[tor-talk] German police keylogger analysis (and the effects on Tor are....?)
Here is an article which details the German federal police's use of keyloggers. http://www.wired.com/threatlevel/2011/10/german-gov-spyware/ There are also links to Wired's coverage of the FBIs keylogger which are well worth a read. Keyloggers would, I assume, defeat the whole purpose of Tor since the URL would be recorded and sent to the fedz. How to overcome? My impression is that no-one is sending .exe attachments these days but rather exploiting unpatched browsers by tricking people to visiting a site (although of course they can always install it manually). I suppose that up-to-date anti-virus and anti-malware might help if you are on Windows. And, of course, using NoScript and blocking Flash and suchlike. What would be the situation if you are using Linux (such as Ubuntu for example). I realise that keyloggers must exist for Linux but would they be more difficult to install? Is moving to Linux one solution? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
On Wed, Oct 12, 2011 at 11:39:12PM -0700, williamwright...@yahoo.com wrote 1.1K bytes in 24 lines about: : Keyloggers would, I assume, defeat the whole purpose of Tor since the URL would be recorded and sent to the fedz. If you lose control over your local computer, tor cannot help you. If the attacker can see every keystroke you enter, you've lost. I'm not sure if this is true for onscreen keyboards as well. If the German customs agents took your computer away from you at a border, you should assume the worst case and no longer trust your OS nor hardware. It's possible tails may help here, but depending upon hardware vs. software (bios firmware) attacks, the computer may not be trustworthy at all. If the bios is infected, tails cannot help. -- Andrew pgp key: 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
On 2011-10-13 13:40 , and...@torproject.org wrote: > On Wed, Oct 12, 2011 at 11:39:12PM -0700, williamwright...@yahoo.com > wrote 1.1K bytes in 24 lines about: : Keyloggers would, I assume, > defeat the whole purpose of Tor since the URL would be recorded and > sent to the fedz. > > If you lose control over your local computer, tor cannot help you. > If the attacker can see every keystroke you enter, you've lost. I'm > not sure if this is true for onscreen keyboards as well. If the adversary is taking a video or a high enough rate of screenshots then they should be able to catch what keys are being pressed, it does make it a bit harder. As you said though, if you are locally attacked, you already lost. But like always, just depends on what you are protecting against. > If the German customs agents took your computer away from you at a > border, you should assume the worst case and no longer trust your OS > nor hardware. It's possible tails may help here, but depending upon > hardware vs. software (bios firmware) attacks, the computer may not > be trustworthy at all. If the bios is infected, tails cannot help. Traveling with throw-away hardware is therefor always a good idea if you want to keep your stuff secure. The US also has the nasty policy of effectively placing you in a no-law-zone before immigration. Again, all depends on what one is protecting against and how paranoid one is ;) Greets, Jeroen ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
Am 13.10.2011 08:39, schrieb William Wrightman: > Is moving to Linux one solution? I agree with Adrew, there is no 100% solution. But you can do as much as possible to increase your security. Moving to Linux (or OpenBSD ;-) ) is one step. Full disk encryption is possible. For Debian or Ubuntu you can enable full disk encryption at installation time. It does not need any additional software. (I am not sure about other distributions.) For WIN you may use Truecrypt or Diskcryptor or other software for full disk encryption. Since version 6.1 Truecrypt can use hardware tokens together with pass-phrases. Live-CDs are a possible solution too. You may apply many steps and it will be better than doing nothing because you can not get 100% security. Best regards Karsten N. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13.10.2011 14:02, Karsten N. wrote: > Am 13.10.2011 08:39, schrieb William Wrightman: >> Is moving to Linux one solution? > > I agree with Adrew, there is no 100% solution. > > But you can do as much as possible to increase your security. > > Moving to Linux (or OpenBSD ;-) ) is one step. > > Full disk encryption is possible. For Debian or Ubuntu you can enable > full disk encryption at installation time. It does not need any > additional software. (I am not sure about other distributions.) > > For WIN you may use Truecrypt or Diskcryptor or other software for full > disk encryption. Since version 6.1 Truecrypt can use hardware tokens > together with pass-phrases. > > Live-CDs are a possible solution too. > > You may apply many steps and it will be better than doing nothing > because you can not