summary: desktop hardening, ¡sí! punting online privacy, ¡no! details: David Schwartz[1] >> It would appear that the defendant in this case is basically arguing Heisenburg's Uncertainty Principle is at play, in that the use of a trojan to identify and spy on his machine may have resulted in the files they found there to have come from unspecified sources, It would so appear if you didn't read the decision[2] :-) But if you *did*, you'd discover, on page 2, Henry Coke Morgan, Jr, US vs Matish, 21 Jun 2016[2] > Defendant seeks to suppress "all evidence seized from Mr. Matish's home computer by the FBI on or about February 27, 2015 through the use of a network investigative technique, as well as all fruits of that search." The US Government does not deny seizing files from Matish's computer via malware, because those files are its case! David Schwartz[1] >> the term "online privacy" is an oxymoron, encryption not withstanding. Use the interwebs at your own risk. So you support legalizing attacks by any party on any system? Or are you merely special-pleading for governmental attacks? Either way, your position seems absurd. Yes, online privacy is under attack, but that empirical claim in no way justifies the normative claim that one has no *right* to privacy--that's an elementary category mistake. (To which, BTW, any competent introduction-to-philosophy course cure will increase immunity. Repeat after me: you can't get "ought" from "is.") der.hans[3] >>>> Maybe it's time to notch up the desktop security series to be a desktop hardening series. WFM. This might also be good for outreach-type events: e.g., "easy FOSS ways you can make linux much more secure than whatever you're using now." Some topics one might include (numbering purely for identification, and this list is not meant to be comprehensive): 1. Firewall configuration. Esp now that easy-to-use tools like `gufw`[4] are being included with popular distros. 2. Identifying and closing open ports ... 2.1. ... and how to test for and recover from port-closing problems (i.e., identifying when you have hosed services that you really want, and restoring them) 3. Disk encryption: e.g., 3.1. installing LUKS on both new and in-use systems 3.2. LVM integration issues: e.g., is it better to manage LVM volumes on a LUKS-encrypted disk or partition, or to encrypt individual volumes? 3.3. encrypting backups: e.g., is it better to encrypt the disk and write files "normally," or to keep the disk unencrypted and write encrypted backup files (with, e.g., `duplicity`)? 4. Degrade on login failure: Eric Oyen[5] >>> If I had the option like I do on the iPhone, I could set it up so that so many [login] retries would erase the system. WFM: I have good backups . But the obvious problem (IIUC--please correct me if not) is that a true erasure would take a very long time for current-normal PC disk sizes: presumably the attacker would just pull the battery or powercord after less time than erasure would require. OTOH, there might be ways to do something quickly that would make data recovery significantly more difficult/time-consuming, esp for already-encrypted contents. 5. OS hardening for {desktop users, mere mortals}: 5.1. introduction to , SELinux (emphasis on "for mere mortals" :-), LSM, AppArmor 5.2. how to test for and recover from configuration problems 6. Using self-hacking tools, e.g., Kali Linux, Metasploit FWIW, Tom Roche [1]: http://lists.phxlinux.org/lurker/message/20160712.072528.e187e802.en.html [2]: https://www.eff.org/files/2016/06/23/matish_suppression_edva.pdf [3]: http://lists.phxlinux.org/lurker/message/20160712.053026.f25b8ec0.en.html [4]: https://en.wikipedia.org/wiki/Uncomplicated_Firewall#GUIs_for_Uncomplicated_Firewall [5]: http://lists.phxlinux.org/lurker/message/20160712.064246.80f8300c.en.html --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss