Subgraph OS — Secure Linux Operating System for Non-Technical Users

Information security and privacy are consistently hot topics after Edward Snowden revelations ofNSA's global surveillance that brought the world's attention towards data protection and encryption as never before.

Moreover, just days after Windows 10's successful launch last summer, we saw various default settings in the Microsoft's newest OS that compromise users' privacy, making a large number of geeks, as well as regular users, migrate to Linux.

However, the problem is that majority of users are not friendly to the Linux environment. They don't know how to configure their machine with right privacy and security settings, which makes them still open to hacking and surveillance.

However, this gaping hole can be filled with a Debian-based Security-focused Linux operating system called Subgraph OS: A key solution to your Privacy Fear.

Subgraph OS is a feather weighted Linux flavor that aims to combat hacking attacks easier, even on fairly low-powered computers and laptops.

Subgraph OS comes with all the privacy and security options auto-configured, eliminating the user's manual configuration.

Security-focused operating systems do exist, but they are often very resource intensive and can be run only on specific hardware. They are also a real technical challenge for users who don't know the advanced techniques required to get a secure operating system running.

Why Should You Install Subgraph Linux OS?

Subgraph OS offers more than just kernel security. The Linux-based operating system comes with a slew of security and privacy features that its developers believe will be more accessible to non-technical users.

The OS also includes several applications and components that reduce the user's attack surface. Let's have a close look on important features Subgraph OS provides.

1. Automated Enhanced Protection with Application Sandboxing using Containers

A security feature called Oz is possibly the most interesting feature of Subgraph OS. Oz is a system for isolating programs so that if an attacker exploits an application security vulnerability, the rest of your machine and your network will remain largely unaffected.

'Oz' makes this possible by delimiting the permission applications have to other parts of the computer, so that when an attacker compromises the security hole in any application it does not allow any malicious activities to take place.

2. Mandatory Full Disk Encryption (FDE)

Subgraph OS offers Full Disk Encryption by default; thus making it a mandatory step for its users to cling on to the security.

Full disk encryption enables a shadow of encryption to protect your hard disks, preventing your data even if your hard drive got misplaced or fell into the wrong hands.

Additionally, Subgraph OS also wipe off the memory when the system is shutdown in an effort to defend the Cold Boot Attacks.

Cold Boot Attacks are a type of side channel attacks that take the advantage of data that resides in the DRAM and SRAM cells for few seconds soon after Power OFF.

3. Online Anonymity — Everything through Tor

Subgraph OS routes all your traffic through the TOR anonymity network by default, making it difficult for attackers to figure out the actual physical location of their targets. This would ensure the endpoint security.

4. Advanced Proxy Setting

Application's transmission to the outside world is carried out via Metaproxy application, which would facilitate to identify the legitimate connections.

Since every application does not come preconfigured to communicate through TOR, Metaproxy relays outgoing connections via TOR without having to configure proxy settings for each application.

5. System and Kernel Security

Subgraph OS is also hardened by Grsecurity – a set of patches that are designed to make Linux kernel's security vulnerabilities like memory corruption flaws far more difficult to exploit.

Support of 'PaX' would be an extra topping of security that aid with least privilege protection for memory pages. This would make security vulnerabilities such as buffer overflow and memory corruption flaws in applications and the operating system kernel difficult to exploit.

6. Secure Mail Services

As everything is concerned, Subgraph OS includes Subgraph Mail that integrates OpenPGP to let users send and receive encrypted/signed messages using PGP/MIME.

Subgraph Mail service is designed in such a way that makes PGP key management and sending/receiving of encrypted email easy for everybody.

Subgraph Mail is also secure – Unlike Data security, authentication and integrity verification are implemented in such a way that even if some parts of the application are compromised, a hacker still would not have access to the rest of your emails or encryption keys.

Additionally, there is no need to execute commands in a terminal window or install plug-ins. Web browser support is deliberately left out of the mail client to eliminate Web exploits from within mail.

7. Package Integrity

Subgraph OS also provides an alternative way to trust the downloaded packages. The packages are to be matched against the binaries present in the operating system's distributed package list, thus becoming a finalizer.Recently Backdoored Linux Mint hacking incident is an example to this.

Thus, Subgraph OS eliminates the usage of any tampered or malicious downloaded packages.

Comparison Between Subgraph OS and Qubes OS

Subgraph OS has some similarities to Qubes OS – Another Linux-based security-oriented operating system for PCs.

Unlike Subgraph OS that isolates individual applications on a more granular level, Qubes OS typically runs different isolated domains inside different virtual machines – one for your work, one for your personal use and more.

