I've tested LPS in the past. Their primary goal is to provide access to your "enclave" (remote access services offered by your command) while leaving no trace on the local machine. So you could be staying at the Omni Hotel in Belgrad and still check your command email from their business center.
As a practical matter, it verges on completely useless for any serious business. Note the screenshots don't include evidence of Citrix running, or even a web browser. There's no package management. You couldn't install it if you wanted to. As I recall, I never got networking up. That was a snapshot release from ... March, I believe.
I'm glad to see someone in US government working on desktop Linux. I would love to say goodbye to Windows XP. That said, for the advertized purpose, I've found an Ubuntu thumbdrive much more practical.
Hardware can be easily rigged. A keylogger can be installed on the real keyboard to capture the typing when LPS is running. It's better to carry Dod issued Netbook to do secure business.
The article doesn't specify what distinguishes this from a regular liveCD Linux distro. My guess is that the DoD has hardened the included kernel (possibly included SELinux) and curated the included packages for security, but article doesn't say. It also doesn't specify what if any special configurations it has made to the standard included packages to make this more secure.
One thing that distinguishes it, from the article, is that it doesn't mount the machine's hard drive.
Anyone can do essentially what they're doing just by using a live CD. They've gone a bit beyond that by not mounting the hard drive as noted, and whatever other changes they've made that the article doesn't specify.
I'm really curious to know what this was originally designed for.
It has consumer-friendly "Windows XP" style UX and the user it logs into isn't root/sudo.
This all leads me to conclude the original purpose of this tool was for "normal people" to use, and so I'm left wondering whether it was for agents or informants to be able to communicate back to the mothership securely.
If this was for security personnel or those performing forensics on evidence, there wouldn't be cutesy UX and it would be logged in to root. If this was for 'rank and file' staff in CIA/FBI offices, they wouldn't need a portable distro.
This is intended for rank and file staff of the DoD (as a DoD product) to use along with their CAC to connect to various DoD sites using CAC authentication. The theory is that you can load this onto a thumb drive or CD, take it and a CAC reader with you and plug both into any internet connected computer, providing you with a simple terminal for mundane office tasks (read: email).
Even if the hardware isn't compromised, the OS running in RAM can be taken over as easily as a disk-based system can. It's just that the OS will be reset and 'cleaned' when the machine is rebooted.
The spi.dod.mil server is clearly overloaded and downloading this is difficult.
Can anyone who's downloaded this give us an MD5 hash on the files as I'm going to try to download this from a mirror (why the DoD hasn't published an official MD5 for these I don't know)
My thoughts were "That's probably a great project, but no one is going to use it because they'll be worried about a back door." Although it couldn't be that hard to find one - log traffic on startup, see if it makes any requests to servers not requested by the user. Unless the theorized back door is better hidden, such as by introducing a vulnerability into its SSL implementation (and whatever other encryption tools for network traffic it uses) that makes it much easier to decrypt intercepted traffic (not sure how viable that would be; it's not my field of study).
Like the concept but kind of sketches me out that they're that good at running systems in RAM after reading about how stuxnet does exactly that. Take a little give a little I guess
[+] [-] niels_olson|14 years ago|reply
As a practical matter, it verges on completely useless for any serious business. Note the screenshots don't include evidence of Citrix running, or even a web browser. There's no package management. You couldn't install it if you wanted to. As I recall, I never got networking up. That was a snapshot release from ... March, I believe.
I'm glad to see someone in US government working on desktop Linux. I would love to say goodbye to Windows XP. That said, for the advertized purpose, I've found an Ubuntu thumbdrive much more practical.
[+] [-] ww520|14 years ago|reply
[+] [-] burgerbrain|14 years ago|reply
If you're expecting Citrix... you're probably not in the target audience.
[+] [-] DaveMebs|14 years ago|reply
[+] [-] astine|14 years ago|reply
[+] [-] sixtofour|14 years ago|reply
Anyone can do essentially what they're doing just by using a live CD. They've gone a bit beyond that by not mounting the hard drive as noted, and whatever other changes they've made that the article doesn't specify.
[+] [-] dotBen|14 years ago|reply
It has consumer-friendly "Windows XP" style UX and the user it logs into isn't root/sudo.
This all leads me to conclude the original purpose of this tool was for "normal people" to use, and so I'm left wondering whether it was for agents or informants to be able to communicate back to the mothership securely.
If this was for security personnel or those performing forensics on evidence, there wouldn't be cutesy UX and it would be logged in to root. If this was for 'rank and file' staff in CIA/FBI offices, they wouldn't need a portable distro.
[+] [-] Jtsummers|14 years ago|reply
[+] [-] afhof|14 years ago|reply
... except if the underlying hardware is compromised.
[+] [-] vannevar|14 years ago|reply
[+] [-] delinka|14 years ago|reply
http://www.spi.dod.mil/lipose.htm
but the server looks busy.
[+] [-] jwcacces|14 years ago|reply
[+] [-] dotBen|14 years ago|reply
Can anyone who's downloaded this give us an MD5 hash on the files as I'm going to try to download this from a mirror (why the DoD hasn't published an official MD5 for these I don't know)
[+] [-] Jtsummers|14 years ago|reply
MD5 and SHA256 hashes, from the DoD of all people.
[+] [-] killerswan|14 years ago|reply
[+] [-] RocknRolla|14 years ago|reply
[+] [-] aninteger|14 years ago|reply
Or the DoD could always go back to helping OpenBSD :)
[+] [-] dsl|14 years ago|reply
[+] [-] mcantelon|14 years ago|reply
[+] [-] sorbus|14 years ago|reply
[+] [-] jsherer|14 years ago|reply
[+] [-] ndefinite|14 years ago|reply
[+] [-] Rusky|14 years ago|reply
[+] [-] 4J7z0Fgt63dTZbs|14 years ago|reply