Re: Encrypted volume interaction with Windows...
Am Mittwoch, den 19.12.2007, 09:33 -0500 schrieb John Richard Moser: Thorsten Sick wrote: Hello List Am Montag, den 17.12.2007, 11:49 -0500 schrieb John Richard Moser: In Gutsy, the alternate installer can now create encrypted LVM layouts (but with no fancy manipulation tools...). I am now curious about interoperability with Windows for encrypted external drives. External hard disks and flash drives using NTFS or FAT32 work in Linux or Windows now. The FreeOTFE program allows Windows to access a LUKS partition (NOT LVM) as well. For data-exchange media I would suggest something that runs on windows out-of-the box (and on ubuntu of course). Either automatically put a driver for windows in a non-encrypted part or use something like the truecrypt traveller mode. truecrypt installs drivers in traveler mode. So does FreeOTFE in portable mode. FreeOTFE can read Linux LUKS partitions (which is what dm-crypt uses). Truecrypt does not run on windows out of teh box. If you're not administrator level, you can't use it. Same with FreeOTFE. Well I think if you want to mount it, there is no way around admin rights. I will have to ask a windows guru. A user having encrypted data on a usb memory stick wants to use them on about 99% of the computers he works with. If this is not possible, the user will not encrypt at all. So, they have the same ability on Windows with LUKS or truecrypt, and better on Linux with LUKS. As long as it works, it's fine with me :-) Logically, it would help users with encryption needs to have a tool in GNOME to create LUKS-encrypted USB flash or hard drives, and request/change the key (file? Or just password?) when gnome-volume-manager detects them. Maybe automatically ask the user if he wants to encrypt the volume or parts of it as soon as he attaches a new and empty usb device (stick or external hd) Every time he attaches it? Do you want to destroy all data on this? That's like asking to format a disk every time it's put in! - Ubuntu must remember the choices of the user for this special device (USB ID). So the user will be asked once for every usb drive. the first time he attaches it. - There must be space on the device to use (scenario with crypto container not crypto partition) I did not think about crypto partitions yet. You are right, data will be lost to easy if we add a klick-and-delete button. What about writing own CDs ? We should also add the option Encrypt all files on CD when burning. The british government will love it. Thorsten Sick -- Thorsten Sick [EMAIL PROTECTED] signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Encrypted volume interaction with Windows...
Hello List Am Montag, den 17.12.2007, 11:49 -0500 schrieb John Richard Moser: In Gutsy, the alternate installer can now create encrypted LVM layouts (but with no fancy manipulation tools...). I am now curious about interoperability with Windows for encrypted external drives. External hard disks and flash drives using NTFS or FAT32 work in Linux or Windows now. The FreeOTFE program allows Windows to access a LUKS partition (NOT LVM) as well. For data-exchange media I would suggest something that runs on windows out-of-the box (and on ubuntu of course). Either automatically put a driver for windows in a non-encrypted part or use something like the truecrypt traveller mode. A user having encrypted data on a usb memory stick wants to use them on about 99% of the computers he works with. If this is not possible, the user will not encrypt at all. Logically, it would help users with encryption needs to have a tool in GNOME to create LUKS-encrypted USB flash or hard drives, and request/change the key (file? Or just password?) when gnome-volume-manager detects them. Maybe automatically ask the user if he wants to encrypt the volume or parts of it as soon as he attaches a new and empty usb device (stick or external hd) My two cent Thorsten Sick I think this would be very interesting to users sharing private data between Windows and Linux. Truecrypt is a pain (all command line stuff), and Linux supports LUKS anyway. With LUKS on Linux and FreeOTFE accessing the LUKS partitions on Windows, users can easily share data via removable drives. -- Bring back the Firefox plushy! http://digg.com/linux_unix/Is_the_Firefox_plush_gone_for_good https://bugzilla.mozilla.org/show_bug.cgi?id=322367 signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Untrusted software and security click-through warnings
Hi Maybe i found a solution for this problem: Am Dienstag, den 16.10.2007, 15:48 +0100 schrieb Ian Jackson: Alexander Sack writes (Re: Untrusted software and security click-through warnings): I completely agree. My point is: if captchas don't help then why would pasting commands from the net help to get the user think about the risk their actions imply? The point is pasting random commands from the net is inherently more scary than saying `yes' a few times. Although we cannot save all of our users, we can save that proportion of them who are likely to hesitate when a website says something like please type `wget thingy | sudo bash'. If you have a concrete suggestion for an approach which is likely to save _in practice_ a greater proportion of our users, please do suggest it. Users need more features than ubuntu is offering (uncommon hardware, non-ubuntu software). We would need several approaches: - Add more features to ubuntu. Stuff many people are looking for should be implemented first. A good list are pages like: http://ubuntuguide.org/wiki/Ubuntu:Feisty - If there are only a few people who need some commands to fix a problem, it would be possible to sign this commands by creating a small script and add this to the official repository. Afterwards the user has only to call sudo apt-get solve_problem237 and sudo solve237. The pages should only offer these commands as a help. Additional positive effect: Newbies can not botch. an own repository for this would be wise, I think Maybe this _could_ work. Thorsten -- Thorsten Sick [EMAIL PROTECTED] signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
USB Stick security
Hello list I am Thorsten Sick and develop for a German security company. Writing detections for Windows malware all the day I am thinking about how to create a more secure system. Hardening Linux is an important thing, but IMHO it is still (wait till there are more Linux Viruses) more important to help people handling their system a secure way just by using it. I want to share my ideas with you and hope for feedback. And before I forget: Thanks for writing Ubuntu. I am using it since Badger. Idea 1) USB stick security ** USB memory sticks can be lost. The danger is a) Data stored only on the stick is gone b) Other people have access to the data Ubuntu can help. As soon as a stick is attached for the first time, the user is asked: There is a new USB Stick. If this is yours you may want to [ ] Back it up every time it is attached. If the stick is lost, the data is not. [ ] Encrypt it. If the stick is lost or stolen, no one else can access the data on it. Back up: The Stick is added to the normal backup schedule. Encrypt: A bit more difficult. A Truecrypt file is created. The user enters a password for it. This password can be stored in the Ubuntu password safe. If there was any data on the stick before, it is moved into the truecrypt file. This file can be auto-mounted as soon as the stick is mounted by Ubuntu. So this is transparent to the user. The special trick: Sticks are used for data transfer. As long as there is Microsoft Windows, it would be good to add the windows binary of truecrypt to the stick. The stick will contain the encrypted folder, and the Installer for Truecrypt. If the user wants to transfer files to a Windows PC, he has everything he needs. An Ubuntu PC will have truecrypt installed by default. Optional there can be a encrypted and an unencrypted folder on the stick. The other ideas need a lot of thinking on my side before I post them. Thanks Thorsten -- Thorsten Sick signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss