Live CDs for the practically paranoid

[wat0114]

Quote:

Originally Posted by Hungry Man

LiveCDs use TempFS to allow you to install software. It obviously is not persistent.

Right, that's the problem after add-ons and updates are installed within the live environment; they're flushed away when it's unloaded, unless I'm unaware of some new technique that saves them? The only method I'm aware of that saves settings and personal data data is in Puppy's environment, in a.3fs or .2fs file, I think it is. However, that's on an external h/drive or USB stick, then in this case there doesn't seem much point in using a live environment when most of those using it want all their data flushed when done.

[ComputerSaysNo]

Oh yeah I didn't mean they were permanent just that YOU CAN download add-on's and security updates for LIVECD's. It comes in handy, sorry if I didn't make sense.

[wat0114]

No worries, just seeking clarification

Quote:

Originally Posted by ComputerSaysNo

Oh yeah I didn't mean they were permanent just that YOU CAN download add-on's and security updates for LIVECD's. It comes in handy, sorry if I didn't make sense.

Right- that was my point. I don't see the benefit of installing all the updates & add-ons every time you start up a live CD.

[lotuseclat79]

Quote:

Originally Posted by BrandiCandi

wat0114, you're exactly right.

It doesn't. If you install add-ons like Notscripts, WoT, etc. in your browser to harden it, then you're better off. But you can't do that on a live CD. Hence the limitation.

Using a live CD for banking is off-topic from the original question. I don't recommend a live CD for the original question. If you want to use a live CD for banking, then it could work. If you only go to your bank's website in any session, then the chances of your credentials being stolen are extremely low IMO.

Hi BrandiCandi, et.al,

What you can do is build your own private environment for doing all of the things that you said you can't do with a Live CD/USB - which is what I have done.

I do save my browser profile everyday (on a mounted disk) to preserve the tiniest changes like unchecking the Firefox Update that I did today, plus the new bookmarks or RSS feed deletes or adds.

The setup shell script retrieves initial setup items, and a follow-on larger set of updates to the Live CD environment (package files which have been tar'd) for installation - although they are not detected by Synaptic Package Manager as being installed, they work just fine.

Needless to say, the setup takes a few minutes to finish - all before my network is initialized. Not everyone is as patient as I am willing to be everyday.

One alternative would, of course, be to make a persistent USB flash with all of the setup lauches happening automatically which is on my TODO list.

Another alternative is to stage and build a new private ISO from the original and it is not overly complicated if you know what you are doing. An example, would be to splice a PAE kernel into the ISO to utilize more available RAM than would otherwise be used in default 32-bit kernel ISOs.

-- Tom

[kareldjag]

An interesting possible live CD that would satisfy the paranoids can include the last kernel with hardened patch like grsecurity, a virtual keyboard, an alternative BIOS like Coreboot, a text browser like Lynx (higly mitigate XSS/CRSF), this coupled and attached with a virtual keybaord device (http://www.designbuzz.com/entry/10-v...-type-surface/ ) and an anonimity (vpn) hardware box.
If needed, authentification devices (biometric, smart cards etc.) can also be used. And i do not talk about encrytion, TPM...
Then it s up to the hypothetical attacker to hack this session, to get a shell and to plant a Bios rootkit...
I am always surprised when visiting this board about the obsession of Security
Statistical securirty can be circumscribed with the help of anual rapports by antivirus campanies, universities, or gvt agencies and instituts
AlienVault has puslihed recently a graphical summary http://www.alienvault.com/2012/08/th...y-infographic/
This is quite funny to think that when each one of us uses a LiveCd there is an hacker somehere who wants to own our system...
well...Let s come back to reality...

Building his liveCD from scratch can not be done with a few mouse clicks of course, but there is easy ways to build one onlines.
With a Live CD, the root file system is mounted as read only. tmpfs operates directly in RAM; then datas can be read on the CD/DVD but not can not be stored AND survive to a reboot.
For those who do not wish to attach any storage device, an easy solution is to use a web server (mail, cloud storage).

