Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Tinfoil Hat Linux: A Distribution for the Paranoid 247

Posted by timothy from the either-a-joke-or-a-good-idea dept.
An Anonymous Coward writes: " Tinfoil Hat Linux is a distribution designed to allow the signing and encrypting of documents with the utmost in security. The floppy-image has numerous security features including: entering your passphrase via a video game style selection process to combat hardware keystroke loggers, turning the contrast of your screen down to foil prying eyes and cameras, and to run background PGP processes."
This discussion has been archived. No new comments can be posted.

Tinfoil Hat Linux: A Distribution for the Paranoid More

Tinfoil Hat Linux: A Distribution for the Paranoid

Comments Filter:

  • Hoax (Score:1, Funny)

    by zpengo ( 99887 )
    I'd like to be among the first to point this out as a hoax. Maybe I'm wrong, but...dibs!

    • Re:Hoax (Score:2, Interesting)

      by MaxVlast ( 103795 )
      Seems legit to me.

      Actually, a floppy-based distro that can be used for really secure work is a great idea. I can keep a trusted environemnt with me at all times, and know what's going on (I never trust another person's computer when sitting down at it. I know how my machine is set up which gives me no cause to trust others!)

    • Re:Hoax (Score:5, Informative)

      by CitznFish ( 222446 ) on Tuesday February 19, 2002 @05:01PM (#3034128) Homepage Journal
      here si the site for those that may not get to it...
      What is Tinfoil Hat linux ? It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
      Tinfoil hat is useful if:
      • You're using a computer that could have a keystroke logger installed. http://www.keyghost.com [keyghost.com] is an example of a tiny & cheap hardware logger.
      • You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
      • If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
      • If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
      • The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.
      Tinfoil hat linux files FAQ
      • Q: Why doesn't the floppy I got at codecon match the signature above?
        A: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56
      • Q: How do I undo that horrible screen in paranoid mode?
        A: Type "contrast" at the command prompt, or play with ctheme.
      • Q: Is this really a 1.0 stable release?
        A: Think of this as a linux kernel 1.0 . Yes, it's stable to the best of my ability, and has been tested, but not for very long or by many people.
      • Q: What sort of hardware is required to run tinfoil hat?
        A: Any 386DX or faster IBM compatible with more than 8 megs of RAM. Pretty much any PC made in the last 8 years will work fine.
      • Q: where do I send complaints, bugs & feature requests?
        A: anonymous AT nameless DOT cultists.net
      • Q: What is the license for this distribution?
        A: The scripts, documentation, and the distribution as a collection are released under a modified BSD license [slashdot.org]. Obviously, other people's software in this distribution retain their original licenses.
      Links

      • Re:Hoax (Score:4, Funny)

        by Tackhead ( 54550 ) on Tuesday February 19, 2002 @05:26PM (#3034288)
        > FAQ:
        >[...]
        >Q: Why doesn't the floppy I got at codecon match the signature above?
        > A: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56

        Hah! A likely story!

        As if I'm gonna trust that They(tm) didn't h4x0r Slashdot and change the MD5sum in CitznFish's FAQ repost to the MD5sum for Magic Lantern Linux!

        (For the record, I wear mine shiny side out. Shiny-side-in folks are nuts or part of the Conspiracy. Though I suppose I could transmit messages by switching back and forth between shiny-side-out and shiny-side in on a daily basis. Bandwidth would kinda suck, though. ;-)

    • Re:Hoax (Score:5, Informative)

      by JabberWokky ( 19442 ) <slashdot.com@timewarp.org> on Tuesday February 19, 2002 @05:03PM (#3034141) Homepage Journal
      Considering that he distributed floppies of this at codecon, you're wrong.

      It's rather tongue-in-cheek, and more of a tech demo of what can be done than a useful configuration, but it sure has loads of nifty ideas.

      --
      Evan

    • Re:Hoax (Score:2, Interesting)

      by HCase ( 533294 )
      I think people managed to miss the humor in your claiming the "tin hat" story to be a hoax.... i laughed though. For anyone confused, the writer of the post most likely had to rest his own tin hat to write it. didncha?

  • Uh huh... (Score:5, Funny)

    by Anonymous Coward on Tuesday February 19, 2002 @04:50PM (#3034036)
    Like I'm going to trust *them* to secure my Linux box.
  • Cool.

    I gotta try this when I get home. I guess you could have this as the workstation, and then have an OpenBSD box as a vault type NFS or something.

  • Does it include instructions on building a faraday cage to block stray em radiation (so noone can rebuild your screen?)


    • Just surround your computer with a cage made of chicken wire.

      The problem is that as soon as you have to connect to the world outside (like through a network cable... or a power cord) you break the cage, and you've pretty much defeated the whole purpose.

      And don't tell me about the incredibly tiny radiation leakage from your monitor carried by the power cord! The Illuminati can still read it!
      • The problem is that as soon as you have to connect to the world outside (like through a network cable... or a power cord) you break the cage, and you've pretty much defeated the whole purpose.

        You aren't using microwave lasers to send power to and from your monitor through the cage? And you call yourself a paranoid nutball? You should be ashamed!
  • Speaking of Tinfoil Hats, the coolest comprehensive Tinfoil Hat site (More properly, Aluminum Foil Deflector Beanie) is here [slashdot.org].

    Also, it may be sampling error or psychosomatic effects, but I have never lost a chess game while wearing my Aluminum Foil Deflector Beanie.
    • A) Your linkage is bad, you mean to go http://zapatopi.net/afdb.html [zapatopi.net]

      B) The real link to the zapatopi page returned this message to me: "Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."

      C) The link in question is also on the bottom of the main story page (ie, the Tinfoil Hat Linux).

      D) The site at zapatopi has a discussion about Tin vs. Aluminum as well as which direction you should point the shinny side.
  • "a distribution designed to allow the signing and encrypting of documents with the utmost in security"

    I guess this is why it is called "Tinfoil Hat" and not "Wet Paper Bag Hat".
  • ... is no distribution at all!!

  • Announced at CodeCon (Score:2, Informative)

    by burtonator ( 70115 )
    For those of you not there.

    This was announced at codecon. The author passed out about 50 floppies with the distribution on it.

    Really good idea. I may have to run this on my laptop :)

  • UberSecureLinux (Score:5, Funny)

    by TedCheshireAcad ( 311748 ) <ted@fUMLAUTc.rit.edu minus punct> on Tuesday February 19, 2002 @05:00PM (#3034120) Homepage
    The distribution UberSecureLinux, is actually a standard distribution of RedHat Linux 6.2, default installation, but it requires you to remove the PowerCord(TM) device from your PC. With PowerCord(TM) removed, your machine is effectively hacker-proof.

    UberSecureLinux hopes to dispel the myths that RedHat 6.2 is one of the most hackable distributions of Linux.

  • Copper cube ? (Score:5, Funny)

    by ZeroZenith ( 83919 ) on Tuesday February 19, 2002 @05:01PM (#3034129)
    From the readme:
    If at all possible, boot THL on a laptop & disconnect all external
    cables, including the power & mouse. Turn off nearby
    radios, including cell phones and microwaves. Put yourself
    and the computer in a well grounded opaque copper cube. Download
    your tinfoil hat plans from http://zapatopi.net/afdb.html.
    Boot the floppy....

    Where can I get well grounded opaque copper cube? Can't find any on ebay.

  • For the paranoid? (Score:4, Funny)

    by FortKnox ( 169099 ) on Tuesday February 19, 2002 @05:01PM (#3034130) Homepage Journal
    Yeah, your distro might be secure, but the illuminati can watch you type, and can enter your hardware. It'll just be a matter of time until they can read the software indirectly.

    Do what I do. Compute ONLY in your head! They'll never get that data!!

    Oh shit... the orderly is comi...
    • Yeah, your distro might be secure, but the illuminati can watch you type, and can enter your hardware. It'll just be a matter of time until they can read the software indirectly.

      Um, I think you are forgetting something... The Illuminati are the ones BEAMING THE THOUGHTS TELEPATHICALLY INTO YOUR HEAD, so they don't need to watch what you type, they are already know it!

