Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

A Linux Distro From the US Department of Defense

timothy posted about 3 years ago | from the buggy-whip-for-the-bandwagon dept.

Security 210

donadony writes "The Lightweight Portable Security distribution was created by the Software Protection Initiative under the direction of the Air Force Research Laboratory and the U.S. Department Of Defense. The idea behind it is that government workers can use a CD-ROM or USB stick to boot into a tamper proof, pristine desktop when using insecure computers such as those available in hotels or a worker's own home. The environment that it offers should be largely resistant to Internet-borne security threats such as viruses and spyware, particularly when launched from read-only media such as a CDROM. The LPS system does not mount the hard drive of the host machine, so leaves no trace of the user's activities behind."

cancel ×

210 comments

Yeah well (1)

oldhack (1037484) | about 3 years ago | (#36840910)

What about the fingerprints? Screen ghosts? Not to mention all that quantum electron crumbs...

quantum electron crumbs...? (2)

Rhinobird (151521) | about 3 years ago | (#36842014)

Dude. That's what housekeeping is for...

Re:quantum electron crumbs...? (1)

oldhack (1037484) | about 3 years ago | (#36842130)

Dude, you have her number?

No trace, eh? (-1, Troll)

theillien (984847) | about 3 years ago | (#36840916)

Seems like something child pornographers would be interested in. Among other people.

Re:No trace, eh? (1)

Lennie (16154) | about 3 years ago | (#36840952)

Not so much, thet use encryption instead.

Re:No trace, eh? (3, Insightful)

Darkness404 (1287218) | about 3 years ago | (#36841780)

...Because we all know that everyone wanting anonymity -must- be doing something illegal.

Re:No trace, eh? (-1)

Anonymous Coward | about 3 years ago | (#36841882)

this is the joke: ----WHOOSH------->
this is your head:       0
                        -|-
                        / \

Re:No trace, eh? (1)

theillien (984847) | about 3 years ago | (#36841972)

...Because I clearly said that only people taking part in illegal activities seek anonymity.

Re:No trace, eh? (0)

Anonymous Coward | about 3 years ago | (#36842020)

That sounds like something a pedophile would think. Among other people. (Nancy Grace?)

Hmm.. (1)

Conrthomas (1993390) | about 3 years ago | (#36840922)

I wonder if it includes a copy of CoFEE standard. They have *my* attention.

Wait... (1)

darth_MALL (657218) | about 3 years ago | (#36840924)

You're telling me hotel computers might be insecure? Information I could have used before now...

Hardware/Firmware Vulnerable? (0)

Anonymous Coward | about 3 years ago | (#36840942)

This would still be vulnerable to malware loaded by firmware and hardware. Not much of a vector and shouldn't have much effect on the use cases they're talking about too much.

Re:Hardware/Firmware Vulnerable? (1)

nurb432 (527695) | about 3 years ago | (#36842018)

The environment that it offers should be largely resistant....

And it seems they also understand this.. They didn't say 100%.

Review (5, Informative)

Anonymous Coward | about 3 years ago | (#36840958)

There is a review of LPS over at DistroWatch:
http://distrowatch.com/weekly.php?issue=20110704#feature

Re:Review (2, Interesting)

Anonymous Coward | about 3 years ago | (#36841620)

Thanks for the link. I think the reviewer nailed it though - the fact that it includes Flash which has new vulnerabilities about every 7 minutes and runs as root is just bizarre. Sure it resets when you reboot but if someone can easily exploit your machine and get to data you may have available on it by virtue of your existing session then all bets are off. Disappointing to me.

BIOS? (0)

Anonymous Coward | about 3 years ago | (#36840960)

Surely all those Chinese assembled PC have a key logger, or other back door, built into the BIOS power on self test? If I was in charge of a country that assembled most of the world's computers, I'd make sure that such a thing was in place.

Re:BIOS? (3, Insightful)

Anonymous Coward | about 3 years ago | (#36841136)

If I were a country whose internal stability relies on the economy and the economy relies solely on exports, I'd be really careful about doing that.