Quite of the toppic is the forensic and legal issues impact of some Live CD, as some script modify file system (Ext3/4) during the boot process.
The linux community is active, and anyone can found His live cd, for exloring online hostile territories ("and to boldly go where no man has gone before"?), analyze malwares, protect his privacy, bank online, check for vulnerabilities on web server etc...

rgds

[wat0114]

Quote:

Originally Posted by kareldjag

This is quite funny to think that when each one of us uses a LiveCd there is an hacker somehere who wants to own our system...

Right, and I'm still not convinced a live cd is necessary, even regarding the OP of this thread's question "to poke around on known attack sites". All of the most important directories are protected against write permissions and there are sufficient ways to protect against web-borne threats without the need to boot off a live cd. Personally I see them as overrated and offering nothing more than a placebo effect.

[ComputerSaysNo]

I agree with the previous posters, sometimes we can be too paranoid on this forum. Look at the privacy forum and it can get quite silly and plain stupid at times.

I know what the OP is searching for in a LIVECD but I haven't found it yet, I doubt I will. But there are some very good alternatives there still.

I totally agree- I don't even read the privacy forum anymore because of that Yes, let's keep it real by all means. The original question was this:

Quote:

Originally Posted by Gullible Jones

What live CDs are out there for those who want to explore potentially hostile online territory?

One does not go to a gun fight shielded by styrofoam. Likewise, one does not puruse the "potentially hostile online territory" without the proper defenses. Sandboxes and honeyclients were specifically designed for the purpose of exploring hostile online territory. Live CDs were not. It's not paranoid to properly protect yourself when you're purposely exposing yourself to higher risks. It's smart.

[ComputerSaysNo]

BrandiCandi it's a bit like that eh...I agree in part but if you run a LIVECD that's got good code your session should be wiped on reboot. You should never be allowed to mount the disks during a LIVECD session and most don't allow it so it's pretty safe.

I have a suggestion OS>VM>LIVECD that should give you enough protection. Ubuntu would be a good host OS due to the fact you get automatic security updates, fine tune the firewall and load the VM.

[Critter2]

A live CD would work perfect for my setup, but I do not need one

I have a 40gb internal hard drive and all other drives
are external with a off switch, no malware can get by that switch
and I use a image software program, when I want to go to "untrustworthy"
sites I just make sure all external drives are OFF and then I don't worry
about it, if I get infected "who cares"
When I come back to the so called safe world I just do a 5 min re-image
and all things are well

[lotuseclat79]

Quote:

Originally Posted by ComputerSaysNo

...You should never be allowed to mount the disks during a LIVECD session and most don't allow it so it's pretty safe.
....

In a Live CD/USB session, it is possible to disable networking between the router and computer, mount a disk, save a previously downloaded file, unmount the disk, and then re-enable networking. No harm no foul.

-- Tom

[ComputerSaysNo]

Quote:

Originally Posted by lotuseclat79

In a Live CD/USB session, it is possible to disable networking between the router and computer, mount a disk, save a previously downloaded file, unmount the disk, and then re-enable networking. No harm no foul.

-- Tom

Yeah I guess, but you have to disable networking so how are you going to get attacked? During a live session you should not be able to mount the disc.

[lotuseclat79]

Quote:

Originally Posted by ComputerSaysNo

Yeah I guess, but you have to disable networking so how are you going to get attacked? During a live session you should not be able to mount the disc.

Clearly, if the user does not want to be able to mount disk(s), then the Live CD/USB can be so constructed to do that, but there are users the want to be able to save downloaded items from a Live CD/USB environment. Let the user choose for themselves - caveat emptor.

-- Tom

[kareldjag]

hi
It is also possible to modify the kernel that will see no device at all...
The primary question focus on a paranoid environment, wich excludes the Lotuclat79 scenario (a paranoid will not save anything).
As prooved by the LiveCD experience (from one year to twelve years) of some users i know, they never encountered any persistent code during a session.
With serial "if", we can put Paris in a bottle of wine, and L.A in a bottle of Bourbon...
And if i detect a port scan, an OS finguerprint, and then control 100 PC of an University to react by a DDOS...
If a LiveCD is not secure against code persistence, then i suggest to all the sceptics to prove it in practise, not by speculations.

Rgds

[Snoop3]

maybe you have the wrong approach?

what about instead you buy a cheap old disposable netbook type computer (off Ebay?), remove the HDD, and get yourself a cheap USB cell modem internet plan (over here we have Virgin Mobile offering this kind of thing) and then you can run any variety of Live CD that you want. use this disposable computer only for surfing dangerous sites or whatever, and with cell modem over here at least you get a different IP at every logon so nobody can really target you.

and if you need to grab webpages or data just get an cheap 8 GB SD card and only use it on that computer.

[ComputerSaysNo]

I'm sure attacks exist but I haven't heard of one against a live CD except MiTM attacks. If your up against someone who can it's best to shut the computer off and pull the plug.

[wat0114]

Quote:

Originally Posted by kareldjag

If a LiveCD is not secure against code persistence, then i suggest to all the sceptics to prove it in practise, not by speculations.

Rgds

From my point of view and limited knowledge, I'm not disputing a live cd's security against code persistence, unless it uses something similar to Puppy's .2fs file; obviously everything is "flushed" after a reboot. I've only questioned whether it's any more secure once loaded into RAM against exploits like XSS or 0-day exploits than a typical setup on a host machine's physical hardware. There has also been mention that a live cd's applications can be updated - at least after loaded in memory - but in reality, how many people with one of these 3-6 month disks in their toolbox actually update everything critical, such as Flash, Java, and the browser, after they load the disk's contents in RAM? This is both time consuming and prone to oversights.

All I'm saying is I contend they are not necessary to browse securely for purposes such as banking. A properly maintained and set up physical host system should offer at least as secure or probably better security for these type of sessions.

[lotuseclat79]

XSS is well protected against via NoScript Firefox addon. 0-day exploits have no defense until a signature is developed.

I just dumped Java from my Live USB setup, and normally update Flash when available for Linux which I also did yesterday. This is local to Firefox browser plugins profile directory (I save my FF profile after ever session that saves a bookmark, RSS feed modification, etc. - takes just a few minutes after my network has been shutdown (turn off router)).

If you comit to banking via the Web, then a secure browser environment (includes physical host system) is required. I never bank online - I don't trust the bank's M$ Windows systems - not secure enough for me. It is swiss cheese security as far as I am concerned (unless the system was designed with security aforethought - any claim of being secure is pure fallacy).

Something like the Qubes system is more to my liking (see Qubes Architecture).

-- Tom

[ComputerSaysNo]

Banking on a liveCD connected to TOR is a big NO. I wouldn't do that if you ask me. That just asks for trouble and raises suspicion of why on earth you would use a legitimate bank account/credit card online through TOR.

But regular banking is quite safe, even on a UBUNTU livecd. Even if you do get hacked then your bank/credit card company automatically replaces the lost funds. In fact I've never heard of a bank that didn't.

[lotuseclat79]

I second what ComputerSaysNo said on the basis that Tor exit nodes are not to be trusted from the standpoint that not only is it the weak link in Tor where your login password is vulnerable to capture, but the entire transaction would not be end-to-end encrypted via Tor.

-- Tom

Tor is a privacy tool, it has absolutely nothing whatsoever to do with security.

It's an onion router that sends your traffic through a bunch of other nodes so that it emerges from the "exit node" somewhere far away from you. If you send encrypted traffic through Tor, it stays encrypted. That's not the problem.

The potential security problem is that one of the nodes in the network could pretend to be your bank and capture your name & password. You have to trust all the nodes in the network, and there's no reason to trust them. When you use Tor for sensitive transactions, you are trading security for privacy IMO.

If you want to cyber-stalk your ex-girlfriend then Tor is great because your traffic will appear to originate from a completely new IP. If you have entirely too much money and need to get rid of it, banking through Tor is a great way to get a hacker to clean out your account.

[lotuseclat79]

Tor traffic stays encrypted "within" the Tor system, but an exit node operator could be operating code like Wireshark to capture all traffic that gets unencrypted between the destination website and the exit node, i.e. what RandiCandi said.

-- Tom

[ComputerSaysNo]

I disagree that "encrypted" means encrypted. Tools like SSLstrip can easily sniff SSL traffic.

[Hungry Man]

I wouldn't say 'easily' - it won't necessarily work.