  • Coka? Cola? (Score:5, Interesting)

    by Graymalkin ( 13732 ) on Tuesday February 19, 2002 @05:04PM (#3034155)
    So..does it come with TEMPEST-proof console fonts too? I think that would be the big todo for the really paranoid (aside from coming with a foldout F cage). Highly anti-aliased fonts work decently (in theory) thrwarting VE screen captures but if you're running soley in the console I would think you're at a decent risk of having your data captured considering the regularity of the screen and the unique shaping of console fonts. A little off topic but I was wondering if one could impliment a Matrix style command shell where white space was replaced on screen from /dev/rand in a light font like light grey and then when you type the letters would either be dark grey or white to distinguish them from the random letter replacing white space. While somewhat hard to read it would cause so much static VE screen captures which of crappy monitors can be done with a slightly hacked AM radio, would be pretty difficult to make out. It would just be cool to make a shell that just did that to begin with. Pop open a terminal and have it look super funky would make a pretty badass shell theme.
    • From the description of "video-game style selection" I was assuming that instead of typing, they'd put an (ascii-)graphical collection of letters and numbers on the screen, in a random pattern, that you would click on. Since no real text characters were written to the screen, the character-replacements are in random places on the screen each time you use it (annoying as shit for repetition) it would be tough to guess from afar what you were clicking on.

      • There's two problems with the picture click password schemes. Both methods are susceptible to keystroke logging programs as the authentication module is going to have entry and exit points which means they can be monitored. The second problem is specifically with choosing icons as a password. There's a definite feasible number of icons you can fit on a screen and have people be able to distinguish, this limiting factor affects your ability to have a complex enough password so that it can't be easily guessed. With a typed ASCII password you've got 2^128*n password combinations (where n is the number of symbols in your password), with an iconic password you've only got y^n password combinations (where y in the total number of icons which is limited to how many can be displayed on the screen at once). You could have as many icons as ASCII characters I suppose but that would be difficult for many people to cope with. Any two similar icons would cause confusion in users. If you remember an icon by general visual cues you might end up screwed over if multiple icons had the same cues with slightly varying colours or something. This is an Roman alphabet reading American point of view though, Asian readers probably think I'm retarded because my alphabet has less than 3000 characters.
        • I was asssuming that the "icons" would actually be somewhat representative of the characters displayed. If you can't fit the full alphabet on the screen at once, make it scrollable. I would however randomly position the character/icons on the screen so that the x,y coords of a click wouldn't be translatable into a specific character by coordinate.

          Any system securable enough is also going to be so unusable from a get-shit-done perspective that criticizing some security feature as "difficult to cope with" implies that security breaches are easy to cope with.

          • I would however randomly position the character/icons on the screen so that the x,y coords of a click wouldn't be translatable into a specific character by coordinate


            That's going to make it awfully difficult to enter a password isn't if there's no way to map a click to a symbol :)

            • No, you can map a click to a symbol, but there's no guarantee that the symbol for "A" will appear in the upper left corner of the display the next time its entered. The character positions are randomized each time the symbol matrix is displayed. To be truly user hostile and spy hostile, randomize the display each time a character is clicked so that even "AAAA" will appear to be a bunch a different characters since the icon location would change every time its clicked.
              • That would work only so far as to disgruntle both the intended user and unintended user. If it took me a minute to type in my username and password how often do you think I would do it? Would I maybe leave myself logged in when I got up to take a walk or to get a drink? That'd set me up for a whole new security mess. It's been shown that difficult to use authentication schemes are far too often left unused simply because users are too lazy (even the security conscious). This of course makes you question your paranoia level. If you wanted to impliment this sort of thing on your system I'd say go for it but if you were my sys admin and I had to hunt for every character of my password you'd end up with a shoe shoved sideways up your ass.
                • But the original specification was to defeat keyboard loggers and to confuse ESCHELON-type listening devices which otherwise might be able to grab the screen (and can be confused by obfuscated color schemes).

                  I didn't say it was easy, but it would be nearly impossible through remote monitoring to figure out what the fuck was going on, which was the primary goal.

