DOD releases Secure Linux Operating System

DOD releases Secure Linux Operating System

distrowatch.com

Lightweight Portable Security (LPS) is a Linux-based live CD with a goal of allowing users to work on a computer without the risk of exposing their credentials and private data to malware, key loggers and other Internet-era ills. It includes a minimal set of applications and utilities, such as the Firefox web browser or an encryption wizard for encrypting and decrypting personal files. The live CD is a product produced by the United States of America's Department of Defence and is part of that organization's Software Protection Initiative.

(visit the link for the full news article)


Related News Links:
www.spi.dod.mil

A) Windows users please take note that you OS is anything but secure.

B) Why in the hell would the US DOD make their secure OS public? Sure the open source community can help improve the software, but is this a move you take when you want security?

C) Is this secure OS designed as bait? Perhaps the DOD has designed and embedded their own double agent software. It is entirely possible for an operating system to generate an activity report and send it off. This kind of thinking may be considered a little paranoid, but you can't trust anything these days.

As you all may know the scientists at CERN and FERMI labs have a version called Scientific.See : distrowatch.com...
This I understand making public, however I have to question the security risk for making you secure OS public.

We all know about the US Government having security issues in the past, and Linux/Unix is a big step in improving security. I just think making it public is a mistake.

What does ATS think?

Slappie

distrowatch.com
(visit the link for the full news article)

it doesn't sound very secure as it recommends regular rebooting to ensure that any malware that may have crept into the system is removed, its main use will be for pr0n browsing since there will be no trace left behind on the machine to incriminate the person

They aren't making public anything special.

This, like so many other Linux packages, is just a collection of common features with a theme.

Nothing groundbreaking or even terribly unique.

Is it just me or does it always seem like the government for all it's wealth, resources and importance, is running a decade behind the enemies it claims to be fighting when it comes to simple consumer level tech?


Posted Via ATS Mobile: m.abovetopsecret.com

reply to post by assspeaker


Give the public the tools to make them feel and think that they are secure and invisible when in fact, keyword or certain activities get auto flagged by the OS itself, where activities triggering flags will chirp back to the DoD or any other relevant interest all the nitty gritty on the machine being used, the flags triggered, your location, and any private data available, including the stuff you think you've encrypted.

YUP.

Your 'secure' OS conveniently provided by the people that watch you, is, um, watching you.

Originally posted by thisguyrighthere
They aren't making public anything special.

 

Posted Via ATS Mobile: m.abovetopsecret.com

 

Thanks for you opinion.

Just their recommended secure Operating System. Perhaps it is not so different from other secure designs, such as INCOGNITO. But are you suggesting that this distro can not be hacked once it is reverse engineered? I am not saying the OS is the end all for security, I am just suggesting that making it public does NOT follow good security practice.

Well it's not really new, the NSA played a role in developing the SELinux policy and code back in 2003 already.

LPS was released in 2011 itself.

Originally posted by Druscilla
reply to post by assspeaker

 

Give the public the tools to make them feel and think that they are secure and invisible when in fact, keyword or certain activities get auto flagged activities will chirp back to the DoD or any other relevant interest all the nitty gritty on the machine being used, the flags triggered, your location, and any private data available, including the stuff you think you've encrypted.

YUP.

Your 'secure' OS conveniently provided by the people that watch you, is, um, watching you.

^This^ is perhaps the goal. The thing is, very few people will go to the trouble of even testing this Linux based OS. I'm going to steer clear of this one, just cause I don't trust.

If the source code is available for all pieces of the OS, rest assured that many Linux admins and programmers will dig into it and find anything that's suspect. These determinations should be made by those that have the knowledge and experience to make them (ie, it would be silly for non-programmers to write it off as suspect simply because of organization that released it).

If there is any part of the OS that is compiled and the source isn't provided, do not use it. That doesn't go for releases just by the DoD, but ANY *nix based OS. Any competent admin will know this already, especially when it comes to customer Linux distributions.

If you are not technical enough to make these determinations, skip it. It's just common sense, regardless of who distributed the OS.

While there is plenty of corruption in our government, one must remember that normal people also work for government agencies. Not everyone in this world is looking to subvert the masses. The US government does have a vested interest in creating and releasing a "secure" OS, potentially for use by its own employees, and if for that purpose back doors would sort of defeat the purpose.

I'm very curious as to what information comes out once hackers have a chance to pull this apart and do some network packet traces while using the OS.

An update has been released, but LPS (the public version) has been around for a bit.

www.linuxjournal.com...

