"Lightweight Portable Security (LPS), created by USA's Department of Defense, is a small Linux live CD focusing on privacy and security, for this reason, it boots from a CD and executes from RAM, providing a web browser, a file manager and some interesing tools. LPS-Public turns an untrusted system into a trusted network client." Complete with backdoor so they can spy on all of us I'm sure!1!!
Post a Comment
Member since:
2009-05-23
Member since:2010-08-13
Member since:2008-11-19
Member since:2006-01-21
Member since:
2007-11-23
Wow, "encryption tool" screenshot is the most funniest and hilarious thing I've seen by far in this US DoD context, really.
USA would *never* allow their services or citizens to encrypt files with unbreakable algorithm. Instead, they provide them with tool that they can control, with the cipher they can decrypt ... what a coincident!
Also, IIRC, USA has some serious "export of cryptography" issuess, which also proves it right, eh?
http://www.bis.doc.gov/encryption/
USA as a whole has a very unique ability to make me laugh almost everytime I read about it or hear some rediculous news regarding USA.
Member since:2011-01-28
marcp,
"Also, IIRC, USA has some serious 'export of cryptography' issuess, which also proves it right, eh?"
This indeed was a serious problem with US government controlling encryption. It was covered under munitions laws. It resulted in the exact opposite of the intended effect. Developers were forced to do all cryptographic research and publications outside of the US.
This was obviously a stupid policy on multiple levels, but it was no doubt the result of having stupid politicians making choices without first consorting with more knowledgeable subject mater experts.
However the government has gotten the sense to relax most encryption restrictions.
(From the top of your link)
"On June 25, 2010, the Bureau of Industry and Security published amendments to the encryption provisions of the Export Administration Regulations (EAR). These amendments remove many items from control as encryption items. They also reduce or eliminate review and reporting requirements for many more items that remain controlled as encryption items."
Member since:2005-09-22
The encryption tool is actually called eWizard. The free version uses 128-bit AES which is "technically" breakable but still computationally infeasible. In addition to just a passphrase or keyfile, it can also use the certificates and keys stored in a user's smart-card for the encryption keys.
Member since:
2005-07-06
(and others) I recall similar comments when SELinux was put out by the NSA, but now it's a standard component of the Linux kernel. Eat crow, already.
The article implies that this distribution isn't so much for public consumption, anyway. It's for government workers:
That last part looks intriguing.
(Edit: used wrong word. Then I misspelled the right word. 'Tain't my day today.)
Edited 2011-07-23 12:46 UTC
Member since:
2007-04-13
Member since:2005-06-29
The only issue I think it might have with security is the fact that it uses proprietary binary software. The article mentions Flash 10.3 and the Nvidia binary driver, and there may be more. Since the source code for those binary-only blobs cannot be vetted, I would suspect them of being possible vectors for intrusion before the open source parts. If I remember correctly Flash was a successful vector in at least one Pwn2Own contest. That said, I think it's highly unlikely given the overall focus on keeping the distro secure.
Member since:2006-07-14
Member since:2005-07-05
Member since:2005-06-29
Huh? I never said "all open source software would be better", nor do I feel that way, at least in the context you provide. My point was that open source software can be fully vetted, whereas proprietary binary software cannot. Therefore, in the context of this article, I feel there are some unavoidable security weak points due to the use of closed-source software.
As far as whether open source or proprietary software is a better choice for usability, that is left up to the particular user. My own experience has been that there are some applications that just don't have a superior F/OSS counterpart yet. Until there is a better open source version, I'm stuck using the proprietary one if I want full functionality. Thankfully, that is a rare condition.
EDIT: And my sleep deprived brain just realized what you actually meant, that for this particular distro, fully open source would be better but may not be feasible due to the very limitations I just blathered about above. Sorry about that!
I'm going to bed now; no more sleepy-posting I promise.
Edited 2011-07-26 07:14 UTC
Member since:
2006-04-18
Member since:
2006-01-21
Did the portable personal security linux distro. first and with a much cooler name
http://tinfoilhat.shmoo.com/
Edited 2011-07-26 15:59 UTC