                  I think'd be a waste of time as a real-world system. Too hard, too complicated.
                  • I'm not really sure even a iconic password is going to be secure from key loggers as they can just as easily monitor mouse click events as they can monitor keyboard click events. A slightly sophisticated trojan could easily so screen captures and correlate them with mouseclicks or key presses. Remember Back Orifice, it was basically remote desktop mirroring with a remote control function. The infiltration of a system inserting a slightly perverted system service the user wouldn't notice would be pretty effective at stealing passwords. Whether you're clicking icons in a 3D game or typing them. Maybe though you could make a self contained system consisting of an infrared camera and IR lighting to track the focus of someone's eyeballs. They would just focus on the icon and click a button to select it, after all the icons were selected it could send a hash of your password to the system for verification. At least then snoopers would have to get REALLY sophisticated to figure out what your password was, at least replace your camerawith an uber-hacked version.
        • Why would you limit yourself to how many can fit on one screen? Take the video game idea, run with it and have many, many icons over an area larger than the screen and you have to chase them down(pun intended).
          • The video game idea is still iconic, if you run around selecting the proper icon (eg. character model standing around) you're still limited by the number of character models you've got available and the number of them you've got to select. The only real benefit iconic password schemes have over is it is sort of difficult to use a wetware exploit by watching over someone's shoulder or spying on what they type on the keyboard. I can still attack the password conventionally and with a limited set of icons it would be fairly quick work to search through the possible keyspace for the correct password. That's what I'm getting at here. Iconic video game passwords only add complexity to an already complex system for a user. Sure remebering to click a white rabit model and then a japanese schoolgirl model and then a red suited super hero model might be easy to remember but the interface is going to suck and far too much time is going to be wasted jumping through those hoops.
        • With a typed ASCII password you've got 2^128*n password combinations (where n is the number of symbols in your password), with an iconic password you've only got y^n password combinations (where y in the total number of icons which is limited to how many can be displayed on the screen at once).

          I think you are confused. The number of combinations of N characters in a character set of size Y is y^n, not 2^y*n (if order is significant and repetition is allowed, both of which are usually the case for passwords). ASCII does not have 2^128 characters; it has 128 (0x00 through 0x7F), but that's not necessarily equivalent to what one can type on a keyboard. If one could type all of them and only all of them on the keyboard, that would allow 128^n passwords of length n.

          In any case, even with a relatively modest 80x25 grid (much like a standard DOS or Linux console screen), one can fit 80 * 25 = 2000 symbols on the screen, giving 2000^n possible combinations, provided one can come up with 2000 easily distinguishable symbols (well, the Chinese have done it) and display them in a resolution at which they could be distinguished.

          If one just wanted to display 128 characters, one could use an 8 x 16 grid. That is hardly a challenge. Then the user can select whatever ASCII characters he/she wants to select in whatever order he/she wants to select them, again yielding 128^n possible passwords of length n.
    • Yes

      But what would you do once you become blind trying to read your own screen?
      • Security problem solved, no one can snoop your password if you can't type it in anymore. Unless of course they phreak your brain with a PET scanner or crush your balls in a walnut cracker until you tell them. Methods to circumvent either wetware attack is an exercise for the reader.

  • White glove Linux (Score:2, Interesting)

    by ajaygautam ( 554694 )
    White Glove Linux [all.net] is another similar distro. Ajay

  • Fired for Playing Games? (Score:5, Funny)

    by MattRog ( 527508 ) on Tuesday February 19, 2002 @05:09PM (#3034185)
    I can see it now:

    PHB: Johnson! Are you playing space-invaders again?

    Johnson: :amidst the beeping and explosions: No, I'm logging into my Linux box!

    PHB: Oh.. Can I get one for my system, too? That looks fun!

  • /.'d already - Google to the rescue (Score:5, Informative)

    by h2so4 ( 33298 ) on Tuesday February 19, 2002 @05:09PM (#3034187)
    Google's Cache of the page [google.com]

  • Bootable cdroms (Score:3, Interesting)

    by rangerx ( 131113 ) on Tuesday February 19, 2002 @05:12PM (#3034201) Homepage
    Instead of a floppy, why not use a cdrom? It can hold alot more, has faster load times, and many other features.
    PLAC - Portable Linux Auditing CD [sf.net]

    LNX-BBC [lnx-bbc.org]

    LBT [linuxcare.com]

  • Mark McGuire (Score:5, Funny)

    by sharkey ( 16670 ) on Tuesday February 19, 2002 @05:12PM (#3034210)
    But does it keep Major League Baseball from spying on us from space?
  • Slashdot your box, then nothing gets in or out.
  • The writeup has a link to Tin Foil Hat [trilobyte-mag.com] which is really a rant on how Liberals and Democrats are insane and cites the Presidential election of 2000 as proof.

    It seems to me that Liberals and Democrats have historically been supporters of an Individual's right to privacy. Which is what this Linux distro. aims to provide. So why put in an inflamatory reference like this?

    Could that link be the best explanation of the origin of the "Tin Foil Hat"? I shure hope it isn't.

    • Yeah... the first half of the piece was good reading, but the second half... Knee-jerk conservatism. The problem with conservatives is that they scoff before thinking about it.

      As for the election -- both sides tried to steal it. The Republicans succeeded, and Gore botched it (he'd have lost when he should have won if they'd done it his way). But that's a debate for another day (a year ago).

      /Brian
    • Ask Mr. Keller (the author of the rant) if maybe he's guilty of tinfoilhatism too. But be sure to have two bulky male nurses between you and him.
    • Neither major party has historically been a supporter of the individual's right to privacy. Democrats have historically been more concerned with effective law enforcement than individual privacy. Look at Truman's role with the CIA or Roosevelt's founding of the FBI -- and both were Democrats. See Clinton's emnity towards public availability of strong crypto, or just see http://www.spintechmag.com/9911/ma1199.htm for another take.

      The Libertarian party is the only political party I know of that takes a consistant, strong view on defending individual privacy rights.
  • Anybody else find this: "INVALID DNS SERVERS CONFIGURED AT CLIENT." on the site? Seems that there front page prints that, and anything else just shows up as not being there. A move to duck the Slashdotting?

  • If *I* were the Illuminati (Score:3, Insightful)

    by BranMan ( 29917 ) on Tuesday February 19, 2002 @05:24PM (#3034278)

    I'd just put the spy code in the Bios. What else is distributed on every computer, and run every time they boot?

    BWAHAAAAAHAAAA
  • follow to the diceware link off of the main page. pretty neat idea except for this ....
    Recently, she wanted to give her Internet password to her husband so that he could get on line. However, she still wanted to be
    able to exchange private messages with me that he would not be able to read. I, of course, introduced her to PGP.
    Sorry, why the hell was that woman married? sorry but if you cant trust your spouse then you need to not be married, not ever get married, and probably even stop dating for that matter.

  • Tempest fonts (Score:5, Interesting)

    by morcheeba ( 260908 ) on Tuesday February 19, 2002 @05:26PM (#3034287) Journal
    A nice addition would be tempest-resistant [slashdot.org] fonts! Here's a great article on tempest [cam.ac.uk] about tempest & creating fonts that are unreadable. Basically, the tempest setup only picks up the upper 30% of the frequency range, so this font has those components filtered out. But, the cool thing is that you can superimpose a (low amplitude) high-frequency pattern that isn't very visible to the user, but is visible to the tempest receiver. A whole fake Win98 screen transmitted? Here's the slide presentation for the above article [cam.ac.uk] (if you just want to look at the pretty pictures)

  • http://www.linuxfromscratch.org/ (Score:4, Insightful)

    by corebreech ( 469871 ) on Tuesday February 19, 2002 @05:26PM (#3034291) Journal
    The tinfoil hat only serves to deliver a false sense of security.

    To be truly secure, you need to build your own distribution. You need to understand what is being put on your system, and why. You need to be able to verify that the program that says it edits streams really does that, and does it without any funny business.

    I ***know*** what it running on my system. I know this because I built the binaries myself. I know this because I can look at the source code and see what it does. This is the most beautiful feature of open source; the ability to let tinfoil hat wearers like myself have near-total assurance that our systems are running only the code we want them to run.