Re:BIOS? (0)

Anonymous Coward | about 3 years ago | (#36841966)

If I were a country whose internal stability relies on the economy and the economy relies solely on exports, I'd be really careful about doing that.

The civilian leadership probably agrees with you. However the military leadership that is pulling their strings probably does not.

Re:BIOS? (3, Funny)

icebike (68054) | about 3 years ago | (#36842134)

Too bad you don't run China then...

Re:BIOS? (2)

znerk (1162519) | about 3 years ago | (#36842162)

If I were a country whose internal stability relies on the economy and the economy relies solely on exports, I'd be really careful about doing that.

If I were a country large enough to embrace, engulf, and extinguish any problematic regions were my clandestine activities detected, I might be careful about doing it, but not too terribly worried about the consequences of getting caught.

Re:BIOS? (0)

Anonymous Coward | about 3 years ago | (#36841526)

Good to use an onscreen keyboard to prevent hardware key loggers.

Re:BIOS? (1)

znerk (1162519) | about 3 years ago | (#36842166)

Good to use an onscreen keyboard to prevent hardware key loggers.

... because there's no way to log mouse movement and clicks, right? Oh, wait...

RAM (1)

Baseclass (785652) | about 3 years ago | (#36840966)

If the computer is left on the RAM can still leave traces behind.
I don't see how this is any different than any other live CD though.

Re:RAM (2)

rbollinger (1922546) | about 3 years ago | (#36841010)

I don't see how this is any different than any other live CD though.

I don't think it really is any different. It's just now an approved solution for DOD personnel.

Re:RAM (1)

rafe.kettler (1946264) | about 3 years ago | (#36842120)

I don't see how this is any different than any other live CD though.

I don't think it really is any different. It's just now an approved solution for DOD personnel.

By not mounting the hard disk, fewer traces are left.

Re:RAM (4, Informative)

Pharmboy (216950) | about 3 years ago | (#36841072)

I don't see how this is any different than any other live CD though.

As someone else pointed out, this is an "approved" method, meaning they have vetted the distro and believe it to be secure. This actually makes sense, and is much better than telling your soldiers "go download some live linux cd and make sure it is secure".

One of the major benefits of Linux is the ability to make your own distro for special applications like this. And since it is available freely for download (not required but they did it anyway) and the source is available, that makes it even better.

Re:RAM (5, Insightful)

Jah-Wren Ryel (80510) | about 3 years ago | (#36841740)

As someone else pointed out, this is an "approved" method, meaning they have vetted the distro and believe it to be secure. This actually makes sense, and is much better than telling your soldiers "go download some live linux cd and make sure it is secure".

More likely it is about CYA. Government security runs on CYA. Having an approved distribution means that everyone else in the organisation can use it, recommend it, even mandate it without having to worry about taking the blame if there is something wrong with it. Without an approved distro, no distro would be permitted at all.

More generally government security is totally top down - you have groups of "experts" (who may or may not actually be experts) who come up with procedures and requirements. Those are then made into official policy and distributed downline to security officers and regular users who are expected to follow those procedures to the letter without trying to think through the actual goals. When the official policy is fuzzy, you get different sites making different interpretations, sometimes with head-shakingly comedic effect - like mandatory windows virus-scans on non-windows comptuers or forbidding the installation of ssh (because its not officially approved) while leaving rlogin in place. But even those, often ridiculous, interpretations still have full CYA as long as they don't violate the official documented policies.

Re:RAM (1)

fermion (181285) | about 3 years ago | (#36842232)

America runs on CYA. If a drug company puts out a vaccine that kills children, as long as they have followed the proper protocol they will not be liable for the murder of the children. As long as a financial company follows the rules, they can pillage and drive families out of their homes. Note that banks are not in trouble for encouraging consumers to accept loans that would most likely result in the consumer losing their homes and the banks reaping a huge profit while the families live on the street, but for not filing the paperwork with proper documentations.

Proper protocols are hugely important for efficiently running an organization. As long as the stakeholders that are primarily motivated by short term profits are minimally involved the protocols are often good. For instance, we have meat packing standards that are good, but they are controlled by the meat packers and have a lot of bulk intended to create barriers to entry to the market, and while they do protect consumers, the rules do not always encourage rouge firms to leave the market.

So as this uses OSS software, and likely was developed by internal researchers, there is no reason to believe that it is not a reasonable secure and robust system. It likely uses the security protocols developed by world renowned researches and vetting by the same, rather than the snake oil used by the average corporation in which various people received kickbacks for the purchase. As the source code is viewable by everyone, there is no gotchas as might happen if some programmer at MS were paid millions of dollars by Canada to put in backdoor.

Re:RAM (0)

Anonymous Coward | about 3 years ago | (#36841944)

Is this thing really secure though? It has essentially no security features enabled. The user runs as root and it has various security holes like Adobe Flash enabled.

Seems bizarre that they would go through the trouble of making this "secure" solution when its got gaping holes in it.

Re:RAM (0)

Anonymous Coward | about 3 years ago | (#36841488)

If they really think it is an issue, the shutdown procedure could include a RAM overwrite step

Re:RAM (4, Informative)

LordLimecat (1103839) | about 3 years ago | (#36841604)

Its different because not only is it approved for clearanced work, it also has a version of Firefox with CAC-reader support. My understanding has always been that CAC support was limited to windows; no longer.

Ha! BIOS, gotcha! (1)

VortexCortex (1117377) | about 3 years ago | (#36840974)

Yeah, this was a good idea... I actually have Ubuntu installed on a portable USB drive -- It's faster than installing off a CD and it remembers saved data, bookmarks & installed progs (instead of a clean boot image).

However, I don't think for a moment that this prevents an infected system BIOS/CMOS from infecting the MBR of the flash drive, or that even booting off of a CD-R will be able to keep me safe if the hardware can't be trusted... I mean, If you want security, why not give them a personal mobile pocket computer instead? Everyone knows that physical access = game over; If an attacker's gained physical access you've just been pwned. Not to mention how easy it is to place a low-tech internal key-logger in todays machines...

Re:Ha! BIOS, gotcha! (3, Insightful)

rbollinger (1922546) | about 3 years ago | (#36841040)

It's like using a condom... it won't protect you 100% but that's still safer than doing nothing!

Re:Ha! BIOS, gotcha! (5, Funny)

physicsphairy (720718) | about 3 years ago | (#36841584)

Actually, doing nothing is the tried and true Slashdot defense against STDs.

Re:Ha! BIOS, gotcha! (1)

Legal.Troll (2002574) | about 3 years ago | (#36842050)

underrated

Re:Ha! BIOS, gotcha! (0)

Anonymous Coward | about 3 years ago | (#36841638)

no, in that case, doing nothing would be safer

Re:Ha! BIOS, gotcha! (2)

thegarbz (1787294) | about 3 years ago | (#36841722)

I think it's more like using the pill. Not as effective as a condom.

The reason is that a lot of intrusion these days happens on the hardware level. This OS would do nothing to protect from the hardware keyloggers attached inline with the keyboard that have been seen at some internet cafes.

The summary got it right for once. It only protects against largely against the kind of internet borne threats that infect computers.

Re:Ha! BIOS, gotcha! (0)

JustOK (667959) | about 3 years ago | (#36841788)

i'm sure the govt will keep doing penetration testing on everyone's backdoor.

Oh, it get's WORSE! (-1)

VortexCortex (1117377) | about 3 years ago | (#36841048)

Oh shit! How did I miss this gem here?

LPS differs from traditional operating systems in that it isn't continually patched.

BRILLIANT! That means that any flaws in your OS or applications (web browser) WON'T BE PATCHED -- Get a clue people, this is not made to be more secure, this is just plain asinine. I'm afraid to discover any other steps they've taken to "improve security" or "harden" the systems -- LMAO!

Re:Oh, it get's WORSE! (2, Informative)

Anonymous Coward | about 3 years ago | (#36841204)

Oh shit! How did I miss this gem here?

LPS differs from traditional operating systems in that it isn't continually patched.

Poor reading comprehension? You might want to work on that. You also might want to work on that little "reading into things that which is not there" problem you got as well.

You sort of missed this part

LPS is designed to run from read-only media and without any persistent storage.

as well as the release notes that show that it has been updated several times this year.

Re:Oh, it get's WORSE! (2)

EdIII (1114411) | about 3 years ago | (#36841210)

It's asinine to claim that it is tamper proof. That right there should be raising red flags.

Considering the "threat" from China and chip suppliers to consider any machine that you have not personally inspected down to the firmware to be secure is just nuts.

Sure, they booted into a different OS and bypassed the local storage completely. Great. Any OS rootkits cannot get loaded and access the "secure" OS. Fine.

What about rootkits that can get loaded via different means? NIC cards? Storage adapters? LCD monitors that have small repeaters to record and send encrypted frames of what is displayed? Keyloggers loaded directly into the keyboard?

It's only as secure as the weakest link. Hotel computers and home systems? Yeah...... I can see the TV repair man coming in and the next thing you know we have a conduit into a tamper proof secure DoD network.

That distro is not going to be smart enough to validate all the hardware it is running on, and if it did, it would defeat the whole purpose wouldn't it?

Asinine is an understatement and we actually paid to have this developed.

Re:Oh, it get's WORSE! (2)

jimbolauski (882977) | about 3 years ago | (#36841486)

If you think they will allow access to sensitive networks you are nuts, they won't even be able to access their email unless the computer has a smart chip reader, all this is really doing it making the printing out of plane tickets from a hotel computer a little safer.

Re:Oh, it get's WORSE! (1)

LordLimecat (1103839) | about 3 years ago | (#36841622)

they won't even be able to access their email unless the computer has a smart chip reader

I might be wrong, but thats probably why the distro includes CAC and PIV card support.

Re:Oh, it get's WORSE! (1)

LordLimecat (1103839) | about 3 years ago | (#36841636)

What about rootkits that can get loaded via different means? NIC cards? Storage adapters? LCD monitors that have small repeaters to record and send encrypted frames of what is displayed?

Statistically and practically speaking, those are if miniscule concern especially compared with the relatively common MBR rootkits out there.

Not to mention the inherent difficulties in trying to install a generic rootkit to specific hardware via CMOS overwrite; I dont think its anywhere as easy as you seem to think it is. Hint-- not all BIOSes will work on all motherboards (and the same is true of NICs, etc).

Re:Oh, it get's WORSE! (0)

zget (2395308) | about 3 years ago | (#36841660)

I hope you are not being serious, but if you are.. wtf is wrong with you nuts demanding everything to completely-unbreakable, 100% safe until it's any better than the previously used systems?

The point here is not to make a perfectly safe system. The point is to make a lot more secure system than the other option is. I know slashdots value and standard has been going down for a quite while, but seriously, you people need to go out and work with real projects and understand their actual requirements before just making stupid statements.. It's like Digg.. No, it's like womens forums.

Re:Oh, it get's WORSE! (0)

Anonymous Coward | about 3 years ago | (#36841694)

Considering the "threat" from China and chip suppliers to consider any machine that you have not personally inspected down to the firmware to be secure is just nuts.

If by firmware you mean the firmware code, that is not sufficient. Malicious instructions could be hidden in the chip logic itself (and not just CPUs, either). This shows the feasibility:
http://www.infoworld.com/d/security-central/malicious-microprocessor-opens-new-doors-attack-411

Of course, that is with a field-reprogrammable chip. If you are manufacturing the chips, you don't need a reprogrammable chip.

Re:Oh, it get's WORSE! (1)

chill (34294) | about 3 years ago | (#36841834)

Every time I think people on /. can't get any more clueless, I read posts like this and my faith is restored.

NIC cards? All data is encrypted at Layer 3 or 4 (SSL/TLS or IPSEC), so all a NIC is going to see is encrypted Ethernet frames.

