[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] hardened *nix for Lenovo X60



On Mon, Aug 26, 2013 at 9:09 AM, Eugen Leitl <eugen@xxxxxxxxx> wrote:

>
> I've managed to lay my hands onb a couple of Lenovo X60's that are
> in pretty good shape and would like to use them as a moderately secure
> communication/development system. (I'm not trusting my desktops,
> servers or mobile devices for obvious reasons). I'm loath to modify
> the hardware at this point, so I expect to only flash coreboot
> upon it.
>
> What kind of security-minded Linux or *BSD would you guys
> recommend? Liberte looks a bit too stable (cough, sorry ÐÐÐÑÐÐ)),
> Kali is more for security h4x0rs. Anything else what is well-maintained
> yet borderline secure from *untargeted* TLA-level scrutiny?
>

as a general rule (older and more experienced minds can and probably will
disagree with me) any consistently updated *nix based OS (and by extension
*BSD) are safe against untargeted scrutiny. From what we know the various
TLAs have network taps, and so internet communication is where you are
vulnerable. changing network habits (to impede statistical analysis), and
using tor and a handful of other tools (tor, especially as a relay, and OTR
messaging come to mind first) you can minimize what the TLAs can gather on
you, but not stop it entirely. on the other hand a sudden spike of
encrypted traffic may make you more interesting from their point of view.

>
> I'm okay with text-mostly distros, or minimalistic window
> managers. It shouldn't be a kitchensink of stuff I don't need,
> but on the other hand it's shouldn't be so secure it's
> unusable, either.
>

if you feel paranoid enough and have enough time to learn it you might
think about Gentoo Linux, only source is distributed, so all packages are
compiled in stiu, and are (theoretically) free of malware.

>
> Pointers to any HOWTOs or SOPs highly welcome. Tanks & machine guns.
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk