LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-29-2015, 04:05 PM   #16
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860

Quote:
Originally Posted by Ulysses_ View Post
The fact that TOR and almost all security used worldwide is broken is off-topic when additions to TOR are being looked for. Additions to TOR might as well be just as imperfect as TOR. Nothing to lose.
And also nothing to win, except a false feeling of added security where there is in fact no additional security. Fact is: You can't prevent a VPS hoster from deeply inspecting a VM, including RAM, processor registers and encrypted data. If that really bothers you the proper solution would be to not use a VPS, but a co-located dedicated server.
 
Old 03-29-2015, 04:43 PM   #17
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,119

Original Poster
Rep: Reputation: 45
I don't know why you keep repeating this co-located dedicated server suggestion in a question about using a browser, don't we all have PC's at home for browsing... The purpose of using a free VPS for browsing through TOR is to prevent one's real PC and browser fingerprints being left at sites and for some more reasons outside the scope of this thread, and crucially because a VPS can be free and therefore NOT associated with a credit card number or person, unlike a dedicated server.

Any added privacy is welcome, even if it only works against VPS hosters that do not want to hire a highly skilled coder and spend tons of money developing special software with no guarantee that they will get what they want (because OpenBSD ram encryption developers are bound to have taken obfuscation countermeasures and so is anyone proposing such encryption).

Even if they get lucky and break the encryption and find the site, they still don't know who it is that is browsing the site, so nothing lost.

Last edited by Ulysses_; 03-29-2015 at 05:09 PM.
 
Old 03-29-2015, 05:18 PM   #18
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,387

Rep: Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553
Quote:
Originally Posted by Ulysses_ View Post
Ram could be encrypted too I just found out, in an OpenBSD VM:

Quote:
the OpenBSD Swap Encryption mechanisms ... does not actually encrypt physical memory but uses physical memory as a swap structure, forcing page faults and encrypting/decrypting data in resolution.
swap != ram. Anyway, ram encryption has already been covered in your other thread.

Quote:
Any added privacy is welcome, even if it only works against VPS hosters that do not want to hire a highly skilled coder and spend tons of money developing special software with no guarantee that they will get what they want
They would already need most of that to decode the graphics output into something searchable. Or else they would have to pay a human to watch you surf. Encryption (when the keys are accessible) isn't going to add much.

Quote:
because OpenBSD ram encryption developers are bound to have taken obfuscation countermeasures and so has anyone proposing such encryption).
I think you misunderstand what OpenBSD swap encryption is trying to defend against (it's not the VPS scenario you are describing).
 
Old 03-29-2015, 05:54 PM   #19
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,119

Original Poster
Rep: Reputation: 45
When a human takes a snapshot of the VPS, does any moving graphics I see freeze?
 
Old 03-30-2015, 08:17 AM   #20
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860
Quote:
Originally Posted by Ulysses_ View Post
When a human takes a snapshot of the VPS, does any moving graphics I see freeze?
Depends on the virtualization software used by the provider, specs of the VM (especially RAM size and probably size of the virtual disk) and the performance of the host machine, but my guess would be that you should see a short freeze of the entire machine, in a way which would be more or less indistinguishable from network lags.
 
Old 03-30-2015, 02:50 PM   #21
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,119

Original Poster
Rep: Reputation: 45
What about taking an image of a running VPS and resuming it as a duplicate instance of that VPS. How would they RDP to it without knowing any password? They'd need to develop software.
 
Old 03-30-2015, 03:28 PM   #22
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860
Why would they do that? They could just retrieve the framebuffer from the image. Running the duplicate would be of no use, all the data they can at that point get from the machine is present in the image.
 
Old 03-30-2015, 04:06 PM   #23
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,119

Original Poster
Rep: Reputation: 45
If finding the frame buffer and viewing it is trivial, the next strategy is not to use a frame buffer but have the VPS send tiny blocks of graphics to a remote frame buffer in my PC. Someone must have invented this.
 
Old 03-31-2015, 06:53 AM   #24
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860
Quote:
Originally Posted by Ulysses_ View Post
If finding the frame buffer and viewing it is trivial, the next strategy is not to use a frame buffer but have the VPS send tiny blocks of graphics to a remote frame buffer in my PC. Someone must have invented this.
I am not aware of any technology that does that.
 
Old 04-04-2015, 03:29 PM   #25
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,119

Original Poster
Rep: Reputation: 45
Just confirmed that both X11 forwarding and VNC use two frame buffers, one in the client, one in the server.

Does a browser write to the local frame buffer exclusively through library calls (that can be intercepted and sent to another rendering server)?

Or does the browser need direct RAM access when drawing things onto the frame buffer?

Last edited by Ulysses_; 04-04-2015 at 03:34 PM.
 
Old 04-05-2015, 05:55 AM   #26
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860Reputation: 4860
Depends on the GUI toolkit in use. Older toolkits, like Motif/lesstif can render their framebuffer remotely using calls to X11 functions, while modern toolkits, like Qt/GTK, render the framebuffer on the remote machine and then transfer the complete framebuffer, more or less a crappy implementation of VNC. If you use Firefox or Chrome/Chromium or browesers build on webkitgtk/QtWebkit the latter is the case.
 
Old 04-05-2015, 08:13 AM   #27
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,119

Original Poster
Rep: Reputation: 45
Any reasonably featured browser that works with Motif/lesstif on current distros? Amaya (ex w3c) does not install because of dependency issues.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Site not available after migrating to VPS bartdevriendt Linux - General 4 06-30-2014 09:09 AM
LXer: Three college students build a health provider search site in six weeks LXer Syndicated Linux News 0 02-10-2014 02:01 PM
Looking for VPS Provider recommendations in the USA manyrootsofallevil Linux - Server 2 08-18-2011 05:34 AM
Anonymity provider can trace you, or site being visited? Ulysses_ Linux - Security 5 03-28-2011 01:33 PM
Best VPS provider with Slackware? mkoco Slackware 2 03-06-2010 01:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration