Silk Road forums

Discussion => Security => Topic started by: P2P on August 03, 2013, 10:48 pm

Title: Mac Spoofing and RAM with Respect to Tails + Keyloggers
Post by: P2P on August 03, 2013, 10:48 pm
I am interested to know what Tails does about one's mac address and RAM. Is RAM automatically encrypted on Tails? For example, if I ctr+c this message I am writing, is that text file encrypted before being stored in RAM?

In addition, I have heard about macchanger, but I do not know how to use it. I cannot find it in applications. And I do not know if it is just something that Tails runs automatically. Please advise with respect to having a mac changer on Tails.

Last but not least, I am interested in how one would go about protecting against keyloggers. Yes, we all know the obvious answers, but our enemies are not schoolyard hackers. They are some of the biggest and most powerful entities in the world, with nearly unlimited money and manpower. Would a prudent internet surfer not assume that, even with antivirus software, the government would not make a deal with all major AV providers to "ignore" certain brands, or even to make up their own unknown "strains" themselves? Taking it a step further, how can one ENSURE (100%) there is no software/hardware keyloggers on one's comp?

Thank you for any and all contributions.
Title: Re: Mac Spoofing and RAM with Respect to Tails + Keyloggers
Post by: comsec on August 03, 2013, 11:50 pm
The best way to avoid software keyloggers is use a stored media which can't be rewritten (CD/DVD-R) or use a virtual snapshot (you store encrypted) to guarantee you will load a fresh snapshot everytime free of previous software keyloggers. Tails on USB can also be used but only if it's always on you, or hidden somewhere you hope nobody will find and alter when you aren't around. It also helps to remove all java plugins from your browser and javascript or don't even use a graphical browser. Use lynx. You can also configure a firewall to look for anything phoning home, though they can hide their keylogger traffic in regular browser or linkedin/facebook app traffic.

Another method is encrypt your hard drive, and if using linux keep the boot loader on you at all times on a usb keychain so there's just encrypted disks, and nothing to sabotage. OpenBSD (softraid0) allows you encrypt the entire disc including boot loaders now starting with 5.3 so carrying around a usb isn't needed unless you opt to also use a keyfile + password combo to unlock drives.

This of course doesn't defeat all sorts of other keyloggers that can exist:
- hardware keylogger either backdoored by manufacturer or snuck into your device. buy Taiwanese hardware, avoid proprietary whenever you can. avoid all HP, Dell and other American products.
- power cable keyloggers, either a malicious power bar like this: http://pwnieexpress.com/products/power-pwn or physical altering of your power socket that can be used for cryptanalysis keylogging
- sound attacks, a special microphone set up to record the sound of keystrokes and determine what they are by freq. laptops all have internal mics that can be turned on but as far as I know, only work on OSX/Windows machines
- accelerometer attacks. your phone sitting on your desk can record keystrokes using the accelerometer. phone security is terrible, they can remotely access this information (don't keep phone on your desk)
- a camera put in your space that records everything
- TEMPEST attack, where feds in the next room beside your hotel or apartment can read your screen

It's unlikely any of the above will be used against somebody who isn't a terrorist or julian assange/snowden, but gang task force where I live has broken into safe houses and installed cameras/mics numerous times. They've also reprogrammed air cards to install keyloggers. Don't ever use an internet usb or dongle with a sim card. You have no control over the firmware in it nor the sim card, which runs it's own O/S system on chip.

macchanger I'm not sure if Tails includes it, but you can read their design document to find out everything they've done to alter MAC addresses if you're using wifi https://tails.boum.org/contribute/design/

[EDIT]it looks like they DON'T change the MAC: https://tails.boum.org/contribute/design/MAC_address/ so if you want to do it yourself: open terminal (or admin terminal)

sudo ifconfig eth0 down sudo macchanger -a -e eth0 sudo ifconfig eth0 up

where eth0 is assumed to be the network interface with the Internet connection. this will set a random mac. of course you can also make this into a script and keep it in persistent USB drive.

I don't know of any O/S that does encrypted RAM but they do encrypted swap, and have memory protection in place like malloc to prevent users accessing each other's RAM (can be circumvented). I don't think Tails encrypts the swap, but you can set this up yourself if you want just look up any debian how-to to turn on encrypted swap. OpenBSD does this by default since years ago. The best option is use DDR3 ram, since once they are powered down they don't hold any voltage thus no info to recover during a cold boot attack. Even if you had encrypted RAM, the o/s needs to read it so if a malicious application stole pieces of memory (while O/S was turned on) it would be unencrypted anyways.

Check out their design document maybe there's more info in there.