LWN Weekly Edition
Front pageSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->One big page
This page
Previous weekFollowing week
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SecurityParanoidLinux: from fiction to realityA novel for young adults by Cory Doctorow has inspired the creation of a new Linux distribution focused on privacy. ParanoidLinux is still in the planning stages, but it adopts some interesting ideas from Doctorow's book to place atop a Debian Testing base. It is targeted at those who have a very strict need to disguise their documents and network traffic because of a repressive regime. Doctorow is familiar to many in the free software world, for his work as a science fiction author as well as a digital rights activist and blogger. His recent novel, Little Brother is set in the US after another devastating terrorist attack. Because of the attack, most civil liberties have been suspended leading some characters to use an alternative operating system:
ParanoidLinux is an operating system that assumes that its operator is
under assault from the government (it was intended for use by Chinese and
Syrian dissidents), and it does everything it can to keep your
communications and documents a secret. It even throws up a bunch of "chaff"
communications that are supposed to disguise the fact that you're doing
anything covert. So while you're receiving a political message one
character at a time, ParanoidLinux is pretending to surf the Web and fill
in questionnaires and flirt in chat-rooms. Meanwhile, one in every five
hundred characters you receive is your real message, a needle buried in a
huge haystack.
It is that description, along with others in the book, that is guiding the development of the "real" ParanoidLinux. While it is relatively easy to come up with a fictional privacy-oriented operating system, the reality of building one is rather challenging. The project has only existed since May, so the current focus is to get some kind of alpha system put together as a starting point. The idea of "chaff" is one that has been taken up on the ParanoidLinux wiki. There are several facets to the problem: how does one generate normal-looking traffic while somehow transferring encrypted data as part of that traffic. There are existing techniques that could be used. Chaff combines the ideas of steganography—hiding even the existence of a message—with cryptographic techniques. The discussion about chaff makes it clear that the ParanoidLinux developers are looking at Doctorow's ideas carefully before implementing them. Chaff is certainly not a panacea, as it won't hide the traffic from an adversary that has specifically targeted someone. It is, instead, a means to fly under the radar, to appear to be a "normal" internet user with standard traffic patterns. Using Tor (i.e. The Onion Router) is one way to anonymously use the internet—within limits—but traffic bound for a TOR node would be very suspicious to any monitoring agency. Another privacy-enhancing feature would be full-disk encryption, but that would be yet another red flag for an agency that was inspecting the computer. These are kinds of trade-offs that are being discussed by the project as they try to narrow their focus to something that can be implemented in the near term. Hiding, or at least obfuscating, the existence of ParanoidLinux on the computer is another piece of the puzzle. It could be very dangerous to be required by the authorities to boot one's ParanoidLinux laptop. But, if it appears to be a "regular" system—perhaps looking much like Windows—it may escape scrutiny. Encrypted data might then be stored on partitions that are not directly accessible from the desktop. This is an interesting project for those who worry about government crackdowns or perhaps already live under a repressive regime. Even if the ParanoidLinux distribution does not meet one's needs, the various discussions on options and different ways to approach a privacy-oriented operating system will be useful. One hopes not to ever need such a system, but knowing that people are thinking about the problem—while generating a working version—is certainly reassuring. For that, we can thank Doctorow for popularizing the idea.
New vulnerabilities emacspeak: temporary file vulnerability
firefox: multiple vulnerabilities
initscripts: local system file removal vulnerability
kernel: denial of service
kernel: privilege escalation
mono: CRLF injection
openafs: denial of service
pam_mount: restriction bypass
phpMyAdmin: code execution vulnerability
phpMyAdmin: cross-site scripting vulnerability
rkhunter: insecure temp file
rubygem-rails: SQL injection
thunderbird: buffer overflow
viewvc: ignore user-provided MIME types
Page editor: Jake Edge |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||