Re: Real Survivalists Don't Do Windoze

Curly Surmudgeon wrote:
On Sat, 06 Mar 2010 19:06:39 +0000, Curly Surmudgeon
<CurlySurmudgeon@xxxxxxxx> wrote:

On Sat, 06 Mar 2010 04:18:40 -0500, Strabo <strabo@xxxxxxxxxxxxxx>
wrote:

Curly Surmudgeon wrote:
Is this cool or what?

I'm on a Red Hat Linux laptop running TightVNC over a ssh tunnel to a
Ubuntu workstation behind an OpenBSD firewall while displaying a
1580x1024 desktop. The latency isn't that bad either.

In lay terms I'm controlling a high powered Linux desktop workstation
with high resolution graphical user interface, complete with mouse and
scrollbar through a 2048-bit rsa encrypted tunnel across the internet
onto a smaller display laptop with much less horsepower as a single
window on one of six Linux desktops.

Anyone who is seriously concerned about security should dump Windows
and move to Linux. You can't do this shit using Micro$oft products.


Sure can - PuTTY SSH
Very good. Yup, good first step. That gets you the encrypted pipe but
how are you going to run VNC over PuTTY? Windows VNC encrypts the
password but after that your dick is hanging out for all to see. I was
able to edit documents in OpenOffice just as though at my workstation
except for a bit of lag. The only weirdness found was Alt-Tab and
there's a work-around for that. Alt-tab was intercepted by the laptop.
Even switching desktops in gnome, cntrl-alt-left/right cursor worked
fine.

Last night I was playing around with security, even reading individual
packets with Ethereal, testing my own shit and trying to hack in. But
those are only s/w protections and say nothing about physical security.

Later I shut the workstation down and tried to hack in by booting from a
CD and brute force entry. Was pleased to find that's essentially
impossible. Only /boot was visible even at the sector level. Crypto
disk, with a 2,048 bit key was unbreakable as I'd previously proven on
external USB drives used for backup.

Now I'm wondering what data I can put on here worth all that security.
But nobody is getting in...

Now RSA encryption can be broken with h/w access:


1024-bit RSA encryption cracked by carefully starving CPU of electricity
By Sean Hollister posted Mar 9th 2010 2:47AM


Do you believe this?

>
[ http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-
carefully-starving-cpu-of-ele ]
---
Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA
hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.

.

Relevant Pages

  • Re: Real Survivalists Dont Do Windoze
    ... In lay terms I'm controlling a high powered Linux desktop workstation ... Now RSA encryption can be broken with h/w access: ...
    (misc.survivalism)
  • Re: Real Survivalists Dont Do Windoze
    ... I'm on a Red Hat Linux laptop running TightVNC over a ssh tunnel to ... workstation with high resolution graphical user interface, ... Now RSA encryption can be broken with h/w access: ...
    (misc.survivalism)
  • Re: Real Survivalists Dont Do Windoze
    ... I'm on a Red Hat Linux laptop running TightVNC over a ssh tunnel to a ... In lay terms I'm controlling a high powered Linux desktop workstation ... Anyone who is seriously concerned about security should dump Windows ...
    (misc.survivalism)
  • Re: Real Survivalists Dont Do Windoze
    ... In lay terms I'm controlling a high powered Linux desktop workstation ... onto a smaller display laptop with much less horsepower as a single ... Anyone who is seriously concerned about security should dump Windows ...
    (misc.survivalism)
  • Re: Real Survivalists Dont Do Windoze
    ... In lay terms I'm controlling a high powered Linux desktop workstation ... onto a smaller display laptop with much less horsepower as a single ... Last night I was playing around with security, even reading individual packets with Ethereal, testing my own shit and trying to hack in. ...
    (misc.survivalism)