.

12 Steps to a malware free existence

<<

Hudson185

Newbie
Newbie

Posts: 12

Joined: Fri Nov 16, 2012 1:07 pm

Post Wed Nov 28, 2012 12:57 pm

Re: 12 Steps to a malware free existence

I assume that the sd cards are read-only and that no hard disk is not mounted. The files on the read only sd card are encrypted with truecrypt and the password for truecrypt is on a Yubikey to decrypt. The passwords are in Keepass a password manager and require keyfile on a separate read only sd card. Also I assume the power user is smart enough to change the default root password and run no-script on firefox.
Certifications:
OSWP
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Nov 28, 2012 2:58 pm

Re: 12 Steps to a malware free existence

Hudson185 wrote:I assume that the sd cards are read-only and that no hard disk is not mounted. The files on the read only sd card are encrypted with truecrypt and the password for truecrypt is on a Yubikey to decrypt. The passwords are in Keepass a password manager and require keyfile on a separate read only sd card. Also I assume the power user is smart enough to change the default root password and run no-script on firefox.


Read only or not, it's still accessible. I don't need to write to things, to have the ablitly to start copying your data.

however as root, the command mount -o rw <insert target drive> is a thing as well.

Keypass has stuff in memory, not hard to do a memory dump as root.

As for the power user... At DerbyCON, lots of clue full people there, a network scan turned up over 100 backtrack boxes with default login creds of root /toor.

Like I hinted before, if you want to be serious about it. Load TAILS.
OSWP, Sec+
<<

Hudson185

Newbie
Newbie

Posts: 12

Joined: Fri Nov 16, 2012 1:07 pm

Post Wed Nov 28, 2012 3:11 pm

Re: 12 Steps to a malware free existence

TAILS is for anonimity not security Tor's security sucks (http://nspill.blogspot.com/2010/04/tor- ... strip.html) but it's anonymity is good. Using backtrack 5 R3 with vpn is much more secure but it's not anonymous. Also the chances of having a attacker that is dedicated is really low. Compared to Windows and Mac and Ubuntu your much more secure.
Certifications:
OSWP
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Nov 28, 2012 5:36 pm

Re: 12 Steps to a malware free existence

Hudson185 wrote:Using backtrack 5 R3 with vpn is much more secure ...


More secure than what? a soggy napkin? If you want secure, run a stripped down gentoo or *BSD box with only the bare necessities, no compiler, services disabled, FDE, etc. BT5 not only runs as root (yes you can change but, I run a BT5 VM with a locked down user and su when I need root but it's still very insecure) but has so much cruft installed you will have an extremely hard time making it secure. That's not what it's designed for. Choose the right tools for the job. Hell I'm pretty sure my Windows 7 box the way I have it locked down is more secure than most BT5 installs.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Wed Nov 28, 2012 10:24 pm

Re: 12 Steps to a malware free existence

ajohnson wrote:Why is everyone saying BackTrack is outdated? It's based off an LTS version of Ubuntu and is still completely supported: https://wiki.ubuntu.com/LTS


it's based off of 10.04 (lucid) which while in theory is still LTS but does not get nearly as much attention as other releases and BT uses different repos then normal lucid for most of it's programs which have out dated versions (with the exception of firefox and a few others) and they slapped on a kernel version that is no where near what lucid was designed to work with.
where did all the fun go?
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Nov 29, 2012 9:26 am

Re: 12 Steps to a malware free existence

jinwald12 wrote:it's based off of 10.04 (lucid) which while in theory is still LTS but does not get nearly as much attention as other releases and BT uses different repos then normal lucid for most of it's programs which have out dated versions (with the exception of firefox and a few others) and they slapped on a kernel version that is no where near what lucid was designed to work with.


I guess that depends on your definition of "outdated" then. A 10.x release is obviously not going to have all the bells and whistles as a 12.x release, but it's not unsupported or neglected either.

Back to the main topic, BackTrack really shouldn't be used as a "secure" distro since that's not its purpose. As mentioned by others, it has numerous changes that make it less secure right out of the gate (default password of toor, root SSH login enabled, etc.) Are you really going to change your password and disable root SSH logins every time you launch the live CD? Why would you even want to deal with having to harden your system every time you boot it? Spend $8 on another thumb drive and use a distro that's designed for security.
The day you stop learning is the day you start becoming obsolete.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Thu Nov 29, 2012 11:34 am

Re: 12 Steps to a malware free existence

Hudson185 wrote:TAILS is for anonimity not security Tor's security sucks (http://nspill.blogspot.com/2010/04/tor- ... strip.html) but it's anonymity is good. Using backtrack 5 R3 with vpn is much more secure but it's not anonymous.


