PaulyD

​Can someone walk me through this? I have tried for the past two days, to get both Mint 15 and Ubuntu 13.04 to install /boot to an SD Card. I keep getting "grub-install failed" errors. I've done this before with Ubuntu 11.04 when I had Windows on the first partition, but on this fresh disk, I get the error. The SD is fine, GParted can work on it, no problem. I'm stuck. ​ ​As an alternate, can I just copy /sda1 (DD?) to the MicroSD and then delete sda1? I think I'd need to edit fstab, correct? ​ ​Also, anyone know how to change the encryption from AES to Twofish? No alternate .iso's for the latest builds, and 12.04 LTS uses CBC instead of XTS. (lvm2?) ​ ​Thanks guys.

Ok, we've all seen Darren and Kos go after Android. My question is, how do you tech users protect your phone while out and about...while keeping high tech usability? I'm going to list my setup and I'd like to see where you guys see vulnerability. I know it will be worse than a stock phone, but how bad? Galaxy Nexus running a custom AOSP based ROM (Rasbean Jelly 4.2.1). Franco kernel. Rooted, with SuperSU and Busybox installed. TWRP Custom Recovery. Bootloader locked, but unlockable within OS with BootUnlocker App. JB encryption enabled with a 16 character, full ASCII, non-dictionary password using every character type. Pre-boot password changed with EncPassChanger App, to 35 characters, same as above. Debug off. All Developer Options off. All permissions removed from adb in system/bin on the phone. I wish Darren would go over protection as well as exploitation, more. Thanks!

Awesome, thanks for weighing in on this. Looking forward to what you come up with when you find the time. Pauly

Thanks for the reply. The server has USB access for a number of things. DumpIt (among other things) could be run, unfortunately. I'd love to JB Weld all the USB ports, but can't :) DumpIt That's why int0x80's USB Attack Code was interesting.

Nope, nothing illegal, just a privacy advocate. CISPA passed the US House, and it will only get worse. Full disk crypto is useless on an always on server. I've seen int0x80 post here occaisionally, so maybe he'll see this. Thanks.

I have to run Windows on a few boxes (one of them an always on server) and am looking for some anti-forensics ideas similar to what int0x80 discussed in his talk at the Louise and his bash scripts on Github. Right now I've got CCleaner, Bleachbit, Clean After Me, and USB Oblivion kicking off as scheduled tasks. Each one runs 6 hours after the other. I've also got BCWipe v5 running Transparent Wiping (any user or system delete calls go through it's driver, and receive a one pass psuedo-random wipe) and an encrypted Swap. I'd love to get a few more ideas from any Windows users...especially for attacking unknown USB devices and generating thousands of dummy files of varying sizes (encrypted). Thanks.

I disagree with this part. If I tunnel a VPN over Tor, all the exit node see's is the encrypted tunnel...much the same as what an ISP would see from a regular VPN connection. How are you thinking the exit node is breaking OpenVPN? PD

The guys that don't make mistakes...haven't been caught. There are a lot more members of these groups, than the 5-10-15 that have been caught recently. If you do it right, you're chances are good. Unfortunately, doing it 'right', every time, all the time is hard. It's exactly the opposite of physical security. Normally the good guys have to be right 100% of the time...whereas the bad guys have to only get lucky once. In this case, you are in the good guy role and have to be perfect...LE just has to get lucky. If you tunnel a paid for in cash or Bitcoin VPN through Tor, the VPN doesn't know you, and the exit node can't sniff you. If you pick the right VPN, in a privacy friendly country, there is nothing to 'give' to the friendly detective. Heck, Riseup, based out of Seattle, has fought, and won, in the courts, over protecting their users...and that's in the land of the National Security Letter. Never from home...never. You're going to have to put miles on your car. And never from the same place twice. The full weight of the USA still took 10 years to find OBL...so I'm not fully convinced of their omnipotence. The Sabu thing is a perfect example. He screwed up and they got his address. He screwed up again and they sniffed his true MAC. Big boy rules...you can never screw up...ever...and that's a hard thing not to do. PD

If you're going to stick to a removable drive, TrueCrypt is the most popular solution. If you want to do your Linux install, a dm-crypt/LUKS LVM install, with /boot on a USB or SD Card is what I do. If you want two factor authentication, get a Yubikey and set one of the slots to 'Static Password' mode (slot 1 is easiest to use). Memorize a 32 character pass phrase and put a 32 character random string (generated with KeePass, for example) into the Yubikey. Right now in the US, the courts are 50/50 with compelling a user to reveal a pass phrase, so splitting it up between your brain and the Yubikey is a good practice...the Yubikey Nano is easily 'lost' :D PD

If there is indeed 2 USB ports: https://www.yubico.com/yubikey-nano ? But is logging in 'dismounted' and then docking, really a problem? YubiKey looks like the solution. PD

Mullvad here. Takes Bitcoin. So does Air. PD

For Windows Users: I wonder how Defense Wall would handle the USB? It quarantines all USB drives by default. It does really well on all the tests I've seen (as in 100%). Not 64bit though. PD

Yeah, physical access is a killer to almost everything. The container containing the hidden container is "out there" to grab, true...but in the case of the Hidden OS, getting that container (2nd partition) from a powered down laptop, is a little tougher. I'm thinking some sort of malware for the former...but the latter requires you to 'not know where your laptop is', multiple times. You can security tape the laptop shell, and grind out the phillips head slots and fill with JB Weld if you want...no more upgrades though :) PD

The CO case will hopefully be overturned on appeal. Another fact in that case was that the lady was given complete immunity. Now, that judge was still a freedom hating moron, but who knows if he would have ruled the same had she not been given immunity. You don't need to remember 3 good pass phrases....just one, for the Hidden OS. The other two are expendable and don't have to be massive. You can add or delete from the Hidden Volume with no worries, where did you see that? Writing to an unprotected Outer Volume can damage the Hidden, but that's it. A variation I'm working on now is to boot only off of external media...if not, it boots into an unencrypted Windows install...why advertise at the checkpoint, if you don't have to. PD

Tormail would be first, you can even set up Thunderbird. http://www.tormail.net Privat DE Mail would be next. http://privatdemail.net/en/ Riseup.net, but they require an application and a long wait. Running your own server can be free with hMail Server http://www.hmailserver.com/ or Axigen Mail Server http://www.axigen.com/mail-server/free/ Or you can pay about $100 once and get something like Ability Mail Server http://www.code-crafters.com/abilitymailserver/ No-IP.com offers free MX records. Countermail seems great too, but is it $60 a year, or once? There is COTSE.net, again for pay. All but the first 3 are about privacy, not anonymity, so combine the two: Tormail for anonymous messages, and the rest to keep BigGov out of your mailboxes...cuz they're in there, no doubt...Hotmail/Live Mail don't even charge LE to snoop. PD