MIDDLEBURGH

Middleburgh Xmass Rituals

As a non-christian, indeed pagan family, our christmass rituals merely give the nod to Xmass rites.ie at my wife's Winter Solstice Office Party (a chinese thing which coincides seasonally) whilst everyone else attempted to eat their own weight in raw fish and noodles, I partook of a full turkey meal with chestnut stuffing and sprouts. The sprouts are done to perfection - just like mum's. And for starters Whilst everyone else contented for the sliced meats I had a huge terrine of chicken chopped liver pate all to myself- as someone pointed out - gwaillo food!.

The company was pleasant and we consoled a Macanese girl who is planning to visit Portugal and Spain in January whilst her boyfriend travels alone to England - apparently he is a Chelsea fan - could be worse (Man United) - fortunately his father is an Arsenal supporter. As is the norm at these events I tend to zone out when conversation switches to cantonese and I spent a good 30 mins trying to decide whether there was a bra or bustier amongst the laundy hanging outside a flat across the road.(I wasn't wearing my glasses) Anyway the question was not whether they were in the Victoria Secrets Catalogue but whether it was a substitute for a Santa Claus Present Sock - it certainly looked big enough.. and the flats in HK do not have chimneys.....

After we came home as I do each year I seasonally upgraded my PC this time from "Hardy Heron" (8.04) to "Jaunty Jackalope" (9.10) and reapplied the secuity software..

• SELINUX runtime. basically tightens up access controls:
• CHKROOTKIT and RKHUNTER.Rootkit Checkers: Looks for trojans and the like:
• UFW firewall.
• Tripwire : checks the digital signitures of files to verify they have not been altered
• AvastVirus checker:
• Truecrypt enfile encrypyion
• SimpleBackupSuite Just for data files etc - well would be silly not to

Rivetting stuff this !! I subscribe to the concept that a secure PC is one which is disconnected both from the net and power,and is dissassembled and sealed in a secure time vault in perpetuity. Nor do I believe in the myth that linux systems are more secure than Windows or are any less likely to being compromized . Frankly if my system was compromized I would simply reinstall.

This Xmass I am also playing with the concept of "one time" computers, SSH tunneling, Darknets and such like. Two of my offspring recently voiced concerns about who can "track" them on the web and security of their bank data.

"One time computers" is related to the model of one time passwords (sort of) .Imagine a situation where your PC was booted up and run in memory from "clean" read only media, ie USB drive or Live CD room not contaminated with malware such as keyloggers or trojans. There are two consequences

• When you power off the PC, provided nothing has been written to disc (ie no save session or persistance used!!) there will be no forensics on the PC (the network is a different story!!)
• The next time you reboot you effectively have a "fresh install" ie if you were unfortunate to pick up some malware and load into memory during your last session it was killed when you previously powered off.

Now on the internet it's a given that everyone and his mother can and does sniff your packets and maintain logs.(doesn't it just conjour up images of peepers and knicker sniffers) In countries such as China strict monitoring and filtering of internet traffic is comprehensivly practiced by the authourities "to maintain social order". In the West a varient on this argument requiress ISP's under anti terrorism legistlation to keep logs etc for up to 7 years (depending on legislation) and in some counties even logs of transiting traffic originating from and going to territories outside their juristiction.And this is without all the crooks who are looking to steal identitities, account and card numbers etc .

There are three things to consider

• encryption of outgoing and incoming data so that no one knows what you are reading or writing
• how anonymous you are ie ie even if you were reading/writing something "questionable" does it matter if you can't be identified.? (The converse is if they don't know what you are reading/writing does it matter if they know who you are?)
• what's accessable about YOU on social media sites

These talk to different concerns - so addressing them in reverse.

How much of yourself you expose on a social media site is down to you - but it is generally recognised that most people expose more of themselves than is "wise". The metaphor to follow is that you are overweight - bloated in fact; Do you want to make an obsense exhibition of youself in public showing off all the saggy bits ?? The bigger problem however are your "friends" They are so indiscrete!! They will point out where all the saggy bits are !! The trick is to fully control your content and utilize the privacy options available in your social media site. For examp;le don't expose or respond to your friends comments on your site (or post comments on their site). Facebook recognises it has privacy issues but arguably is in denial about the scale of the problem. In a society where 1 in 3 is overwight , that has CCTV cams on every lamp-post you get acclimatized to zero privacy.

As to surfing anonymously, consider: when on the net you need an IP address for requested data to find its way back to you.However someone can identify you, your PC; location, company, service provider etc from this address (which is why you should be behind a firewall and a proxy and have your browser setting set appropriately). Personally on those occasions I want to hide my IP address I use the TOR button on firefox. This basically encapsulates and routes my traffic arround the TOR network. There are lots of other anonymizing tools/services about: Would I trust them - Unlikely!

As to data encryption the Chinese authorities believe it is more important to restrict access to content rather than to identify content consumers or publishers (although if they can black jails and prosecution for posessing state secrets are an option). This recognises the reality that making a "user" anonymous is much easier than hiding content. By definition content must be found and readable otherwise it is not useful, and if you can block it, it is equivalent to silencing the author. This is where SH tunneling and VPNs come ito play. Popular tools to access blocked content from China are Freegate and some of the alternatives listed here. FYI the Firewall blocks downloads from official sites; downloads from other sites may be hacked and the authorities throw consoiderable resources at defeating this tools.

Of note however is Freenet, free software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in "darknet" mode, where users only connect to their friends, is very difficult to detect. I came away from the freenet tour feeling somewhat "grubby" and in need of a shower . The experience was rather like going to Ballyfermot and tripping over Islamic radicals, Holocaust deniers and pediphiles. (maybe I took the wrong tour)

The consensus is that if you want to access "forbidden" content from China (or somewhere similar) you are best doing in it via a paid VPN connection to a server outside china. This of course means that over New Year I will be looking at running a VPN server on my hardened Linux box

a footnote

This site lists sites blocked in china. Most western social media sites are not accessable and recent statistics indicate the facebook user base is "limited"

I don't trust electronic banking or shopping over the internet - not because I am worried about my systems - I worry about theirs !!!

Posted at 12/24/2009 04:28:00 pm by David Middleburgh   Permalink

|