T.A.I.L.S is about more than anonymity. T.O.R. is just one of the things it uses, it's just the one that gets the most press. It has other features built in, so if you're running it, your protected. It boots more secure than BT5r3 does. Firewall on by default. Blocking inbound connections. You also don't have to use TOR on it if you don't want to.
OSWP, Sec+
<<

Hudson185

Newbie
Newbie

Posts: 12

Joined: Fri Nov 16, 2012 1:07 pm

Post Thu Nov 29, 2012 2:55 pm

Re: 12 Steps to a malware free existence

Tried out T.A.I.L.S it's cool and user friendly but it lacks wine and truecrypt. So I still would say backtrack 5 r3 is a better choice if your only going to use a live cd.
Certifications:
OSWP
<<

Hudson185

Newbie
Newbie

Posts: 12

Joined: Fri Nov 16, 2012 1:07 pm

Post Mon Dec 24, 2012 11:22 pm

Re: 12 Steps to a malware free existence

Also posted this on hak5.org encouraging people to come to ethicalhacker.net

157 views so far...
http://forums.hak5.org/index.php?/topic ... 3-live-cd/
Certifications:
OSWP
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Dec 25, 2012 2:53 pm

Re: 12 Steps to a malware free existence

You can install other packages as you need them. Sine T.A.I.L.S. is already dvd sized, it would be worth a try to contact the dev to install those in the next version of the dvd.
OSWP, Sec+
<<

Hudson185

Newbie
Newbie

Posts: 12

Joined: Fri Nov 16, 2012 1:07 pm

Post Tue Dec 25, 2012 8:52 pm

Re: 12 Steps to a malware free existence

chrisj wrote:You can install other packages as you need them. Sine T.A.I.L.S. is already dvd sized, it would be worth a try to contact the dev to install those in the next version of the dvd.


That's defiantly a good idea. It would be great to see wine and truecrypt on a more user friendly OS like  T.A.I.L.S.
Certifications:
OSWP
<<

Hudson185

Newbie
Newbie

Posts: 12

Joined: Fri Nov 16, 2012 1:07 pm

Post Wed Dec 26, 2012 10:51 pm

Re: 12 Steps to a malware free existence

I wrote the developers I doubt we will see Wine on T.A.I.L.S.
Aslo the developers do not like truecrypt

"... Tails developers do not recommend TrueCrypt. We include TrueCrypt only to allow users of the (old and now unsupported) Incognito live system to access the data on previously created media. In the future, we would like to provide proper alternatives and stop distributing TrueCrypt. This means that you should not create new TrueCrypt media if you intend to stay with Tails in the long run."
I would say that backtrack 5 R3 is still the best choice at the moment

Please add Wine and TrueCrypt
Inbox
x
Hudson Seiler <>

Dec 25 (1 day ago)

to tails-dev
Hello recently I wrote an article about avoiding banking trojans and bots on http://www.ethicalhacker.net using Backtrack 5 r3 live cd. I thought that Backtrack 5 r3 was okay for the power user, but not the common user. Then I was told about Tails my only complaint with it is the lack of Wine and TrueCrypt. It would be awsome if you could add Wine and TrueCrypt to the live cd.

article
http://www.ethicalhacker.net/component/ ... ic,9571.0/

sincerely,
Hudson Seiler

Reply


5:27 PM (4 hours ago)

to Tails, me
> Truecrypt is very useful indeed, but it can be installed on Tails,
> simply download the tar.gz package from truecrypt.org and execute the
> script, it will install it.
>
> I also recommend to the development team that truecrypt should be
> included by default and come with the DVD already.

TrueCrypt is already included in Tails, please refer to the doc:

https://tails.boum.org/doc/encryption_a ... truecrypt/.

Regarding Wine, Tails is not meant to be a general purpose operating
system but a selection of tools designed to answer some particular use
cases, see our design doc:

https://tails.boum.org/contribute/design/

Apart from the fact that I really doubt we want to encourage people
running probably non-free software through Wine. How would Wine help us
fulfil better our goals?
Last edited by Hudson185 on Wed Feb 13, 2013 10:59 pm, edited 1 time in total.
Certifications:
OSWP
<<

encryptedmind

Newbie
Newbie

Posts: 8

Joined: Fri Apr 05, 2013 12:23 am

Post Wed Apr 17, 2013 4:43 am

Re: 12 Steps to a malware free existence

For most of the layusers getting to work on complicated software is not really their thing. A simple truecrypt based encryption works well.

Couple that with a top ranking AV product and a top ranking firewall (free or fee) should do the trick.

2 step verification is recommended. Local downloaded mails should be encrypted as well.

The think I would do optimally is to create a virtual hard disk in vmware and use that sandboxed environment for much of the daily tasks. Keep the fully installed and configured virtual machine image as a backup in an external HD for retrieval.

Use a sandboxed browser like chrome in a sandboxed environment like sandboxie within a virtual machine. Use shared folder only when really required. Couple more security with deep freeze for total recall. Optimally use a vpn / tor.

Take system file hashed once in a while to make sure of the system integrity.

The rest is just net common sense, dont surf dubious link, download software from suspicious sources. Scan files before installation.

THE MOST IMPORTANT RULE OF ALL -- TAKE REGULAR BACKUPS OF EVERYTHING YOU THINK IS USEFUL, EVERYDAY/EVERYOTHER DAY.

The above rule has saved my a*** many many a times.

Computers and computer software are not perfect because we humans are not perfect.
Last edited by encryptedmind on Wed Apr 17, 2013 4:48 am, edited 1 time in total.
Previous

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software