l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
June 4: Social gathering 		Next Installfest:
Saturday, January 26th 		Latest News:
Mar. 22: Slides from "Making Predictions Using Linux and R" talk 		Page last updated:
2002 Jun 25 14:27

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

 Report this post as spam:

(Enter your email address)
Re: [vox] secure diary thoughts
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] secure diary thoughts

well then never mind.

-- Andy

--- ME <dugan@passwall.com> wrote:
> Nope. I dont see a way to do it in *NIX land or other OS
> from my
> experience. The system(s) has(have) to be "secured"
> before the docs
> created/composed on the system can be "secure".
> 
> The local sysadmin can arrange for local access to
> memory, and can trojan
> any application. SSH does *nothing* for securing a host.
> The only thing
> that SSH tries to do is to "provide a more secure
> connection across an
> insecure network." The assumption is that you have both
> hosts secured from
> outsiders. Either host being comprimised means increased
> risk to the other
> machine.
> 
> From direct access to memory, plain-text version for
> things can be pulled
> out. From trojaning an application, anything can be
> pulled as well. AT
> some point (even apps that encrypt data stored in memory)
> there is a
> plain-text version floating around in the system during
> authentication. (We are talking things like ssh here.)
> 
> If a document was created on a "trusted system" with
> something like 
> PGP/GnuPG/whatever and then transported to the other
> system, then you have
> better security, than composing on the remote system with
> either of the
> above  when you cannot trust the admin on the remote
> system.
> 
> There is another rule that does apply to remote sessions
> on untrusted
> machine (but does not apply *everywhere*) "Physcial
> access if complete
> access" If you can see it on the remote machine, they
> (the rmeote
> server admin) can too. (For example, ttysnoop can watch
> terminal sessions
> even if ssh is used.)
> 
> Even people who carry around PDAs and store data in
> encrypted format often
> do not have "secure" storage. Many have been "hacked" as
> a plain-text copy
> of the key to lock/unlock the data can be left stored in
> a section of
> memory. (Physical access rules!)
> 
> Even if you trust the present admin, *when* the machine
> is rooted, can you
> trust the would-be computer crinimal/cracker? All it
> takes is a weak
> service and/or an explot or a local shell user with some
> experience and
> some setuid apps that have holes.. or... ]:>
> 
> I welcome counter examples to secure items composed on a
> server where the
> admin of said server cannot be trusted.
> 
> -ME
> 
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++)
> U++++$(+$) P+$>+++ 
> L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS
> !PE Y+ !PGP
> t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++
> h(++)>+ r*>? z?
> ------END GEEK CODE BLOCK------
> decode: http://www.ebb.org/ungeek/ about:
> http://www.geekcode.com/geek.html
> 
> On Tue, 25 Jun 2002, andy wergedal wrote:
> > from the local system admin.
> > 
> > --- ME <dugan@passwall.com> wrote:
> > > Secure from what? Secure from whom?
> > > 
> > > On Tue, 25 Jun 2002, andy wergedal wrote:
> > > > How would you create a secure diary on your local
> > > machine
> > > > or on a server?
> > > > 
> > > > I thought about a free shell account and using ssh.
> > > > 
> > > > your thoughts...
> > > > 
> > > > -- Andy
> > > > 
> > > > =====
> > > > 
> > > > 
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Yahoo! - Official partner of 2002 FIFA World Cup
> > > > http://fifaworldcup.yahoo.com
> > > > _______________________________________________
> > > > vox mailing list
> > > > vox@lists.lugod.org
> > > > http://lists.lugod.org/mailman/listinfo/vox
> > > > 
> > > 
> > > _______________________________________________
> > > vox mailing list
> > > vox@lists.lugod.org
> > > http://lists.lugod.org/mailman/listinfo/vox
> > 
> > 
> > =====
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! - Official partner of 2002 FIFA World Cup
> > http://fifaworldcup.yahoo.com
> > _______________________________________________
> > vox mailing list
> > vox@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox
> > 
> 
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox



__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox
LinkedIn
LUGOD Group on LinkedIn 		Sign up for LUGOD event announcements
Your email address: 		facebook
LUGOD Group on Facebook

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

 Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.