IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Goal?
Post #68,527
by kmself
Picture of kmself
12/12/02 10:50:35 PM
Reply
New Goal?

What do you want?

\r\n\r\n

I assume being able to post without block.

\r\n\r\n

Do you also want to be free of any local monitoring? Is using Win2K a requirement, or could you switch to something else? GNU/Linux is most likely going to be more readily secured and monitored, though it may take some doing to get there. If you want a high level of assurance, you may want to go for nonvolatile media -- Knoppix or a similar distro. Note that Knoppix itself offers pretty good desktop capabilities itself, and may be sufficient. Remotely mounting your home partition from a remote trusted location via an SSH tunnel may also be of interest.

\r\n\r\n

Do you want to do forensics to find out what's being done, how it's being done, or where it's being reported to? In that case, a GNU/Linux or OpenBSD masquerading proxy (and/or firewall) with packet logging, and/or a packet sniffer, may tell you about stray bits going places. Actually, if you do that, I suspect there are others who'd be interested in the information. See also my prior comments on indexing and MD5 summing your legacy MS Windows install.

\r\n\r\n

If you want to run W2K, I'd suggest a minimal, installation, hardened, on completely wiped media. Which is going to be a PITA. Image this, index it, and md5sum it, before you connect to the 'Net. Note that this is going to make the system very unfriendly to play with as you're going to have major issues updating, configuring, modifying, adding SW, etc. But it may be relatively secure, and/or give you an idea how the system's being compromised.

\r\n\r\n

Don't overlook hardware. Keystroke sniffers are now dime-sized or smaller, capable of holding MBs worth of output, or months worth of typing. If you're going to be paranoid, don't stop at half-measures.

\r\n\r\n

\r\n\r\n
--\r\n
Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]\r\n
[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]\r\n
What part of "gestalt" don't you understand?\r\n
[link|http://twiki.iwethey.org/twiki/bin/view/Main/|TWikIWETHEY] -- an experiment in collective intelligence. Stupidity. Whatever.\r\n
\r\n
   Keep software free.     Oppose the CBDTPA.     Kill S.2048 dead.\r\n[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html]\r\n
Post #68,557
by dmarker
Picture of dmarker
12/13/02 12:31:48 AM
Reply
New Re: Goal? - At the moment is to figure out what thyz up 2

I can easily do a wipe & reinstall of Win2K - I can post from another protable computer (it seems the blocks are associated with a particular browser & os install. As time has passed more of my computers are being blocked.

Interestingly there is a big article in this weeks Newsweek on how Microsoft, Sun, Cisco & Oracle have been providing technology to the Chinese govt for filtering & blocking email & postins.

What has surprised me just a little is that this was supposed to only have happened on the mainland but it seems to me it is happening here.

Also as mentioned before, the ISP that must be allowing this to happen is the same coy I work for. Leads me to believe it is a skunk works that is in cooperation with mainland initiatives.

If I boot that same win2k computer using RH8, I don't get blocked. At this time out of 8 computers plus my work computer 5 appear to be subject to blocking & all run Win2K with SP2.

Am hoping that by posting what I find, the penny may drop somewhere & we may learn what these agencies are willing to get up to.

Cheers Doug
Post #68,577
by rickmoen
Picture of rickmoen
12/13/02 5:02:56 AM
12/13/02 2:13:59 PM
Reply
New Why I bought a laptop
Karsten wrote:

Don't overlook hardware. Keystroke sniffers are now dime-sized or smaller, capable of holding MBs worth of output, or months worth of typing. If you're going to be paranoid, don't stop at half-measures.

Reminds me. There was a time when I was chief sysadmin at $FIRM, an outfit in San Francisco. The moment $CTO came aboard, all manner of odd things seemed to be happening on the LAN, leading to the strong justifiable suspicion that he was tapping all e-mail in or out of the company, right at the switch, primarily in order to monitor discussions among other members of the executive staff that might affect his... interests. (I wish we could talk about the $12M in contracts given largely to firms in which he had undisclosed ownership interests. Can we use bad words like "embezzlement"? Hmm, probably not.)

Anyhow, I had a pretty good notion about what the gentleman was doing, without exact confirmation, and found that it, um, didn't meet my needs. I saw no reason I shouldn't have reliable, private communications between my desk at work and my server at home. Given such a channel, I could then reach out from home to any further locations, without $CTO having any access to my affairs.

So, I sat down and considered threat models. My apartment at The CoffeeNet? Not impervious, but good enough. The various wires between my cubicle and my apartment? Assumed hostile and compromised -- but fortunately SSH (properly used) makes that irrelevant to privacy, leaving only DoSing, which didn't seem to be a problem in that case. My workstation on my desk? Oh-oh.