Storage adapters? So? Feel free to read the publicly-available ISO from the CD-ROM drive. In fact, just go download your own copy. No other storage adapters are used.

Hardware Key-loggers? Stopped by multi-factor smart cards (aka CAC and PIV cards). That is, they can't snarf passwords. They might gather other keystrokes, though.

LCD monitors with whatever magic paranoid shit you can dream up? Stop getting your tech ideas from Hollywood fantasies. Can you please point me to any of these so I can see one in the wild? Are they just randomly scattered around at Holiday Inns?

The access these things get you to is non-classified networks. Not for public consumption, but non-classified. Like access to office webmail or VPN, except using smart-cards to replace RSA tokens.

You're childish assertion of essentially "if it isn't absolutely 100% secure against anything I can imagine, it is worthless" shows you don't know shit about security.

Re:Oh, it get's WORSE! (0)

Anonymous Coward | about 3 years ago | (#36842082)

FWIW the NIC trojans were done by overwriting part of the NIC's firmware. When the NIC initialized it would have DMA and could inject it's self into a running OS, it really had nothing to do with snooping traffic but obviously if done right it could.

Re:Oh, it get's WORSE! (1)

znerk (1162519) | about 3 years ago | (#36842210)

You forgot modified video card firmware... where's your hand-wavy magic for that one?

</tin-foil>

Re:Oh, it get's WORSE! (1)

Anonymous Coward | about 3 years ago | (#36841344)

Eh? You can always burn a new copy when a security fix comes out, you don't have to pick between patching a running system and having no security fixes.

In case you don't see the problem they're addressing, many distros that aren't Debian (I think RHEL fixed this a couple years ago, too) don't have any particular way to prevent MITM attacks dumping compromised software in the form of an update, and providing corresponding MD5 sums. You can do like Debian, and require updates to be signed, or you can do like LPS, and not download any updates over an untrusted network. Both are valid fixes for a real problem, you might say Debian's approach is better, but neither has earned the derision you display.

Re:Oh, it get's WORSE! (1)

VortexCortex (1117377) | about 3 years ago | (#36841550)

Ok... so, tell me why this less secure distro is worth wasting anyone's time over considering that my writable USB gets updates as soon as they're released to my distro, sans burning / installing a new ISO... Booting from a clean USB every so often? Hmm, yeah, I can do that too.

Let's not forget -- If you put the end users in charge of their own security, they won't have any. Seriously, once I talked to a guy who figured out how to bypass the "your password has expired, choose a new password" security feature. Keep the same password by changing it 5 times in a row to exhaust the previously-used password buffer.

You seriously think they'll take the time to ensure they have the latest version of their distro burned -- Well, unless it's someone else's job (say, the PROGRAM itself) to keep the users up to date, it won't happen.

If it's not updating itself, it's not worth my time, honestly.

As others have noted, there's nothing to see here, it isn't any more secure than any other distro. If you're already mindful of security this distro isn't going to help you be any more secure.

Re:Oh, it get's WORSE! (1)

RobertLTux (260313) | about 3 years ago | (#36841956)

"your password has expired, choose a new password" security feature. Keep the same password by changing it 5 times in a row to exhaust the previously-used password buffer. "

easy fix for that
have a rule that the password can not be changed for 7 days after it has been changed
(and in some instances Fire somebody for trying this trick)

Re:Oh, it get's WORSE! (0)

Anonymous Coward | about 3 years ago | (#36842184)

Last time I read gov't IA, 24 was the magic number for pssawrod history.

Re:Oh, it get's WORSE! (3, Interesting)

LordLimecat (1103839) | about 3 years ago | (#36841654)

BRILLIANT! That means that any flaws in your OS or applications (web browser) WON'T BE PATCHED

Which isnt really an issue for several reasons:
A) most of the code out there isnt targetting some obscure form of linux
B) this is a live distro, so there is no permenant storage, so no real worry of a rootkit
C) someone booting up this distro is unlikely to be doing so for reasons that would expose him to threats

Hence the lack of caring about /etc/passwd, or running as root, or all the rest. Its generally irrelevant on a live distro because you cannot get rootkitted.

Replacements instead of patches (2)

DragonWriter (970822) | about 3 years ago | (#36841744)

BRILLIANT! That means that any flaws in your OS or applications (web browser) WON'T BE PATCHED

It doesn't get patches because it runs from read-only media; the approved version is updated when necessary to address security concerns, but you have to use new read only media, rather than patching the existing one, that being the nature of "read-only".
 

keylogger (1)

Gothmolly (148874) | about 3 years ago | (#36840980)

Unless the "vanilla PC" you're booting from has a hardware keylogger. Then well, duh.

Re:keylogger (2)

jm0le (2139028) | about 3 years ago | (#36841114)

this. trusted software is pointless unless you can trust the hardware.

Re:keylogger (3)

Xtifr (1323) | about 3 years ago | (#36841212)

A condom won't protect you from the common cold, but that's no reason not to use one.

Re:keylogger (1)

Anonymous Coward | about 3 years ago | (#36841418)

But it is a reason to not fornicate with someone who is sick.

Secure software on unsecure hardware? (0)

Anonymous Coward | about 3 years ago | (#36840992)

Are hardware loggers (keyloggers exist, and screenloggers do not seem too far out there -at least in my fanciful imagination) and other interposers not part of their threat model or do they actually have a way to combat that?

If the former then this does not seem to be a very useful security system. If the latter then I'm very interested in how (Trusted Computing anyone?)

Re:Secure software on unsecure hardware? (1)

Baseclass (785652) | about 3 years ago | (#36841022)

Right? A personal laptop with an encrypted hard drive would seem to be the logical solution.

close, but no cigar.. (1)

Slash.research_Kat (2195516) | about 3 years ago | (#36841004)

hm. great idea, but doesn't look easy for the non-technical folk to get it up and running. imo, they're the ones that really need this type of product when they travel to hotels and whatnot.

Re:close, but no cigar.. (1)

rbollinger (1922546) | about 3 years ago | (#36841068)

They do try to make it look like Windows 95 though...

Re:close, but no cigar.. (1)

ozduo (2043408) | about 3 years ago | (#36841094)

What! stick a flash drive in the slot then hit the power button is too technical for our grunts - then perhaps you are right!!!!

Re:close, but no cigar.. (1)

Slash.research_Kat (2195516) | about 3 years ago | (#36841234)

beg pardon - i meant to say that installing linux onto a flash drive is a bit challenging for some people. and then there's the matter of making sure the machine will boot from flash drive. if only it were a 2 step process!

Re:close, but no cigar.. (1)

nolife (233813) | about 3 years ago | (#36841474)

The problem for the non technical folks, they still have a very weak link. Most hotel, cafe etc wireless is wide open and unencrypted. A boost disk like this and an encrypted ttunnel that you can connect to would be more useful. Why don't hotels at least use WPA and have the key displayed the default hotel tv channel or on a small sheet of paper when they hand you the room key or something. That would better than wide open although it might cause some support headaches.

Re:close, but no cigar.. (-1)

Anonymous Coward | about 3 years ago | (#36841612)

Some hotels *DO* use a secure network, and the key *IS* given to you at the desk, or is on the "information" card in the room.

Re:close, but no cigar.. (2, Insightful)

LordLimecat (1103839) | about 3 years ago | (#36841676)

This is what things like SSL are for. No need to reinvent the wheel here.

Re:close, but no cigar.. (0)

Anonymous Coward | about 3 years ago | (#36841706)

http://tails.boum.org/

creates tor tunnel
wipes ram after shutting down
pre-built with everything locked down and anonymized
easy to install on usb stick

Completely secure (1)

Anonymous Coward | about 3 years ago | (#36841034)

It even includes monitoring software that send all you do to the US government for analysis, it ensures you aren't doing anything nasty! 100% secure!

