Silk Road forums

Discussion => Security => Topic started by: phubaiblues on June 21, 2011, 03:55 am

Title: linux on usb flash drives + tor + gpg
Post by: phubaiblues on June 21, 2011, 03:55 am
I know many are using virtual machines.  I've used virtualbox in the past, but last few days, I'd been trying different distros of real bare bones linux on a flash/pen drive.  I tried slax and puppylinux, as I'm used to puppy, but had trouble, as always, getting the wireless set up...this time I tried xpud, as it's a lot like the chromeos, except it's FF instead of Chrome...Wireless was great...*first* time ever, I've had zero problems w/wireless on *any* linux distro...

It made even more sense to me, than a virtual machine again, since this little fucker is easy to thro away, or hide 'on ones person' as the jailbirds say ;)  I could just about eat it, if I had to, and would be real easy to get rid of, in a pinch...and all I use on it are tor, and gpg and other stuff limited to this thing...nothing else, so it's always separate.  LIttle 4gb sucker is perfect, with encryption and dropbox...

I wondered if anyone else was doing that, or am I missing something vital?
Title: Re: linux on usb flash drives + tor + gpg
Post by: kkkkkiiii on June 21, 2011, 03:58 am
If you don't use virtualization you can't adequately isolate firefox from Tor.
Title: Re: linux on usb flash drives + tor + gpg
Post by: phubaiblues on June 21, 2011, 08:26 am
If you don't use virtualization you can't adequately isolate firefox from Tor.

Why wouldn't it be pretty much the same thing...are u saying a virtual machine will provide more of a buffer, than a usb with another OS?  Not arguing, trying to figure out which is best, but still handy enough I can use at library or coffee shop...there's only one transaction I need to be in gpg anyway, so I probably could just keep TOR on flash, and then use VM for most of the time...
Title: Re: linux on usb flash drives + tor + gpg
Post by: techlord on June 21, 2011, 10:03 am
If you don't use virtualization you can't adequately isolate firefox from Tor.

Why wouldn't it be pretty much the same thing...are u saying a virtual machine will provide more of a buffer, than a usb with another OS?  Not arguing, trying to figure out which is best, but still handy enough I can use at library or coffee shop...there's only one transaction I need to be in gpg anyway, so I probably could just keep TOR on flash, and then use VM for most of the time...

Definitely not the same thing. The basic idea behind securing Tor browsing through a VM is to put the user's system in a sandbox. Even if an attacker were to be able to gain command-line access through a vulnerability in Firefox, Flash or JAVA, they still wouldn't be able to ascertain the victim's IP address, look at their file system or gain access to any other personally-identifiable information.
Title: Re: linux on usb flash drives + tor + gpg
Post by: Tokin' Minority on June 21, 2011, 02:53 pm
you may want to check out TAILS.
tails.boum.org
Title: Re: linux on usb flash drives + tor + gpg
Post by: phubaiblues on June 21, 2011, 06:19 pm
Quote
you may want to check out TAILS.
tails.boum.org

That's so funny: All weekend trying to *make* something like this, and I'd never stumbled on TAILS.  Was trying to build from scratch in Puppylinux or xpud, and here it was, all along...totally grateful for the tip, as I was like a dog with a bone, trying to make one, and kept having problems... :)

I'll probably put a vbox w/linux and just have both, as I agree safer to not sit at home at a certain point in transaction...gotta stay mobile anyway...

Thanks for tips and info.  I love messing with this stuff.  Sad truth, tho, is one bad seller with an addy, and it wouldn't matter *how* much security I'd put in there.   But it might at least slow down the attacks, and they'd go for easier targets.  Thanks again!
Title: Re: linux on usb flash drives + tor + gpg
Post by: g4bb3r on June 21, 2011, 07:20 pm
VirtualBox to isolate TOR and OpenBSD x64 as the guest OS. Can't get much more secure than that.
Title: Re: linux on usb flash drives + tor + gpg
Post by: Tokin' Minority on June 21, 2011, 07:49 pm
This may seem like a lot of extra work just to receive an eighth of the wacky tobaccie in the mail, but one can mitigate the risk posed by a "bad seller" by using po box (with fake id), or safe drops, as discussed elsewhere in this forum.

Another option is proxy re-shipping service such as one offered by Rook. combine all three to be even safer.

oh, the things we have to do just to get a lil high ... :)
Title: Re: linux on usb flash drives + tor + gpg
Post by: phubaiblues on June 23, 2011, 05:19 am
This may seem like a lot of extra work just to receive an eighth of the wacky tobaccie in the mail, but one can mitigate the risk posed by a "bad seller" by using po box (with fake id), or safe drops, as discussed elsewhere in this forum.

Another option is proxy re-shipping service such as one offered by Rook. combine all three to be even safer.

oh, the things we have to do just to get a lil high ... :)

I like your thinking: this is the area seems when there are problems, it happens here at the end.  All the virtual machines and tor and everything else, can't protect you from sloppy endings.   I think most smalltime buyers need to pay much more attention to this than I hear discussed...that, and the age old weakness that puts most people away: talking too much to people that 'don't need to know.'