Archive for the ‘privacy’ Category

Anonym.OS in action


anonym.os screenshot
Since this picture didn’t seem to make it into the Wired article, I thought it would be nice to post it here for those who haven’t yet booted Anonym.OS.

kaos crew
I also really liked this picture from our photo shoot, though it didn’t make it to print. Great idea, decent execution. Kinda captures the spirit of Anonym.OS, wouldn’t you say?

Technorati Tags: , , ,

Anonym.OS now available!


For those that didn’t see us at ShmooCon, our Anonym.OS presentation went off superbly! Unfortunately, it seems that there have been problems downloading the ISO via SourceForge. Out of approximately 21,000 download attempts, it seems that only a few have been successful. :-(
Although it looks like the image is now slowly propagating across all of the SF mirrors, we’ve set up a torrent at so that everyone can grab a copy now.

Look forward to everyone’s feedback — get it, use it, and tell us what you think!

Technorati Tags: , , , ,

Why am I so upset?


You know, I am excited about ShmooCon. In fact, I’m very excited. That said, I’m also a bit sad, as digunix pointed out a conflict of interest that’s left me unresolved…

You see, we’re scheduled to speak at the con on Saturday, Jan 14th at 3pm. Unfortunately, shortly after we got notification that our talk was accepted, The Shmoo updated their schedule and much to my dismay, my friend Jon Callas is also speaking at the same time on the same day. Herein lies the problem — no matter what happens, I’m bound to be a little frustrated by the outcome.

Jon Callas, as many of you might know, is the CTO of PGP. He’s a security rockstar and a damn brilliant fellow. Plus, he’s one of The Shmoo. So, if everyone attends his talk instead of ours, well, I’ll be sad. Conversely, because Jon is a friend of mine (and someone who’s opinions and skills I have tremendous respect for), if people attend our talk instead of his, I’ll be sad. Further, this means that I’m going to miss his talk while I’m giving mine! :(
Maybe, best case scenario, we’ll both get half of each other’s crowd, and the attendees of each talk can move between the two rooms at regular intervals. Hey, I can dream, right? And hell, 3pm’s a great time slot — much better than having the slot right after lunch, or at the end of the day, or early Sunday morning for that matter!

Technorati Tags: , , , ,

Join us at ShmooCon 2006


Final speaker selections for ShmooCon 2006 were announced yesterday and we’re on the list! Currently scheduled to talk at 3pm on Saturday, Jan 14th, we’ll be discoursing on privacy and security and introducing the first public version of Anonym.OS, our own Live CD designed to automagically anonymize and encrypt all ingress and egress traffic on any PC, anywhere!

Our presentation will introduce Anonym.OS, describe its goals and the fundamental underlying technologies, demonstrate it for the audience (an OpenBSD LiveCD that really works, w00t!), follow up with a Q&A session, then conclude by providing links to download all source and ISO images. We will also distribute as many copies of Anonym.OS on CD as we can burn the night before. :)

Technorati Tags: , , ,


KaosFu at Shmoo?


Well, I finally managed to submit kaos.theory’s response to the ShmooCon 2006 CFP on Monday. Assuming we get selected, we hope to introduce one of our more exciting projects, which, though still under development, shows significant promise as a security and privacy tool for really paranoid people… like us. :-)

Technorati Tags: , , ,


Armor Your Palace


A guide to securing your home and home network with inexpensive hardware, open source software and about 8 hours of dedicated time. This is a living document, updated on a regular basis to reflect additional best practice methodologies, tips and tricks as they become available.

In this guide, we will walk you through the process of building and configuring security systems to protect your home and home/office network through the use of motion-sensing digital security cameras, advanced firewalls, intrusion detection systems, and realtime notification mechanisms.

In a mere eight hours, we will endeavor to build and configure a moderately sophisticated wired and wireless home or office LAN with a DMZ for public-facing services, strong ingress and egress filtering for all connected subnets and a realtime risk management console with live monitoring and alerts by email and/or telephone!

Technorati Tags: , , ,


MD5 in Head-on Collision


Via Schneier:

Two researchers from the Institute for Cryptology and IT-Security have generated PostScript files with identical MD5-sums but entirely different (but meaningful!) content.

Ok, so this really is a pretty amazing demonstration of MD5 collision, as it uses two PostScript files (both available for download) which render two vastly different documents but both produce the same MD5 hash. Scary.

In this example, however, note that the files used are PostScript files, and as one commenter at Schneier’s page suggests:

The drawback of this attack is that the proof of bad intent lies within both documents. That is your “evil” content exists within the “innocent” document and vice versa, so that if the documented is opened in a text editor you can realize what is going on.

The overview by Magnus Daum and Stefan Lucks is very good and I highly recommend that you pull down their example files and see this firsthand.

This blog will self destruct in 5… 4… 3…


Ran across an interesting idea for a self destructing server that essentially entails auto-burning a CD and rebooting to securely wipe the drives on a server containing sensitive information:

“My idea is to keep a blank CD-R in the drive of the server at all times. On [a] hard disk there is an ISO file that is written to the CD-R on demand and then the server is rebooted. The server will ignore the blank CD-R during reboots until it is written with a valid image. The contents of the ISO needs to be a boot loader and kernel, like Grub and Linux plus a file system with a wipe program. The wipe program is started once the kernel is booted and it iterates through the collection of hard drives, which the kernel found during the boot process, and writes over them with a pattern.”