall so that Flash and all active content is forced through TOR too.
No, if you want to avoid that then you'll have to browse the 'net as inert as possible. Meaning applications that simply are not capable of more than HTML 1.0 specs (no cookies, no HTML 5, WebGL, pings, JSON, websockets etc, etc.), don't recognize Java, ECMA or Javascript nor any plugins.
If the anonimity / usability trade-off isn't to your liking then that simply means you've set your priorities differently :-]
Quote:
Originally Posted by Ulysses_
Are there weaknesses not accounted for in the above anonymity setup?
How about the first hop router, SOHO router, PC, hypervisor, Live CD or applications being rigged? ;-p (How will you determine conclusively they aren't?)
Quote:
Originally Posted by Ulysses_
Notice it is desirable to survive intrusions due to security holes in the browser or operating system. Is this achieved above?
No and if you don't constantly audit the whole system including network traffic and payload you'll never know.
how do you randomly change mac address with a script
On vmware I was thinking of running a shell script that launches the VM after editing with sed its vmx file, specifically the line that contains the MAC address.
Among other things this would also mean the user can't use any custom browser configuration and should be careful to insert enough "noise" in web visits and searches to avoid building up an unique profile and identifying a user by the URIs he or she visits regularly.
If only one site is visited per session and the live CD is rebooted between sessions, and the TOR IP is changed between sessions (done on the gateway), then is the profile unique, as built by a single site? Noise probably makes it more unique, cause no one else will be doing such random-looking browsing.
Quote:
Changing your MAC address does in no way stop execution of trojans. Is there any evidence at all of in-browser malware that suggests them using network details? If there is, what would actually stop them from using any other browser or hardware identifiers instead?
We do not want to stop execution of trojans here, we want to execute them and survive them (ie keep anonymity). This is the purpose of this live CD setup. How can a trojan remove my anonymity in this setup, given the additional discipline that the live CD VM is rebooted between site visits and IP changed too?
Quote:
How about the first hop router, SOHO router, PC, hypervisor, Live CD or applications being rigged? ;-p (How will you determine conclusively they aren't?)
The routers see TOR traffic coming out of the gateway VM. What can a rigged router do about TOR packets passing to reveal my true IP to the site being visited or register me as interested in the site?
How will a rigged live CD reveal my true IP if the gateway is rock solid openbsd (sources thoroughly reviewed with structured walkthroughs etc).
Even a rigged vmware hypervisor cannot see my true IP if the gateway is not a VM but a real physical computer with two ethernet ports, what is it going to do about it? Record the MAC address of the one port? Can MAC address change in physical gateway too?
Yes, because there are weaknesses in any anonymity setup. Using Tor (especially within an OS like Tails) can provide a high level of anonymity against certain attackers. However, other adversaries (such as the NSA) will very likely be able to de-anonymize you in spite of using Tor. The point is, you can be 100% sure that some weakness exists somewhere in *any* anonymity setup, but if you are defending against an adversary with less resources/skills, you very likely can defeat them with your less than perfect system.
If so, then how come online criminals still exist and do not get caught? I hope you won't say the NSA has no interest in criminals.
Just because a system hasn't been broken yet, it doesn't mean it's flawless.. There is no such thing as a perfect flawless system.. Just think about this: http://en.wikipedia.org/wiki/Unusual_software_bug
If so, then how come online criminals still exist and do not get caught? I hope you won't say the NSA has no interest in criminals.
1) The NSA is run by criminals. They commit crimes (e.g. violations of our 4th amendment rights, computer crimes, fraud, sabotage, etc.) in the name of "national security".
2) If you think the existence of fraudsters and kiddie porn hosters is evidence that the NSA can't track these people down, you are misunderstanding what the NSA does. The NSA isn't after people selling drugs on Silk Road -- their job isn't "fighting crime". They are interested in surveilling people who threaten "national security" (i.e. the interests of the ruling elite) -- people like political dissidents, whistleblowers, foreign intelligence agents, etc. They are interested in gathering information that can be used to assist their goal of global military/economic domination (e.g. by spying on foreign heads of state, stealing trade/technology secrets from other countries, monitoring the communications of military adversaries, etc.). They are not interested in stopping credit card fraud or thrill-seeking teenage crackers.
3) The fact that vulnerabilities haven't been exposed yet does NOT mean that there are no vulnerabilities. Every computer security system has vulnerabilities -- there is no such thing as "perfect" security. The best you can do is claim that you've closed off vulnerabilities you are aware of, and have defenses against. But if you start claiming that you have a perfectly secure system, you are just being naive. What if your system has a hardware backdoor in it? Are you sure your random number generator isn't buggy? What if you are arrested by state security forces and tortured until you give out your passphrase?
Last edited by jessetaylor84; 01-11-2014 at 04:26 PM.
There is a difference between insecurity because your knowledge is incomplete and insecurity because you know but do not bother. Let us concentrate on the issues we know of and can do something about.
Since TOR is clearly the weakest link, what else is available? How about ultra long chains of socks proxies (not http proxies), spanning as many hostile countries as possible?
What if the gateway PC is a desktop assembled from old pieces that you visually check yourself (so less likely to contain spy hardware)? Then if the client laptop contains spy hardware, to prevent it from "reporting to base", the gateway can be set up to prompt you with
"Allow connection to 215.34.3.4 (somedomain.com)?"
every time you visit a site and if this is not the site you want, you say no.
That article says freebsd solves this by not relying on Intel's or VIA's RNG's but having its own. Does openbsd do the same in the gateway, or can it be made to do the same?
Actually, you're building your system with the wrong things in mind..
When talking about security and trackability, you should be thinking what is more exploitable and when... So, the weakest link is actually the browsers while being connected to the internet (think about a 0-day XSS exploit found in some weird combination of unclosed tags, or some 0-day header exploit)..
So, if you were to get each page with, let's say curl (having on each request a different User-Agent, no session, etc) and then view those pages with any browser you want in a VM without internet access you would render any and all browser exploits null..
Now, you need to still be anonymous... Browsing of your normal connection wouldn't make that much sense.. So, yes, TOR is a very good option (since you're not exploitable) and would be very hard to beat.. You could try a chain of socks proxies but would need to get your hands dirty so every time you make a request (or at least every 5, 10 minutes or so) your route should completely change..
I don't know, in my view this is something that would finally reach the untrackable stage
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.