Web (1)

DeeEff (2370332) | about 3 years ago | (#36841104)

Now if only their Websites were this secure...... *coughAnonymouscough*

Though really, the imprint is left on the network, even if it's encrypted. and something might be left over BIOS, mechanical keylogger... There's probably a lot of ways these guys could be found out, but it could be a good thing that they're at least using SSH and a portable OS, it shows they're TRYING.

They'll probably hand out the first batch to people like Mr. Anthony Weiner just to avoid that kind of embarrassment, if not for national security...

The miloitary sucks (1)

For a Free Internet (1594621) | about 3 years ago | (#36841118)

And its lixes suck, they suck GOAT PENISES in AFPAKISTRAND!

Further and More, yomama is FATTTTT!

So like puppy linux (1)

nzac (1822298) | about 3 years ago | (#36841154)

Except with some useful proprietary applications with GUIs for encryption and making it difficult to have persistent data.

I guess the kernel has all proprietary divers in it so its more likely just work and support hardware but that also comes with the slightest chance that its just an excuse to get a back-door in there (thought if there is one; the other end does not care what you are doing).

Re:So like puppy linux (1)

BJ_Covert_Action (1499847) | about 3 years ago | (#36841242)

Well if that's really what it is then the official Puppy Linux distro would do well to adopt some of those encryption GUIs. I've yet to find one I like that is easy to get installed and configured in the Puppy.

Re:So like puppy linux (1)

nurb432 (527695) | about 3 years ago | (#36842038)

If every PC you hit has network access, does it matter? Store your data ( and config too ) back at your office. If the PC doesn't have network access, its going to be sort of a moot point anyway in most cases.

Memory dumps... (0)

Anonymous Coward | about 3 years ago | (#36841190)

Have we already forgotten about using special kernels after POST get read data from air cooled memory chips that retain their contents after a power off already? Not that it matters, but saying there is "no trace" can be a tad incorrect :)

Re:Memory dumps... (1)

igreaterthanu (1942456) | about 3 years ago | (#36842192)

Correct me if I am wrong, but wouldn't it be possible to get a pseudo random number generator and overwrite all the RAM on shutdown? Thus resolving that vulnerability.

Imagine it was a Chinese Distro (0)

Anonymous Coward | about 3 years ago | (#36841306)

Then all you would be praising it as a great idea!

Isn't the main issue with this (0)

Anonymous Coward | about 3 years ago | (#36841354)

The ability to boot from removable media in the first place?

Most places I've been (hotels, cafes etc) have that ability completely locked out.

wealth of nation disappeared to 'friends & fam (0)

Anonymous Coward | about 3 years ago | (#36841358)

reminds one of previous failed life0cidal empires.

regards to rep. Sanders for his courage & valor in representing us, telling the truth, doing his job.

Surely they should have thought of everything! (1)

Provocateur (133110) | about 3 years ago | (#36841476)

But can it run America's Army?

Why? (0)

Anonymous Coward | about 3 years ago | (#36841510)

Call me paranoid, but why would they make something like this and let people have it? The government would rather identify everyone online. Am I right?

Re:Why? (0)

Anonymous Coward | about 3 years ago | (#36841590)

Call me paranoid, but why would they make something like this and let people have it? The government would rather identify everyone online. Am I right?

There is literally hundreds of similar distros in the wild, this one is vetted by the government for the government. Letting others have it allows contractors etc to use it and test it, it also allows it to be checked out and vetted (read pen tested) further by the community portion that wants to root it for the lulz.

Re:Why? (1)

Medevilae (1456015) | about 3 years ago | (#36841742)

Doubt the DoD really gives two shits if you look up child pr0n, tbh. More of an FBI thing.

Conspiracy theory (1)

Anonymous Coward | about 3 years ago | (#36841630)

But what if this phones home? Has any security(tm) professional tested the network traffic this produces under a VM or through a firewall? (BTW posting anonymously my captcha is "vibrator")

it needs a Name (1)

phrostie (121428) | about 3 years ago | (#36841646)

call it Dod-ian

UM....... (0)

sneakyimp (1161443) | about 3 years ago | (#36841738)

Wait...so DARPA bought KNOPPIX?

