Category Archives: security

Hardening Debian for the Desktop Using Grsecurity

I recently built a desktop system that I think is reasonably secure. It’s running Debian sid, also known as “unstable” — though in the Debian desktop world that just means you get to use the newest software. It’s just about as stable as “stable”, and besides, #yolo. It’s also running a grsecurity-patched Linux kernel and PaX, technologies that make Linux way more secure. Grsecurity protects you against memory corruption attacks, such as buffer overflows.

Last October I traveled to Moscow and interviewed Edward Snowden. Here’s one of the things he told me:

“Something that we haven’t seen that we need to see is a greater hardening of the overall kernels of every operating system through things like grsecurity, but unfortunately there’s a big usability gap between the capabilities that are out there, that are possible, and what is attainable for the average user.”

Since I just set up Debian with a grsec kernel, I figured I’d write a tutorial for how to do it. It’s still a long way before the average user can take advantage of this stuff – it breaks everything, and the user needs to learn how to diagnose and fix it themselves – but I think that it’s well within the capabilities of Linux nerds who are comfortable using a terminal. You can probably also follow along no matter what Linux distribution you’re using. Also, I’m fairly new to grsecurity myself, so if you have tips or suggestions, or if I got something wrong, please post in the comments.

Continue reading

Some Thoughts on Faraday Bags and Operational Security

I recently took a trip to Moscow to interview National Security Agency whistblower Edward Snowden about operational security. In the article I published on The Intercept, I mentioned that I used a faraday bag.

Our first meeting would be in the hotel lobby, and I arrived with all my important electronic gear in tow. I had powered down my smartphone and placed it in a “faraday bag” designed to block all radio emissions.

Since I published my interview, many people have asked me for more information about this faraday bag — which product did I get, what does it protect against, how does it work? So here are some quick thoughts on the topic.

Continue reading

Dual-booting Qubes and Ubuntu with Encrypted Disks

Qubes is my preferred operating system, but occasionally you need to run something else. It’s hard to get certain hardware working the way you expect in Qubes, like webcams or non-disk USB devices. And Qubes VMs don’t support 3D acceleration, which you might occasionally need. You also can’t run VirtualBox inside of Qubes. You normally don’t have any reason to do this, except for very specific cases, like software development with Vagrant.

So here are instructions for how to dual-boot Qubes R2 rc1 and Ubuntu 14.04 LTS, using disk encryption for both. You should be able to adopt this same technique to dual-boot pretty much any two GNU/Linux distros with disk encryption. Keep in mind that if you’re booted into Ubuntu and you get owned, it’s possible for the attacker to then compromise Qubes. (You have to get really, really, really owned for an attacker who compromised Qubes to then compromise Ubuntu.)

Continue reading

The Operating System That Can Protect You Even if You Get Hacked

This was originally published on the Freedom of the Press Foundation’s blog.

We wrote about the importance of the Tails operating system to all of the NSA journalists last week, but there’s also another little-known operating system that journalists should consider using if they find themselves in high-risk scenarios. It’s called Qubes.

I’ve only been using Qubes for a few weeks, but I feel like my operating system is now a digital fortress. Let me try to explain why, and how Qubes differs from Tails.

Qubes’ design is based off an important law of software: all programs contain bugs. Some of these are security vulnerabilities. Your computer can get hacked by viewing a Flash video or using javascript in your web browser: this is likely how NSA’s QUANTUM/FOXACID programs hack people. Your computer could also get hacked by opening a PDF, or a Microsoft Word or LibreOffice document, or just by viewing a JPG or GIF.

If any piece of software gets compromised, your whole computer is compromised. The attacker can look at your files, log your keystrokes, take screenshots, steal your encryption keys, and read the emails that you type before you even have a chance to encrypt them.

Continue reading

Two really simple things Microsoft can do to make Windows more secure against NSA

Thanks to Edward Snowden and journalists at Der Spiegel, today we learned about Tailored Access Operations (TAO), NSA’s world-class hacking team. There was a lot of interesting information in that article (like how they divert shipping of electronics to a secret warehouse where they can modify it to install backdoors!).

But I’m just going to talk about how they use Microsoft error reports to gather private information about Windows computers that can be used to compromise their security — a problem that’s trivially easy for Microsoft to fix.

Continue reading

How Mailpile can implement opportunistic PGP email encryption

mailpileFor those wanting to decentralize the Internet and encrypt all the things, Mailpile is a hot topic.

What’s Mailpile?

Mailpile is a web-based email client (like Thunderbird or Outlook, not to be confused with a service, like Gmail) that you install locally and access by opening http://localhost:33411/ in your browser.

The goal of Mailpile is to give everyone all the nice features they’re used to with Gmail but that you don’t get with a traditional email client, like labels, conversations, and really quick search. You can use Mailpile to check any email address (including your @gmail.com one).

Continue reading

Don’t Succumb to Security Nihilism

You might have read today’s shocking Guardian and New York Times articles outlining the many ways that NSA and GCHQ have defeated crypto on the Internet, and have influenced tech companies to insert back doors into their commercial security products.

But pay close attention to this paragraph in Guardian’s article:

The agencies have not yet cracked all encryption technologies, however, the documents suggest. Snowden appeared to confirm this during a live Q&A with Guardian readers in June. “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on,” he said before warning that NSA can frequently find ways around it as a result of weak security on the computers at either end of the communication.

Giving up and deciding that privacy is dead is counterproductive. We need to stop using commercial crypto. We need to make sure that free software crypto gets serious security and usability audits.

If we do this right we can still have privacy in the 21st century. If we give up on security because of this we will definitely lose.

It’s 2013. We’re all being spied on. Why do security software websites not use HTTPS?

Update: This post made the frontpage of reddit and many of the comments are wrong. I took a moment to clear a couple things up at the bottom of the post.

We desperately need to work towards deprecating HTTP and replacing it only with HTTPS. The web is a huge part of what billions of people use the Internet for, and still most of it is not encrypted. Since the Snowden leaks started getting published we’ve learned that NSA and GCHQ spy on as close to the entire Internet as they can get.

It would be naive to think that the US and UK are the only governments doing this too. The network isn’t safe, and the only way to make it safe is to encrypt all the things. Websites that still use HTTP are putting users in danger. Here are a couple of examples.

Continue reading

Despite Google’s statement, they still have access to your wifi passwords

UPDATE: The Android bug tracker isn’t the correct place to ask Google to fix this bug. The backup/restore feature is part of the proprietary Google apps for Android, not the open source Android project. This thread on the Google product forums is the correct place.

Earlier this week Ars Technica covered a bug report I posted on the Android issue tracker about the “Backup and restore” feature not offering encrypted backups.

Because there’s no option to encrypt your backup data on your Android device with a passphrase that you set, Google has the capability to see the plaintext data, including all your saved wifi passwords. Google can then be compelled to give up this data (and any other user data that they store) to the US government when requested to do so.

Continue reading