    You don't get to say that if you're running Red Hat or Suse, or Windows or Mac. How do you know that any of these companies haven't been approached by the Feds and forced to include code that compromises your security and privacy?

    Admittedly, it's going to be some time before I get to running KDE or Gnome. Of course, I can always install a standard distribution and see what is available today. But I appreciate the ability not to have to trust one of these distributions with my personal data, or my source code.

    Actually, I'm still not to the point where I can run XFree86 yet, but EMACS using SVGATextMode [freshmeat.net] on new hardware is so obscenely fast, why should I care? Except when I want to look at naked women.

    That's why I have a Mac.
    • Where are you stuck? As soon as I get through the book and the system is usable, X is one step away. And KDE is compilation of QT and a few KDE packages. Feel free to post to the list for help here or e-mail me... (note: I'm only on the blfs-support list!)
      • It ain't that I'm stuck. It's only that I don't want to install packages that I'm not prepared to fully understand.

        No doubt most of the new stuff available today only needs a ./configure and a make install, and there it is, on your disk.

        But in my mind that's no different than installing using somebody else's distribution.

        I should fess up and say that I don't always use my installation, but that's mostly because my paycheck demands I use other code.

        That doesn't change my lust for a system I can understand, down to the statement, and one that I have complete control over. I'm sure that a lot of you who've been with Linux forever you've acquired a sense for this a long time ago; I'm kind of new to the OS though, I've only been using it for a couple of years.

        It's biggest attraction for me is that I get to be anal about learning it. Taking it one step at a time, and leaving nothing to chance.

        So what if I don't have windows! Most everything I end up doing on the Mac or on Windows is all text-based anyways. Look at the interface for Visual C or Codewarrior on the Mac and tell me exactly what I'm missing when using something like EMACS on a screen that has a resolution of over 200 characters across.

        Pretty colors? Alpha-blending? Anti-aliased fonts? It's all shit! It makes everything go slower, while making me put my nose up to the monitor so I can see what the fuck is going on!

        Why do I need that?
        • Words of the wise there. I've done the same thing. I'm getting ready to try mass-rolling this thing out in a corporate style environment. My experience is that the first time, you are better off just doing it so that you can. Then scrap it and do it "perfect" the next time. More effort to be used this way, but I found it easier. Regardles...
    • What about the compilers? Are you sure they aren't inserting any funny business into the binary code?

      While we're at it, what about the CPU, and other support chips? Have you inspected the VHDL?
      • Note that I said "near-total assurance".

        I have a lot of faith in you guys, even though I realize that when the gcc source is broadcast that not everybody reads through every single expression.

        But we're all single-stepping through the code it produces at some point.

        I've seen people reporting compiler bugs that makes you wonder just what the fuck these people are doing. When you read the back-and-forth between the people who use the compilers and those who write them it's pretty clear who's on top.

        Plus, there's Codewarrior, and Borland (is that right?) and there's always the archived compilers to compare against.

        In short, it's all out there in the open, and there are like at least ten million eyeballs on the case.

        I'm willing to risk letting the compiler prove me to be the fool.
        • I suppose that is reasonable. How many security problems have you found in your audit?
          • None.

            Then again, the software contained in the stock LFS system is pretty minimal, and has been around forever.

            The other thing I should mention is that at some point I want to put some machines on the Net and I am convinced that the best way to achieve security is through simplicity. By building your own system you know very well what is and isn't running on it.

    • Re:http://www.linuxfromscratch.org/ (Score:5, Insightful)

      by Ratbert42 ( 452340 ) on Tuesday February 19, 2002 @05:46PM (#3034425)
      But how did you build your binaries? You really should read this [acm.org] before you trust a compiler that you didn't bootstrap yourself.

      • Re:http://www.linuxfromscratch.org/ (Score:5, Interesting)

        by Lionel Hutts ( 65507 ) on Tuesday February 19, 2002 @05:52PM (#3034487) Journal
        Absolutely. For those who haven't read it, "Reflections on Trusting Trust" is Ken Thompson's story of the greatest hack of all time: changing a compiler so that it not only created a backdoor whenever compiling login.c, but so that the modification persisted when the modified compiler was applied to the source of a standard C compiler. There's just no easy way to do without trusting anyone at all.
    • You want to look at naked women on your terminal? Try using the aalib (ascii art library). It does an outstanding job of converting graphics files to ascii output.

  • Another option (Score:3, Informative)

    by the_rev_matt ( 239420 ) <slashbot@revmat[ ]om ['t.c' in gap]> on Tuesday February 19, 2002 @05:45PM (#3034413) Homepage
    KRUD (http://www.tummy.com/krud) is another great secure option. A hardened Red Hat, comes out every month with all security updates/patches/etc. It's put together by Kevin Fenzi (author of the Security HOW-TO).

  • You gotta love... (Score:3, Funny)

    by Equuleus42 ( 723 ) on Tuesday February 19, 2002 @06:10PM (#3034622) Homepage
    ...the reference he gave for a keylogger:
    http://www.keyghost.com [keyghost.com] is an example of a tiny & cheap hardware logger.
    The price of Keyghost Keylogger: $999.
    • Well, obviously if you're a student operating on a typical student's budget, $1K is a lot to spend on compromising your roommate's box.

      But to even the smallest corporation or local government, a thousand dollars is pocket change, particularly when you consider the value of the information that could be gained with such a device.

      (and as the other poster pointed out, they're actually only $200, which does make it a viable option for getting at your roommate's pr0n (assuming you aren't clever enough to find a cheaper alternative))
  • http://www.erikyyy.de/tempest/ [erikyyy.de]

    Ive heard about scavenging screenshots from computers a couple hundred feet away using the EM signal, but had serious questions on how easy this was.

    The above link does it in reverse plays MP3's through your MONITOR as an antenna !!!

    Now, that said, I have more of a belief in a tempest like system, guess its time to get my copy of tinfiol linux
  • turning the contrast of your screen down to foil prying eyes and cameras

    So basically, you're going back to the old days. If monitors keep getting better and better, we'll have to make the OS interface worse and worse to compensate. Then maybe monitor manufacturing companies, when they see that demand for their new products is through the floor, perhaps they will stop advancing their technology. And when that happens, we can all blame the halt in technological advancement on Microsoft's anticompetitive business practices!

    Everyone use Tinfoil Hat Linux! Surely it is the key to defeating Microsoft!
  • ...I would never tell _you_. Go away! Why are you reading this, anyway? Are you trackin everything I post on the net? Don't I recognize you from behind the newspaper at the coffe shop?

  • -----BEGIN PGP SIGNED MESSAGE----- (Score:4, Informative)

    by Anonymous Coward on Tuesday February 19, 2002 @08:50PM (#3035578)
    Hash: SHA1

    I'm the author of this program. It was intended as a clever

    give away at code-con, but it should also be useful for other

    people who carry their keys on floppy disks.

    I hadn't intended a widespread distribution until I could put the kernel config

    up & get a bunch of signatures on the signing key .

    Oh well.

    In response to slashdot and the email flooding in:

    The key will be up on keyservers shortly (if it isn't already. )

    signatures to follow in the next few days. There isn't any TCP/IP

    or network on this distribution, I'm not a christian redneck, keyghost

    used to be cheaper, I can't fit tempest fonts on, since the console

    is only greyscale. Direct FB fonts would be the answer, but I didn't do it.

    And the "video game style" entry is clumsy, since I didn't want to re-invent

    curses. It's all free if you want to improve it.

    And now I'm about to get on a plane and be out of communication for a while

    ;-)

    Slashcode is certain to break the signature, but here goes:

    Anonymous

    ~

    -----BEGIN PGP SIGNATURE-----

    Version: GnuPG v1.0.6 (GNU/Linux)

    Comment: For info see http://www.gnupg.org

    iD8DBQE8csA+Fr26O2gKKPMRAp79AJ9/Ej1GyB2lnIxEPv2x Tq /MvKzBdACgg++K

    uYFX2VCz3Bq9BPuv8kLGCQM=

    =6oTm

    -----END PGP SIGNATURE-----

Slashdot Top Deals

"When the going gets tough, the tough get empirical." -- Jon Carroll

Close