get 100% security. > > Best regards > Karsten N. > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > Hello, I read lots of articles and analysis about the ?Bundestrojaner? (that´s how the german keylogger is called here). It seems like you don´t have to worry. It is more a virus construction kit than a virus. In accordance with the Chaos Computer Club they´ll need about 10 experts working 5 months just to develop and adapt one keylogger. It makes also sense to install one Linux Distribution. I use Ubuntu 11.04 on my second notebook, fully encrypted (can be choosen while the installation, just choose the ?alternate disc? to download). It is much more faster, more secure and just better then Win7. If you have to use Windows 7, try the Truecrypt Preeboot encryption. It is open source software and pretty authentic. With Truecrypt, you can also encrypt external drives. The most important part of the whole encryption thing is the password, choose it as long as possible. The only possibility to crack such an encryption is bruteforce, and using a long password will destroy this chance. So far. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOlv42AAoJEL7Y0QyTZ3lX5kMH/3kC0mNS+tReib2FnJgtmcpM MB0VsVwgpQMegr3CCaYKmSUfTYmeo6jzeo7YgTe2QQQKhyX1ZTbcISQ9CXexDSf6 ddIruIXVIaUEZ1qNm5TmyCqmGS12zQ8oYmWa0R4tVrgVg8vtExa/gySjq1AobBZT 9g2o02T8nBGCmppsc35DzJlheyl30W2bMl31AyrXWlJ6pHPoroEQ2uSiPe80Ea4T 14++EWByU2AXzWGVHm0kTqSQrwNseOj4O56/zXQMpbssIcilhIDOwB5FyIYREj/v 2HieResVuP35H87nmo+jIi/abLSm94YPbvRiwDM5Empvh1CfbzvgGwKvMbL3LdU= =Q2Gt -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
On Thu, 2011-10-13 at 17:05 +0200, Andreas Bader wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 13.10.2011 14:02, Karsten N. wrote: > > Am 13.10.2011 08:39, schrieb William Wrightman: > >> Is moving to Linux one solution? > > > > I agree with Adrew, there is no 100% solution. > > > > But you can do as much as possible to increase your security. > > > > Moving to Linux (or OpenBSD ;-) ) is one step. > > > > Full disk encryption is possible. For Debian or Ubuntu you can enable > > full disk encryption at installation time. It does not need any > > additional software. (I am not sure about other distributions.) > > > > For WIN you may use Truecrypt or Diskcryptor or other software for full > > disk encryption. Since version 6.1 Truecrypt can use hardware tokens > > together with pass-phrases. > > > > Live-CDs are a possible solution too. > > > > You may apply many steps and it will be better than doing nothing > > because you can not get 100% security. > > > > Best regards > > Karsten N. > > ___ > > tor-talk mailing list > > tor-talk@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > > > Hello, > I read lots of articles and analysis about the ?Bundestrojaner? (that´s > how the german keylogger is called here). It seems like you don´t have > to worry. It is more a virus construction kit than a virus. In > accordance with the Chaos Computer Club they´ll need about 10 experts > working 5 months just to develop and adapt one keylogger. It makes also > sense to install one Linux Distribution. I use Ubuntu 11.04 on my second > notebook, fully encrypted (can be choosen while the installation, just > choose the ?alternate disc? to download). It is much more faster, more > secure and just better then Win7. > If you have to use Windows 7, try the Truecrypt Preeboot encryption. It > is open source software and pretty authentic. With Truecrypt, you can > also encrypt external drives. The most important part of the whole > encryption thing is the password, choose it as long as possible. The > only possibility to crack such an encryption is bruteforce, and using a > long password will destroy this chance. > So far. > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJOlv42AAoJEL7Y0QyTZ3lX5kMH/3kC0mNS+tReib2FnJgtmcpM > MB0VsVwgpQMegr3CCaYKmSUfTYmeo6jzeo7YgTe2QQQKhyX1ZTbcISQ9CXexDSf6 > ddIruIXVIaUEZ1qNm5TmyCqmGS12zQ8oYmWa0R4tVrgVg8vtExa/gySjq1AobBZT > 9g2o02T8nBGCmppsc35DzJlheyl30W2bMl31AyrXWlJ6pHPoroEQ2uSiPe80Ea4T > 14++EWByU2AXzWGVHm0kTqSQrwNseOj4O56/zXQMpbssIcilhIDOwB5FyIYREj/v > 2HieResVuP35H87nmo+jIi/abLSm94YPbvRiwDM5Empvh1CfbzvgGwKvMbL3LdU= > =Q2Gt > -END PGP SIGNATURE- Though always a good idea, encryption doesn't protect against trojans. It may have limited effectiveness against incompetent attackers physically tampering with your system. signature.asc Description: This is a digitally signed message part ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13.10.2011 23:51, katmagic wrote: > On Thu, 2011-10-13 at 17:05 +0200, Andreas Bader wrote: > On 13.10.2011 14:02, Karsten N. wrote: Am 13.10.2011 08:39, schrieb William Wrightman: > Is moving to Linux one solution? I agree with Adrew, there is no 100% solution. But you can do as much as possible to increase your security. Moving to Linux (or OpenBSD ;-) ) is one step. Full disk encryption is possible. For Debian or Ubuntu you can enable full disk encryption at installation time. It does not need any additional software. (I am not sure about other distributions.) For WIN you may use Truecrypt or Diskcryptor or other software for full disk encryption. Since version 6.1 Truecrypt can use hardware tokens together with pass-phrases. Live-CDs are a possible solution too. You may apply many steps and it will be better than doing nothing because you can not get 100% security. Best regards Karsten N. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > Hello, > I read lots of articles and analysis about the ?Bundestrojaner? (that´s > how the german keylogger is called here). It seems like you don´t have > to worry. It is more a virus construction kit than a virus. In > accordance with the Chaos Computer Club they´ll need about 10 experts > working 5 months just to develop and adapt one keylogger. It makes also > sense to install one Linux Distribution. I use Ubuntu 11.04 on my second > notebook, fully encrypted (can be choosen while the installation, just > choose the ?alternate disc? to download). It is much more faster, more > secure and just better then Win7. > If you have to use Windows 7, try the Truecrypt Preeboot encryption. It > is open source software and pretty authentic. With Truecrypt, you can > also encrypt external drives. The most important part of the whole > encryption thing is the password, choose it as long as possible. The > only possibility to crack such an encryption is bruteforce, and using a > long password will destroy this chance. > So far. > Though always a good idea, encryption doesn't protect against trojans. > It may have limited effectiveness against incompetent attackers > physically tampering with your system. > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk Encryption is always important if police or someone wants to analyzse your drives. As far as I know is the trojan windows-only software, so you should be pretty sure with an encrypted Ubuntu. Some Investigators install the trojan by breaking into your house while you are not at home and installing it manually at your computer. In this scenario, the encryption would be an extra protection. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOl7hhAAoJEL7Y0QyTZ3lXIqoIAIZKhnOIb+dmuCu/eLrm1Bi6 iPNd2sfQxP1fAVTZFft6+lyMn2x1V1jMaEDL8Pj3CW2RpNXuh6o86KeRstfSiRM2 OYzAX1V5yspsfsQqPTDFZyw7QtZc9i7EvQfQp8/iQB+RntJKF93V4R3BAs6teN8k Lqa1Nx3DxmEjSaz5VoqGNA3dDRDIuQ+7xx4EySMS5dKhFvJpUzhn/kQ0phmsA1MD oWrBwj9Ctl0D6MR2JDgVdVvQ+0r6YFYkG7MUzWWO5TkDAnWxtHGSaLaJH5NpI5it rfPe/c2J/pM1zkVzSkAksf+baihRDJoNb6CAFA+Vxp5nIkNp1W3Q1/5YDV/uYS4= =MY6A -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
> Full disk encryption is possible. For
> Debian or Ubuntu you can enable
I don't really understand the apparent benefit of full disk encryption as
opposed to using TrueCrypt partitions.
AIUI if you are using FDE then the password is stored in the RAM while the
computer is on.
If the computer is seized then the password can be obtained from the RAM. I
base this on Kevin Poulsen's book about Max Vision ("Kingpin") where Vision's
FDE password was obtained from the RAM. because he was using the computer when
his house was raided.
I would think that using partitions is better. You use the computer "normally"
but if you want to access anything personal then you open the partition.
When you have finished then you close the partition. Now the password is
cleared from the RAM.
Thoughts?
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
On 16/10/11 17:57, William Wrightman wrote: > When you have finished then you close the partition. Now the > password is cleared from the RAM. > > Thoughts? If you (or someone you ultimately trust) didn't write or audit the code yourself then you are making a huge assumption there. Julian -- 3072D/D2DE707D Julian Yon (2011 General Use) signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] German police keylogger analysis (and the effects on Tor are....?)
On 10/16/2011 3:05 PM, Julian Yon wrote: On 16/10/11 17:57, William Wrightman wrote: When you have finished then you close the partition. Now the password is cleared from the RAM. Thoughts? If you (or someone you ultimately trust) didn't write or audit the code yourself then you are making a huge assumption there. Julian From what I've read in past (for Windows machines) & from software docs like True Crypt, data isn't kept in RAM indefinitely after powered off - for a while. Exactly HOW long it takes for RAM to clear, not sure (it wasn't hours & hours, from what I read). If you're thinking the police might break down your door, I'd either stop doing anything remotely illegal where you are, or invest in REALLY strong, steel doors, & look into prgms specifically designed to overwrite / clear RAM. If the computer was on & someone broke in, brought a power supply to keep machine(s) powered up until get them to a research lab, then I guess theoretically they could recover stuff from RAM as well. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
