Silk Road forums
Discussion => Security => Topic started by: yaosh on January 26, 2012, 04:49 pm
-
Guys, I see VMs being mentioned for security here a lot. There are some things you need to keep in mind here.
1) Your full disk encrypted uber-m3ga-matix-leet VM does not encrypt its RAM when saving its state to disk, potentially saving passwords to disk unencrypted, as well as browsing information, and more. Always shut down your VM completely, don't pause it.
2) VM emulators may or may not implement some hardware features relied upon by security software. They might just FAKE it to maintain compatibility. Read up on VM support in the manuals for TrueCrypt and other software.
3) An encrypted filesystem within a VM stored on an unencrypted system volume is subject to many more methods of attack than a fully encrypted real filesystem.
4) If you acquired a prefab uberleet-hax0r VM from someone else, be sure you understand how it is configured and make sure it doesn't have rootkits, keyloggers, etc. built into it because the creator knows most people looking for a premade VM wouldn't know how to detect these things. A real dick could create some VM for the 'safety of fellow users' and hide a keylogger in it to capture your usernames, passwords, bitcoin information... This dick might even be an LEO posing as a trusted guy looking out for his brothers. If you lack the skill to analyze the virtual system you are operating, you cannot be sure it is secure, stick to simpler tried and true methods such as encrypting your entire system.
5) Unless for some reason you REALLY need to store information in your VM, just set the damned thing to read only or non-persistent so every time you boot it, it is fresh and unmodified. If you did end up with some kind of security compromise, it would be gone after the next VM restart, which may even prevent some malware from installing itself properly and ever reporting any information.
I'm just saying, I've been doing this kind of thing for 16 years and there is no "easy button" for security, no matter what someone tells you. Security done wrong can screw you more than never messing with it at all.
-
make sure it doesn't have rootkits, keyloggers, etc. built into it because the creator knows most people looking for a premade VM wouldn't know how to detect these things. A real dick could create some VM for the 'safety of fellow users' and hide a keylogger in it to capture your usernames, passwords, bitcoin information... This dick might even be an LEO posing as a trusted guy looking out for his brothers.
If this isn't happening already, its only a matter of time.
stick to simpler tried and true methods such as encrypting your entire system.
^
-
Exactly my toughs, yaosh!
What buyer needs to be secure?
1. Clean operating system. Most users are using MS Windows. This might be hard to tell if the OS is clean or not if someone else have it set up for you. If you installed your OS by yourself using the original CD/DVD you can be pretty sure it is clean.
2. Full disc encryption with TrueCrypt, including system drive. This can be done after reading TrueCrypt quickstart guide. Be sure to use really strong password.
3. Tor browser bundle - it is easiest way to get Tor running. It is available from Tor project and can be run in seconds.
4. GnuPG command line version and WinPT frontend.
These steps can be done by most computer users.
-
Thanks a lot for chiming in to support the facts guys. A lot of new people should read this I think, and understand that the only way to be secure is to understand security. You can't keep thieves out of a building without understanding breaking and entering, nor can you secure a computer without understanding the entry points.
Ever notice how almost all government and military PCs are restricted to using only certain software, reset their state on reboot, disallow access to external hardware... There are a fuckton of good reasons for all of that pain in the ass.
Here's a.... parable, to show how important it is to suspect everything. Car company A steals information from car company B, and now has them by the balls. Company B needs to turn the tables to induce a stalemate. Company A has really excellent security however, both physically and electronically. Their sensitive data isn't even kept on a network which has access to the outside world. Our hacker finishes his initial assessment and concludes that this probably isn't worth the money to fuck with... Then he notices something during a building walkthrough. A networked multifunction device, a photocopier being used for scanning, printing, and faxing throughout the office. Following the copper trail, he finds that the copier is also shared by another subnet. The firmware on this copier, he finds during investigation, can be accessed through telnet and uses some rudimentary network services. Telnetting in and using the copier to create a tunnel, he gains access to the secure net which isn't really so secure inside because everyone assumes it is inaccessible. Stalemate.
