Archives

Want to avoid wiretaps or questionable search and seizure? Try a secure computer on USB

Everyone wants a certain comfort level, especially with computers. You like finding your programs on your system. You want your bookmarks in FireFox or your buddy list on Instant Messenger. What if you were able to do carry all of this on a USB thumb drive? In fact, what if you were able to bring your entire “computer” with you on a USB memory stick? How could you hope to secure it against viruses, keystroke loggers, or even un-trusted/hostile networks? What about other users poking around for your files, or maybe reading your emails?

Not long ago, I watched a show on Bravo called “Flipping Out” (actually my wife watches, and I’m in the room… honest.) where the protagonist, Jeff Lewis’ computer was changed by an employee, and Jeff couldn’t use anything. Sarah Jessica Parker’s character in “Sex and the City” had a nervous breakdown when she had to go to a new computer. The success of the Geek Squad, and a quick Google search for Computer Help show it’s a big problem. Microsoft made a big deal of their Windows Easy Transfer upgrade process from Vista to XP. You should be able to see where a “portable” computer could be useful, especially if you travel a lot. I’m talking smaller than just a laptop.

One of the earlier “modern” portable OSes was a minimized Linux distribution designed to fit on a CD. Knoppix was one of the first “computers” compacted enough to be portable with features like OpenOffice, web browsers, and email access expected in a recent desktop. However, the security provisions were originally lax. Now, with Virtual Machines (VM) from VMWare, Xen, and Microsoft all the rage, you’d expect several possibilities. I’d like to discuss one in particular, designed completely around security.

A few of the guys from the Cult of the Dead Cow, the security researchers/hackers that released Back Orifice to Microsoft’s dismay in the 90′s, started a quest for a secure portable computing system. Steve Topletz created xB as a result of this work, and demonstrated the product at DefCon 15. The description of the product from the xB website:

“xB Machine is the Secure Virtual Workstation™ that provides a safe computing environment for personal, professional, and corporate use. It is the ultimate user security and privacy tool, and the flagship of the XeroBank product line-up. Use it for safe and anonymous internet, surfing, email, encrypted messaging, and financial transactions. Put your computer in your pocket by placing xB Machine on a flash drive; thanks to virtualization technology it will be the same no matter where or on what computer you run it.”

So what does a system like this give you? Probably not much unless you’re paranoid, but the idea is nearly complete anonymity. The encryption on this system is stronger than what the NSA requires for Top Secret information. In fact, the Advanced Encryption Standard cryptography should be sufficient protection for the next 20 years. This protects against immediate disclosure of the system in case of a lost or stolen key. There is also a zeroize feature, where if you enter a password the entire key will erase itself. The software pre-loaded on the system also pushes anonymization, as well as network connections incapable of snooping.

From what I’ve seen, the system takes care of data at rest, in transit, and in use. The only thing I can think of is sharing data appropriately. There are devices on the anonymous TOR network that could allow secure file transfer through SFTP. There are applications for this work, although its release makes Intelligence collection (think terrorists) nearly impossible when used. Then again, newspaper advertisements work even better. Anyone seen Breach? In using the system, my observation is its speed is a bit slow. But think about what you get. How paranoid must you be before you find this necessary?

Why would someone create such a cloak and dagger machine? We live in a capitalist society, and although this does contribute to the security body of knowledge, my guess for the real reason for the system: sales of the high speed XeroBank anonymous network connections. Everyone has their motives, and people will pay especially when it comes to security.

Share

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>