No subject
Tue Jun 21 04:55:03 PDT 2011
with rules that block them from spying on people and groups without
evidence that a crime has been committed. They say these rules, forced
on them in the 1970's and 80's to halt abuses, now prevent them from
infiltrating mosques and other settings where terrorists might plot.
At the same time, federal and local police agencies are looking for
systematic, high-tech ways to root out terrorists before they strike. In
a sense, the scuba dragnet was cumbersome, old-fashioned police work,
albeit on a vast scale. Now officials are hatching elaborate plans for
dumping gigabytes of delicate information into big computers, where it
would be blended with public records and stirred with sophisticated
software.
In recent days, federal law enforcement officials have spoken
ambitiously and often about their plans to remake the F.B.I. as a
domestic counterterrorism agency. But the spy story has been unfolding,
quietly and sometimes haltingly, for more than a year now, since the
attacks on the World Trade Center and the Pentagon.
Some people in law enforcement remain unconvinced that all these new
tools are needed, and some experts are skeptical that high-tech data
mining will bring much of value to light.
Still, civil libertarians increasingly worry about how law enforcement
might wield its new powers. They say the nation is putting at risk the
very thing it is fighting for: the personal freedoms and rights embodied
in the Constitution. Moreover, they say, authorities with powerful
technology will inevitably blunder, as became evident in October when an
audit revealed that the Navy had lost nearly two dozen computers
authorized to process classified information.
What perhaps angers the privacy advocates most is that so much of this
revolution in police work is taking place in secret, said Cindy Cohn,
legal director of the Electronic Frontier Foundation, which represented
Reef Seekers.
"If we are going to decide as a country that because of our worry about
terrorism that we are willing to give up our basic privacy, we need an
open and full debate on whether we want to make such a fundamental
change," Ms. Cohn said.
But some intelligence experts say that in a changed world, the game is
already up for those who would value civil liberties over the war on
terrorism. "It's the end of a nice, comfortable set of assumptions that
allowed us to keep ourselves protected from some kinds of intrusions,"
said Stewart A. Baker, the National Security Agency's general counsel
under President Bill Clinton.
Tearing Down a Wall
The most aggressive effort to give local police departments unfettered
spying powers is taking place in New York City.
It was there 22 years ago that the police, stung by revelations of
widespread abuse, agreed to stop spying on people not suspected of a
crime. The agreement was part of a containment wall of laws,
regulations, court decisions and ordinances erected federally and in
many parts of the country in the 70's and 80's.
The F.B.I.'s spying authority was restricted, and the United States'
foreign intelligence agencies got out of the business of domestic spying
altogether. States passed their own laws. On the local level, ordinances
and consent decrees were enacted not just in New York but also in Los
Angeles, Chicago, San Francisco and Seattle. In the years since, these
strictures have "become part of the culture," Mr. Baker said.
But the wall is under attack. Last month, a special appeals court ruled
that the sweeping antiterrorism legislation known as the U.S.A. Patriot
Act, enacted shortly after the September 2001 attacks to give the
government expanded terror-fighting capacity, freed federal prosecutors
to seek wiretap and surveillance authority in the absence of criminal
activity. In Chicago last year, a federal appeals court threw out the
agreement that restricted police surveillance. Some officials in Seattle
would like to follow suit, saying they are effectively sidelined in the
terrorism war.
In New York, the Police Department has sued in federal court in
Manhattan to end the consent decree the department signed in 1980 to end
a civil rights lawsuit over the infiltration of political groups.
Attorney General John Ashcroft and New York's police commissioner,
Raymond W. Kelly, say the wall is a relic - unnecessary and, worse,
dangerous. David Cohen, the former deputy director of central
intelligence who is now the Police Department's deputy commissioner for
intelligence, argues that the consent decree's requirement of a
suspicion of criminal activity prevents officers from infiltrating
mosques.
"In the last decade, we have seen how the mosque and Islamic institutes
have been used to shield the work of terrorists from law enforcement
scrutiny by taking advantage of restrictions on the investigation of
First Amendment activity," Mr. Cohen said in an affidavit.