Act like there are ninjas in every router, USB disk, application, and document, just waiting to jump out and kill you. Don't allow Java applications or plugins, don't open anything which can be scripted... Excel, Word... And keep in mind that your keystrokes, sent to a "secure" VM are passed to it by the external operating system, and subject to intercept and storage by it. Maybe Windows is using a memory buffer for keystrokes sent to the VM to prevent losing the stream if it lags. This buffer sits in memory, with your password in clear plaintext. You shut down your secure VM and leave your PC running to download the latest schoolgirl tentacle rape. LEO busts in, scans your DIMMs to a field mirroring device, takes it back to the lab and checks for anything odd. They find that memory buffer, which was released by Windows but never overwritten since uTorrent wasn't eating RAM at those addresses, so your password to your encrypted volume is still there. Sure, TrueCrypt and vmWare did their job, they didn't hang onto that data... but your RAM did. Oh and by the way, they found remnants of all the text you entered while typing the message you later GPG encrypted to send to an SR user because your VM manager was configured for shared clipboard contents. They now have, in your own words, an admission of guilt.
If you think you're being paranoid, good. Keep being paranoid. Be fucking insane, and remain insane outside of prison.
-
Too much paranoia is counterproductive. Only proper understanding of security will help. Even large corporations and government agencies suffer from this, so they pay much attention to basically useless security practices and outright reject some good ones.
-
Thank you so much. You just saved me a lot of BTC. I'll go for truecrypt rather than learning linux -30 BTC.
-
Truecrypt doesn't protect from hackers at all though, only from people who already have physical access to your computer. Plus it only protects from them if they are retarded and don't know how to covertly obtain passphrases, or just cold boot memory into a forensics laptop.
VMs can be useful for security, but it is a matter of having the right type of VM and also knowing the benefits and limitations. Isolating network facing applications into VM away from Tor and your real IP address can be a very big security boost in some ways, for one it can eliminate all possible IP leaks / DNS leaks etc. For two it can make it so even if you are rooted the attacker can not obtain your real IP address unless they break out of the VM and get to the host. It has disadvantages too though, primarily it increases complexity, which means that it is easier for the attacker to root your VM than it would be for them to root the same OS running on bare metal. The type of VM used has a lot to say about how hard it is for the attacker to break out of the VM and how much easier it is for them to root the VM versus the same os being run on bare metal. Paravirtualization seems to be the best of both worlds. Check out Qubes OS it is pretty cool security oriented distro that is based on Xen, it lets you create security domains and automatically puts every application you launch into a VM that is isolated into a security domain you set.
Windows is still widely considered to be the least secure choice of OS, and using Truecrypt for FDE doesn't protect from anything but a small range of potential attacks. You should still use FDE on your real disk though, and of course not rely on FDE of a virtual drive.
If you are not using some sort of GUI isolation, be it from VMs or from mandatory access control profiles, any compromise of a windowed application is pretty much game over. You could have a Tetris application that has lowest possible user privileges pwnt, sucks because your desktop environment almost certainly is broadcasting keystrokes to all windowed applications, so they can spy on your keystrokes and EOP to root after you SU.
Pretty much what it boils down to is that you can use the best encryption algorithms every place you possibly can, and the best anonymity networks in the world, and it isn't going to do shit to protect you if you are hacked. Using encryption and anonymizers is important, but hardening your OS and using advanced configuration techniques and technologies to protect from hackers is just as important, and Windows is about as specialized for high security against hackers as *BSD is for gaming.
If you don't think you need to worry about being hacked just look up CIPAV. When FBI runs into a wall trying to identify a target who is using strong encryption and anonymizers, they turn to their arsenal of zero days and potentially-unpatched-exploits and try to find a combination that lets them by pass the security functionality that they can't directly break. DEA was working on developing a similar set of pre-packaged hacking tools for tracing and wiretapping targets using crypto/anonymizers as well, I heard about that for the first time about two years ago.