Our government at work..... (0)

Anonymous Coward | about 3 years ago | (#36841778)

Qoute:The idea behind it is that government workers can use a CD-ROM or USB stick to boot into a tamper proof, pristine desktop

Reply: And the government probably spent millions developing the OS when we just download it for free.

Re:Our government at work..... (2)

dbIII (701233) | about 3 years ago | (#36842046)

The reality is probably one guy altering knoppix for a custom spin, another guy doing QC and other saying "wouldn't it be cool if package X was in there as well".
I sounds like cheap skunkworks stuff getting a rubber stamp.

Wont work in hotels, airports, etc. (2, Interesting)

Anonymous Coward | about 3 years ago | (#36841866)

I've been working in the kiosk industry for about 8 years now. The current company I work for has around 1000 kiosks in hotels, airports, business centers, etc as well as having around 20,000 customers.

I can tell you that 99% of hotel's are setup to NOT allow USB or CDRom booting for the very obvious reasons. Most are setup as well to only read CDROM and read/write from USB and also have a Bios password set to disable the ability to execute from a different device.

I suspect this project will die off pretty quickly or fail soon if the people involved with the idea didn't even do some simple research or know about this type of information. Sure it would be a great use for their home computers but outside of that the CD's will just be one more thing to fall into the hands of people who will abuse it and become yet another security hole.

But ... but ... what about VDI??? (1)

daboochmeister (914039) | about 3 years ago | (#36841880)

If this catches on, and people start using it for their normal desktop, we're in serious danger of not giving the key VDI vendors billions and billions of dollars to "revolutionize" our desktop experience!! Isn't somebody going to, like, issue a petition or organize a protest or something? (Oh wait ... i see the paid lobbyists cronies of the beltway IT hegemony circling already -- never mind).

You know.... (1)

TheCarp (96830) | about 3 years ago | (#36841890)

It would really save some annons a lot of trouble if this distro would just upload all of the confidential files to pirate bay.

Think how much time we would save waiting for the right person with the right access, or the right system to be vulnerable and get exploited. Its all going up there eventually anyway, so why not skip the middle man? I suppose thats too much efficiency to hope for.

Re:You know.... (1)

Rennt (582550) | about 3 years ago | (#36842124)

Anonymous has a Cherimoya GNU/Linux, [secondsource.info] a live cd with built in support for TOR and I2P. Perhaps that's where the DoD got the idea.

Locked Down Computers (1)

Shifty0x88 (1732980) | about 3 years ago | (#36841928)

So what about locked BIOSs and the like, where booting off of a CD/USB Drive is either not enabled or isn't first I mean it would work in some situations but in other situations you would be forced to use whatever you have in front of you. Of course, I'm thinking the computers would have competent IT workers...

ya mean how they last worked on encryption (0)

Anonymous Coward | about 3 years ago | (#36842048)

ya mean how they last worked on encryption and secretly backdoored it...ya trust in bankruptcy

I think the military should use BSD instead. (-1)

Anonymous Coward | about 3 years ago | (#36842068)

Yes, Linux has superior performance, hardware support, scalability, but does the military need that? Wouldn't the military be better suited by an intelligently designed operating system, with well written and documented code, like Free or Open BSD?

China is using FreeBSD as its operating system. This fits in the thinking of the Chinese government being smarter than the US government.

FAIL (1)

northox (1917722) | about 3 years ago | (#36842096)

Without a trusted boot there is no way to known whether a layer lower then the operating system is not interfering. As such, if the bios, or any other firmware (e.g. network card) is malicious, you're doomed.

this is worse than no security (1)

ewertz (1191025) | about 3 years ago | (#36842170)

Anything that gives you a false sense of security when you have little or none is worse than knowing up-front that you have no security. As long as the PC itself isn't secure (keyloggers, rootkits, or any other type of snoopage), you shouldn't touch it if you actually care.

IE? (0)

Anonymous Coward | about 3 years ago | (#36842190)

Unfortunately the vast majority of DoD sites only are approved to work in IE, which doesn't run natively in Linux..

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...