The police in other cities cite the same need. "We're prohibited from
collecting things that will make us a safer city," said Lt. Ron Leavell,
commander of the criminal intelligence division of the Seattle police.
Mr. Cohen did not argue in his affidavit that the authorities, if
unshackled, could have prevented the Sept. 11 attacks. But he did
suggest that the F.B.I.'s failure to dig more deeply into the
information it had before the attacks turned on agents' fears that they
could not climb the wall.
"The recent disclosure that F.B.I. field agents were blocked from
pursuing an investigation of Zacarias Moussaoui because officials in
Washington did not believe there was sufficient evidence of criminal
activity to support a warrant points out how one person's judgment in
applying an imprecise test may result in the costly loss of critical
intelligence," Mr. Cohen said.
Mr. Cohen has also asked that his testimony before the federal court be
given in secret, unheard even by opposing lawyers. Last week, a judge
told New York City that it needed to present better arguments to justify
such extraordinary secrecy.
Civil libertarians, frustrated that they cannot draw the other side into
a debate, argue that questions about the need for such expanded powers
are critical, and far from answered. "Who said you have to destroy a
village in order to save it?" asked Jethro Eisenstein, one of the
lawyers who negotiated the original consent decree. "We're protecting
freedom and democracy, but unfortunately freedom and democracy have to
be sacrificed."
Even the police are far from unanimous about how intrusive they must be.
The Chicago police, who have been free from their consent decree for
nearly two years, say they have yet to use the new power. The Los
Angeles police have made no effort to change their guidelines.
"I have not heard complaints that the antiterrorist division has been
inhibited in its work," said Joe Gunn, executive director of the Los
Angeles Police Commission.
A joint Congressional inquiry into intelligence failures before Sept. 11
concluded that the failures had less to do with the inability of
authorities to gather information than with their inability to analyze,
understand, share and act on it.
"The lesson of Moussaoui was that F.B.I. headquarters was telling the
field office the wrong advice," said Eleanor Hill, staff director of the
inquiry. "Fixing what happened in this case is not inconsistent with
preserving civil liberties."
`It Smacks of Big Brother'
The Congressional inquiry's lingering criticism has added impetus to a
movement within government to equip terror fighters with better computer
technology. If humans missed the clues, the reasoning goes, perhaps a
computer will not.
*****
How to: Data security for Linux power users
By Thomas C Greene in Washington
07/11/2002 - https://theregister.co.uk
*****
(we ran the first security howto on this topic in issue #10 of
security-news)
A couple of months ago I wrote a security howto for Linux newbies, the
goal of which was to help people achieve decent security using easy and
safe techniques. Now it's time to address you power users out there, by
which I mean people comfortable with the command line, using a text
editor from the console, and tweaking configuration files -- people
confident enough in their ability to recover from unpleasant surprises
to take a bit of risk with their systems in the interest of securing
their data and their privacy.
I'll get into the Linux home network soon in a forthcoming article with
our John Lettice. For now I'll concentrate on data hygiene and on-line
anonymity. Why? because your Linux box is literally peppered with data
traces indicating the Web sites you've visited, the files you've
uploaded and downloaded, and every file you've recently accessed. You
think encryption is the way to go? Think again. It's only as private as
your passphrase is strong. It may be impractical for a remote attacker
to crack it, but a brute-force attack is quite plausible for someone who
has physical possession of your box and plenty of time. Like a police
forensics lab, say.
We used to worry chiefly about people in neurotic countries like China
and Saudi Arabia, where the mere possession of forbidden information or
politically inconvenient materials can result in criminal action. But
now, in the wake of the 9/11 atrocity, we in the enlightened West have
narrowed the gap. In Europe there is a movement underway to mandate data
retention for all carriers. In the USA electronic surveillance orders
which used to require a judge's approval are now available for the
asking. Black bag jobs are going mainstream. Librarians have been
conscripted into rat duty for the Ashcroft/Ridge Black and Tans, and
risk prosecution if they so much as whisper about the loathsome things
they're now forced to do in the name of Homeland Security. A recent
report by the FISA (Foreign Intelligence Surveillance Act) court of
appeals found that the FBI had lied like children about their evidence
on over seventy recent occasions to get surveillance warrants they
weren't entitled to, and that all happened before 9/11. Western
governments are exploiting 9/11, making every move towards
authoritarianism that they can get away with, and will only continue to
test the waters and grant themselves ever more authority to regulate our
lives and supervise our private affairs. The convenient myth of
cyber-terrorism is never far removed from the rhetoric of bureaucrats
and politicians. The momentum is all wrong, and building steadily.
So for these reasons we need strict data privacy and on-line anonymity.
Unfortunately, the Internet and the personal computer are designed for
the storing and exchanging of data, not for its security. You think your
Linux box is somehow more secure than a Windows machine? Think again.
The beauty of Linux is its modularity; but this is also its curse. There
are so many possible configurations that securing it is considerably
more challenging than securing Windows (though the ultimate result will
be better if you know what you're doing). Therefore we'll be dealing
with only one filesystem, only one browser, only one desktop. To attempt
more would require me to write a book, not an article.
Forget journaling
Everyone is talking about the journaling file systems for Linux: ext3,
ReiserFS, XFS and JFS, etc. If uptime is job one for you, these are the
way to go (my personal faves from a performance POV are Reiser and JFS,
incidentally). But if security and data hygiene are your priorities,
then there is only one way to go: ext2.
The journal is a little treasure chest of data about your data. Get rid
of it. Now, Reiser, XFS and JFS are designed for performance, and they
really do deliver -- JFS in particular IMHO. But consider that they need
memory and that this is a significant performance issue for Linux. Some
of what you'll lose in data access speed will come back to you in the
form of freed RAM, so it's not quite as sad a choice as some would have
you believe. Furthermore it is rock solid. But yes, ext2 is generally
slower and takes forever to recover from a crash. But if security is
your first priority this is a no-brainer.
I'll be providing a few homebrew tools for secure data wiping below, but
I really can't recommend them on any other filesystem. Unless you're
using ext2 you won't be able to exploit them fully.
KDE
I use KDE, as I hope all you happy Tuxers out there do. If you don't,
then I'm not going to be able to help you as much as I'd like; but read
on anyway -- there's a lot you can use below.
KDE stores an absurd amount of data. Did you think that by disabling the
recently-accessed files menu on your desktop via the KDE Control Center
you'd no longer have a record of them stored on your machine? I hate to
break it to you but KDE dutifully records all of it in a directory
called /home/youraccountname/.kde/apps/share/RecentDocuments. Just wipe
everything in that directory and change its permissions to read-only.
Problem solved.
Oh, but there is so much more. Go to
/home/youraccountname/.kde/share/apps/ and start nosing around. The
sub-directories I'd be most concerned with here are /RecentDocuments,
/kbear, /kcookiejar, /konqueror, /krusader, and /noatun. In /konqueror
you'll find several files, some of which need to be opened and given
the 'select all/delete/save' treatment and their permissions set to
read-only, in particular faviconrc and konq_history.
I assume you're not foolish enough to bookmark 'dangerous' sites, so
leave bookmarks.xml alone for convenience. You can always use Google as
a way of avoiding bookmarking and of avoiding typing in the browser's
address bar when you're surfing on the wild side. But I can't recommend
konqueror as a secure browser because I haven't figured out where it
keeps your URL address-bar history (greping for this is going to take
days on my machine, sorry), and cookies are not as easily managed as
with Mozilla, which we'll be dealing with in detail presently.
I haven't used kbear but I suspect that the directory will contain all
the details of your uploading and downloading history, so get into that
subdirectory and start reading, and if this info is stored give each
file the 'select all/delete/save' treatment and set the permissions to
read-only. Do the same for any suspicious file in any of the
sub-directories mentioned above. /noatun has a file called
splitplaylist.xml which can get you into incredible hot water if you've
ever opened a KP flick accidentally during your neverending pr0n quest.
Now go into /home/youraccountname/.kde/share/cache and do exactly the
same as I described above: delete text and change permissions with a
vengeance. If you're one of those devil-may-care studs who works
exclusively from the root account, then just do all this in
/root/.kde/etc...
'Zilla
I have a longstanding love/hate relationship with Mozilla. I use it
exclusively and accept it willingly, warts and all. It is buggy. It is
also quite easy to configure for maximum data privacy and on-line
anonymity. But of course you do have to configure it. Let's assume
you've installed the latest stable build (and if you haven't, you
should). Here are my tips for making it tolerably secure:
Go to Edit/Preferences in the drop-down menus and do a thorough
walk-through along these lines. Start with Navigator/History. Select
zero for "Remember visited pages for the last X days." Clear the
location bar history, and come back and do that often. Now go to Helper
Applications and disable everything. Next go to Smart Browsing and
disable everything. Go to Downloads and tick "Don't open anything."
Next go to Mail & Newsgroups and disable everything. Kmail is the only
client I recommend for the home user. It imports gnupg easily and
defaults to a plain-text display which thwarts worms and malicious
scripts. Stick with it unless you really know what you're doing.
Now head into Privacy & Security and start with Cookies. Choose "Enable
cookies for the originating site only" which thwarts third-party
advertisers, and set "Limit maximum lifetime" to "Current session only."
Don't worry about cookie-borne passwords, which will be lost whenever
you close the browser. You can save some of them (not crucial ones like
those for your bank accounts) with the Password Manager. You definitely
don't want cookies piling up on your machine. They can reveal your
entire browsing history. While you're mucking about here go to "Manage
stored cookies" and delete all of them. Do this regularly.
Now go to Images and restrict them to those originating from the Web
site you're visiting. Magically, a score of irritating advertisements
will disappear from your surfing experience. This is also excellent for
those times when you want to use the Google cache as a proxy. You won't
be fetching images from the ultimate target site and you will therefore
not show up in their server logs.
When accessing controversial sites it's always a good idea to search via
Google and to view only cached pages. This prevents the site name from
appearing in your bookmarks, URL history and favicons list; and the
Images trick above prevents you from making direct contact. Restricting
your cookies to the originating Web site means that only Google will
plant one; and setting them to expire with each browser session will
prevent the notorious Google cookie from swelling and storing your
comings and goings over time.
Now go to Pop-ups and reject. Go to Forms and do the same: forget about
storing this data; it's evil.
You can go to Passwords and store those that aren't important. For
example, my login information for the New York Times is stored. Of
course my NYT profile identifies me as a 76-year-old Ethiopian
grandmother of eight with a keen interest in fine wines and fast cars
;-)
Now go to Advanced and disable Java. Go to Advanced/Scripts & Plugins
and disable everything there. If you need to use these viral items you
can enable them temporarily but you should run without them as much as
you can.
Now go to Cache. Enable the memory cache and give it as much as you can
reasonably spare. Set the disk cache size to zero. While you're about
it, click on the button to clear the disk cache. (Later we'll verify
that it's empty and make it a read-only file.) The cache is important;
it can store immense volumes of your surfing history including images,
some of which may be verboten. It is possible in the USA and other
neurotic nations to bust any poor bugger for KP possession merely on the
basis of images stored in the browser cache. That you may have been
deceived into following a link to some sicko Web site will do you no
good in court. Child-protective hysteria reigns and you need to protect
yourself from it.
Finally, go to Networking/Debug and disable the disk cache and enable
the memory cache. I don't know what effect this has but it seems
prudent.
With this setup you're going to have problems with aggressively viral
Web sites like MSN and Hotmail which demand all sorts of access to your
machine in exchange for the privilege of visiting them. You will have to
adjust your cookie, Java and JavaScript permissions for each visit and
then restore them when you're finished. You can create a separate
profile for occasional unsafe browsing if you wish. Or you can just stay
away from these sites, which is what I do. If I can't access a Web site
with tight browser settings, then I figure the site in question doesn't
need my business. If enough people did this they'd soon ease up on their
Java, JS and ActiveX requirements.