As you said, hardware can be compromised pretty easily. So can unattended software to which the bad guys have physical access -- and I knew that it only seemed like I was at my desk 24 hours a day. If $CTO wanted to bug my Debian workstation, he might be able to do that without my being able to easily tell. Or he could put in a hardware-level keyboard sniffer, with much less effort, and I wouldn't likely find that at all.

The guy probably wouldn't bother, but I realised that there was an easy way to eliminate all those possibilities: I bought a used Sony VAIO PCG-505TX, installed Debian on it, and used it (only) for any computing for which I wanted privacy and assurance of personal control.

These days, a Knoppix CD is about 7/8 of a loaf. The bad guys' options at the level of your workstation's software just about vanish. Others exist, but you've picked most of the low-hanging fruit.

Rick Moen
rick@linuxmafia.com

If you lived here, you'd be $HOME already.
Expand Edited by rickmoen Dec. 13, 2002, 02:13:59 PM EST
Expand All History
     Seeking serious opinions - advice - (dmarker) - (29) - Dec. 11, 2002, 03:54:24 AM EST
         Perhaps some separation of duties. - (static) - Dec. 11, 2002, 04:48:56 AM EST
         is the win2k installed locally produced recently? - (boxley) - (1) - Dec. 11, 2002, 07:47:15 AM EST
             Re: iGood point Bill - go head to head - (dmarker) - Dec. 11, 2002, 07:54:44 AM EST
         Re: Is it possible to hide programs on someone computer - (dmarker) - (13) - Dec. 12, 2002, 02:55:31 AM EST
             Hidden directories? - (Ashton) - (3) - Dec. 12, 2002, 06:05:53 AM EST
                 Re: Hidden directories? - (dmarker) - (2) - Dec. 12, 2002, 08:02:16 AM EST
                     OT: About your PIC... - (folkert) - (1) - Dec. 12, 2002, 08:39:49 AM EST
                         Re: That Pic (grin) Miss HK 2000 - I used it - (dmarker) - Dec. 12, 2002, 09:23:02 PM EST
             you have been smacked - (boxley) - (1) - Dec. 12, 2002, 08:39:26 AM EST
                 Re: Hmmm that does it - will reinstall from scratch - (dmarker) - Dec. 12, 2002, 09:31:07 PM EST
             Forensics - (kmself) - Dec. 12, 2002, 10:07:02 PM EST
             Re: Is it possible to hide programs on someone computer - (deSitter) - (4) - Dec. 15, 2002, 03:06:06 AM EST
                 Hidden files & really hidden files ... - (dmarker) - (3) - Dec. 22, 2002, 09:37:34 PM EST
                     could you forward a copy of the virus to me? - (boxley) - Dec. 22, 2002, 10:10:08 PM EST
                     "Opening" attachments - (rickmoen) - Dec. 23, 2002, 12:14:22 AM EST
                     Obvious flaw - (rickmoen) - Dec. 22, 2002, 10:18:09 PM EST
             Hey Doug, - (jb4) - Dec. 23, 2002, 02:42:27 PM EST
         Goal? - (kmself) - (2) - Dec. 12, 2002, 10:50:35 PM EST
             Re: Goal? - At the moment is to figure out what thyz up 2 - (dmarker) - Dec. 13, 2002, 12:31:48 AM EST
             Why I bought a laptop - (rickmoen) - Dec. 13, 2002, 02:13:59 PM EST
         Have you tried Spybot Search & Destroy? - (Another Scott) - (6) - Dec. 12, 2002, 11:09:35 PM EST
             Re: Downloaded & will try - looks good - (dmarker) - Dec. 13, 2002, 12:43:48 AM EST
             Re: Interesting results - (dmarker) - (3) - Dec. 13, 2002, 12:58:43 AM EST
                 Most of the found items are just information. - (Another Scott) - Dec. 13, 2002, 01:14:50 AM EST
                 Re: Doug's strange new fascination with Re: - (tseliot) - (1) - Dec. 13, 2002, 11:21:30 AM EST
                     Not new by any stretch of imagination... -NT - (hnick) - Dec. 13, 2002, 12:03:07 PM EST
             Re: Have you tried Spybot Search & Destroy? - (dmarker) - Dec. 14, 2002, 12:07:34 AM EST
         Re: Seeking serious opinions - advice - (rickmoen) - Dec. 13, 2002, 04:37:29 AM EST
         FYI: XP & Zonealarm - holey shit - (kmself) - Dec. 15, 2002, 12:03:38 AM EST

If there are really aliens, I would think that L. Ron Hubbard would have to be one of them.
59 ms