If you want a lightweight distro that runs in RAM and you don't trust LPS, use Puppy or TinyCore or DSL. No big deal.

Originally posted by assspeaker


A) Windows users please take note that you OS is anything but secure.

B) Why in the hell would the US DOD make their secure OS public? Sure the open source community can help improve the software, but is this a move you take when you want security?

C) Is this secure OS designed as bait? Perhaps the DOD has designed and embedded their own double agent software. It is entirely possible for an operating system to generate an activity report and send it off. This kind of thinking may be considered a little paranoid, but you can't trust anything these days.

As you all may know the scientists at CERN and FERMI labs have a version called Scientific.See : distrowatch.com...
This I understand making public, however I have to question the security risk for making you secure OS public.

We all know about the US Government having security issues in the past, and Linux/Unix is a big step in improving security. I just think making it public is a mistake.

What does ATS think?

Slappie

distrowatch.com
(visit the link for the full news article)

Actually from recent studies, Linux and Mac OS's are only marginally more secure than windows XP, the reason they seem more secure is because Windows has the biggest market so it is targeted much more, plus the fact that the average windows user has no clue about security, updating and privacy hazards. while the average Linux user usually knows a bit about computers and security.

reply to post by Wolfie0827


Linux is more secure because you have software repositories and practically do not download executables from a myriad of sources. Furthermore the programs you use under Linux are open source, meaning that not only can people find security holes much easier but they can fix them themselves as well.

In the Windows world the source code is closed, you need to do fuzzing or reverse engineering in order to find security holes, and then rely on the manufacturer to fix it at his convenience, or not. Furthermore Windows upto XP was never really designed as an internet platform and the file and privilege security implementations are more than poor. Funny to see how they're starting to do with Vista and W7 what is best practice on Unix machines since forever.

So all in all it's not only the market share that makes Windows less secure. Owning a Windows box is generally much easier than a Linux one. Of course the user plays a huge role.

In the end, there is no system that could not be compromised one way or the other.

ETA: By speaking of it .. just saw this exploit method today with fast-track .. you simply create a payload, enter a url and it clones the website for you, and all you got to do is send your victim a link to click. The site looks totally legit, except there's this lil java thingy popping up asking you to run an applet, and as soon as you hit OK it executes a binary, bypasses your AV engine and does whatever the payload is designed to, and there's a binary for Windows as well as Linux and Mac OS, so basically nowadays with the fancy pentesting tools it boils down to being an educated user and acting in a safe manner in order to stay safe

Originally posted by Maxatoria
its main use will be for pr0n browsing since there will be no trace left behind on the machine to incriminate the person

So in reality this is more likely a special Secret Service distribution rather than all DOD branches.

Originally posted by assspeaker
The live CD is a product produced by the United States of America's Department of Defence and is part of that organization's Software Protection Initiative

So DOD ripped out all previous government backdoors and exploits and now they "own" the kernel and TCP/IP stack all to themselves? Am I supposed to feel safer about this?

Tell you what, I'd feel a lot safer if DOD were involved in something that was *defense* related. Like maybe releasing the 9/11 footage of the pentagon attack -- or -- perhaps releasing obama's real documents.

This isn't an OS.. it's a joke.. even by Linux standards. It's just a very scaled down system designed for netbook type computers.. not much more than your smart phone - without the phone.

Sure, for security issues they have some good ideas thrown in but none of these technologies are new ideas to Linux. Anyone could have thrown this system together. The reason why the DOD did it was they wanted something their field ops could use that was more secure than a standard pc with hard drive storage. And the fact they didn't have to spend an arm and a leg outfitting this to all of their ops.

I can take ANY Linux distro scale it down and give it this same functionality. There really is nothing extra special about this. It's mostly just hype because the DOD was involved in putting it together.

Wanna see a real good non Linux distro ( that runs Linux software), check out PCBSD 9.0 Isotope. it's free of course and based on BSD technology. BSD was " The Other Split" from Unix. Like Linux it's a fork of Unix. This system is also very secure because hardly no one knows it exists.

reply to post by JohnPhoenix


Isn't BSD all the rage right now? I've been seeing it everywhere.Oh wait, I must be a nerd. A number of routers can run BSD as well.

Why such a public display since this has been around since.......

'Alpha version, released 21 March 2007'

See the Change Log...

www.spi.dod.mil...

Maybe because Anonymous has just released its own operating system: Anonymous-OS?

www.abovetopsecret.com...

What might happen if you could run one inside the other (and vise versa)?

Counter Security Counter