Now, Mozilla will have graciously recorded your entire http and ftp
download history, so we'll need to deal with that. Go to
/home/youraccountname/.mozilla/yourprofilename/whatever the next
directory is and find downloads.rdf. Give it the old select
all/delete/save treatment and make it read-only. Have a look at what's
inside history.dat and history.mab. If you don't like what you see, do
the same with them. Now go to the subdirectory /Cache and wipe
everything inside it. Make this directory read-only too. Snoop around in
the /.mozilla directory tree and wipe and/or make read-only any file or
directory that makes you even vaguely uneasy. Don't just delete
directories. Many of them may be re-created by the application (this is
true for KDE too). It's better to empty them and make them read-only.
Some files may also have to be present for the app to run properly. Here
again, deleting the contents and making it read-only is the better way
to go.
For information on using proxies for additional on-line anonymity, and
numerous other tips, see our previous Linux security article.
One last tip: your bash history is a significant convenience that I
would hate to see you do without. But pay attention to your commands.
Ones like shred -z /home/me/docs/atomic_bombmaking.pdf or
DaddyRapesSister.avi are not particularly healthy to keep in history.
When it comes to file wipes the GUI is actually safer, and I would
recommend using Krusader so there's no history of which files you've
shredded.
Wiping
Now we have a few problems. For maximum security I advise using a
non-journaling fs, and I also advise strapping on extra RAM in lieu of
using a swap partition. Of course we can wipe the swap partition
occasionally; and we can wipe the unused space on our active partitions.
Unfortunately there's nothing I know of that will securely wipe the file
slack-space on an active Linux fs (readers feel free to come to the
rescue here); but I have dashed off three shell scripts which will
securely wipe, according to your needs, an entire disk and its contents,
only the unused space on an active disk, or a swap partition. I would
like to have integrated the script which wipes free space with the one
which wipes the swap partition, but the former can be run safely in the
background while the disk is in use, while wiping the swap partition may
cause applications to crash. It needs to be run separately from the
console with nothing else going on. Obviously, wiping an entire disk is
something you do from a boot floppy or from a separate HDD in
preparation for a new tabula rasa sort of installation.
These routines take an incredible amount of time, up to 48 hours for an
entire disk of say, 40GB. With the WipeFree script we're overwriting the
unused disk space in /root, /var, /home and /tmp with random data, and
then overwriting that with zeroes to conceal the fact that we wiped it
in the first place. With the WipeAll script we're devastating an entire
HDD in basically the same way, but overwriting all data. With the
WipeSwap script we're eliminating the contents of an entire swap
partition, but I do recommend setting up a Linux box with no swap
partition if you can afford enough RAM. I am not aware of any Linux app
that absolutely requires disk swapping, though with Windows several will
fail to load without disk swapping no matter how much RAM you have
(e.g., Photoshop).
Each of the scripts would be quite easy to run from the command line.
There's no magic here. I'm not a programmer and I don't play one on TV.
I've scripted them simply for convenience. For example, you might wish
to run WipeFree.sh before going to bed and expect to rise after it's
finished. If you did the same from the command line you'd have to wake
every three hours or so to switch directories.
There are caveats for WipeFree.sh. There is no wiping of file slack
space. Using it on a journaling fs is not secure since the journal
maintains data about your data. Even using it on an non-journaling fs is
only effective if you're truly paranoid and proactive. Your own bad
habits can easily defeat it. And then there's the slack space problem.
'Trust nothing, fear nothing' is the best security mantra I can offer.
In any event you can download the utilities here. If anyone (like a real
programmer, say) wishes to assist me in improving them, by all means
please contact me. ®
***************************************************************
Security-news <security-news at resist.ca>
Good computer security is no substitute for good sense!
To sub or unsub - http://resist.ca/mailman/listinfo/security-news
***************************************************************
More information about the security-news
mailing list