Main Area and Open Discussion > General Software Discussion
instant linux on winxp
mahesh2k:
One more vote for qemu but I doubt if there is any way with qemu and ubuntu.
Paul Keith:
Can you expand more on how it helps you with web-banking?-Paul Keith (September 06, 2012, 09:19 AM)
--- End quote ---
Certainly.
First, let's get the obvious out of the way: it doesn't help a whole lot if the host machine has been compromised. With that out of the way...
The above-mentioned NemID has been shoved down our throats. It was commissioned by the big financial interests, and being run by a private (and, it unfortunately seems, darn incompetent) company. If it was just a banking system, it would be kinda OK - at least it offers two-factor authentication. BUT:
1) it's becoming mandatory for interacting with the government - so it should be classified as critical infrastructure (yet still being run by a private company, and iirc hosted by a company owned by a US company... patriot act...)
2) it's used for digital signature stuff. While technically there's cryptographic certificates involved, they're stored in escrow, giving us no control over them. While this might be safer than having a password-protected keyfile for 99% of the Danish population, it's scary that we have no alternative.
3) not only does NemID require a Java plugin (keep in mind how many security holes Java has had over the years), it has a signed Java applet that's really just a boostrapper, which downloads an unsigned java applet at runtime... and this unsigned applet contains native libraries invoked via JNI.
4) the company behind is extremely arrogant, having claimed that any possible attacks were purely theoretic, etc. Didn't take long before we saw the first real-world MITM attacks against it.
5) <tinfoil-hat>being shoved down our throats, and designed how it is, it would be the perfect trojan-launching vessel for the PET.</tinfoil-hat>
So yeah, I definitely want to keep that piece of crap contained in a VM. Also means I can keep the Java plugin out of the browser I use for everyday stuff, and thus be a helluva lot safer in general browsing. Just like my main browser, the one in the VM also has AdBlockPlus+NoScript+Certificate Patrol+Ghostery - and it's only used for web-banking and other NemID-requiring sites.
-f0dder (September 06, 2012, 09:38 AM)
--- End quote ---
Thanks.
Judging by your usage, would it be correct to assume that it only protects the scenario where the java plugin has been compromised? That is to say, the digital signature stored in escrow is still an exposed factor or does using Linux/using a VM serve as a form of anonymizer/2nd layer encryption against the system?
I'm not really familiar with digital signatures.
f0dder:
I'm not really familiar with digital signatures.-Paul Keith (September 06, 2012, 10:57 AM)
--- End quote ---
Let's start with that, then.
A digital signature is used to "sign" "something" to prove that you are who you claim to be - so far, so good. The ones I know about are based on public/private-key cryptography, e.g. RSA. The public part of your key is public knowledge, and you keep the private key really close to your heart. For normal scenarios, you'd keep it in a keyfile encrypted with a symmetric cipher, and a Real Good(TM) passphrase.
I'm not going to dive into how signing is done, since "it depends", but the important part is that it requires your private key. Oh, and that signing can potentially be used for stuff like acknowledging a bank transfer, or signing over the rights of your house to somebody else.
With key escrowing, instead of keeping your encrypted keyfile on your harddisk, you trust a third party to keep the private key stored. Now, I do believe company behind NemID to have proper HSM storage, and I mostly believe their claims that the system is not backdoored. But I do know that they have the capability to wait for my next NemID login and snoop my passphrase, and would thus be able to get at my private key. This is not tinfoil-hat, it has been revealed in a government question about the security.
So... I'm not super-worried about a hacker penetrating the system and grabbing all the keys - but it would be possible to snoop on people (or do more nefarious things) given a court order (we're not quite at the level of .us anti-terroism laws in .dk yet, but getting there). But (if I remember correctly wrt. the company ownership), I guess the patriot act could be involved (that's slightly tinfoil-hat).
That said, I do believe key escrowing is better for the majority of people, and the solution does add 2-factor authentication by the use of single-use 6-digit codes on a keycard. It's a cheaper and more pragmatic solution than keyfrobs or the like, and while it's one of the best things about the system, it's ironically also one of the things people bitch most about, while completely ignoring the security repercussions of the system. Sheeple, *sigh*.
Judging by your usage, would it be correct to assume that it only protects the scenario where the java plugin has been compromised?-Paul Keith (September 06, 2012, 10:57 AM)
--- End quote ---
The Java plugin, or any number of other attack vectors, yes.
That is to say, the digital signature stored in escrow is still an exposed factor or does using Linux/using a VM serve as a form of anonymizer/2nd layer encryption against the system?-Paul Keith (September 06, 2012, 10:57 AM)
--- End quote ---
Well, the main thing to avoid is having the Java plugin in your day-to-day webbrowser. I try to get everybody I know to get rid of it, and use a second browser (or alternate firefox profile, whatever) for the NemID stuff.
The reasons for running it in linux is a bit of paranoia, and a "go fsck yourselves, NemID" attitude. First of all, should something slip through the browser (however extremely unlikely), there's more malware for Windows than for Linux (that's not to say that there aren't juicy exploits available for Linux, but they're the kind you don't see in widespread use. If you're hit by one, you should probably be worried). Also, there's the fact that the NemID Java applet contains native x86 code - I don't really want "random" native code running on my machine. "We need it for making a fingerprint of your system", yeah right. I don't expect to be the target of a police investigation anytime soon, but I sure as hell don't want anybody to have a wonderful trojan delivery backdoor mechanism on my machine. While it's unlikely that the private keys are going to get hacked out of NemID, wouldn't the machine serving the non-bootstrap .jar be a juicy target? I think so.
Paul Keith:
Thanks for the highly informative clarification.
To everyone else: I won't try to derail this thread any longer. It's just posts like these aren't stuff you can normally chance upon.
kalos:
I installed Puppy Linux and it offers to reboot my system :/
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version