Subgraph OS doesn't isolate networking and USB stacks or other devices and drivers, but Qubes OS does.

Also, Subgraph OS uses Xpra for GUI virtualization, which is less secure than Qubes GUI protocol, but has some usability advantages like seamless working clipboard.

Subgraph makes use of Netfilter hooks to redirect app-generated traffic into TOR network and to allow the user to see and control app-generated traffic, but Qubes OS uses separate service Virtual Machines (Proxy VMs like TorVM) to intercept traffic.

As the list goes on... Subgraph would be a treasure for the privacy lovers.

How to Download Subgraph Os?

Subgraph Os will be available for download via its offical website. Let's wait for the operating system to get unveiled in Logan CIJ Symposium conference in Berlin on March 11-12 to experience the Cyber Isolation!!!

How to Steal Secret Encryption Keys from Android and iOS SmartPhones

Unlike desktops, your mobile devices carry all sorts of information from your personal emails to your sensitive financial details. And due to this, the hackers have shifted their interest to the mobile platform.

Every week new exploits are discovered for iOS and Android platform, most of the times separately, but the recently discovered exploit targets both Android as well as iOS devices.

A team of security researchers from Tel Aviv University, Technion and The University of Adelaide has devised an attack to steal cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other highly sensitive services from Android and iOS devices.

The team is the same group of researchers who had experimented a number of different hacks to extract data from computers. Last month, the team demonstrated how to steal sensitive data from a target air-gapped computer located in another room.

Past years, the team also demonstrated how to extract secret decryption keys from computers using just a radio receiver and a piece of pita bread, and how to extract the cryptographic keyjust by solely touching the chassis of the computer.

Side-Channel Attacks

According to the researchers, the recent exploit is a non-invasive Side-Channel Attack: Attack that extracts the secret crypto key from a system by analyzing the pattern of memory utilization or the electromagnetic outputs of the device that are emitted during the decryption process.

The exploit works against the Elliptic Curve Digital Signature Algorithm (ECDSA), a standard digital signature algorithm that is most widely used in many applications like Bitcoin wallets and Apple Pay and is faster than several other cryptosystems.

How to Steal Secret Encryption Keys?

During the experimental hack, the researchers placed a $2 magnetic probe near an iPhone 4when the phone was performing cryptographic operations.

While performing cryptographic operations, the security researchers measured enough electromagnetic emanations and were able to fully extract the secret key used to authenticate the end user's sensitive data and financial transactions.

The same hack can be performed using an improvised USB adapter connected to the phone's USB cable, and a USB sound card to capture the signal.

"Using such measurements, we were able to fully extract secret signing keys from OpenSSL and CoreBitcoin running on iOS devices," the researchers wrote in a blog post published Wednesday. "We also showed partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto."

The researchers also experimented their exploit on a Sony-Ericsson Xperia X10 Phone running Android and said they believe such an attack is feasible.

The security researchers also cited a recent independent research by a separate team of security researchers that discovered a similar Side-Channel flaw in Android's version of the BouncyCastle crypto library, making the device vulnerable to intrusive electromagnetic key extraction attacks.

Currently, the hack requires an attacker to have physical control of, or, at least, a probe or cable in proximity to, a vulnerable mobile device as long as it performed enough tasks to measure a few thousand of ECDSA signatures.

Affected Devices

Older iOS versions 7.1.2 through 8.3 are vulnerable to the side-channel attack. The current iOS 9.x version includes defenses against side-channel attacks, so are unaffected.

However, nothing can save iPhone and iPad users even running current iOS versions if they are using vulnerable apps. One such vulnerable iOS app is CoreBitcoin that is used to protect Bitcoin wallets on iPhones and iPads.

Developers of CoreBitcoin told the security researchers that they are planning to replace their current crypto library with one that is not susceptible to the key extraction attack. Meanwhile, the recent version of Bitcoin Core is not vulnerable.

Both OpenSSL versions 1.0.x and 1.1.x are vulnerable except when compiled for x86-64 processors with the non-default option enabled or when running a special option available for ARM CPUs.

The team has already reported the vulnerability to the maintainers of OpenSSL, who said that hardware side-channel attacks are not a part of their threat model.

Two Arrested For Dropping Drugs And Porn Into Prison Using A Drone

The use of Unmanned Aerial Vehicles (UAVs), popularly known as Drones, is rapidly transforming the way crimes are conducted, and this story helps prove this right.

Maryland State Police arrested two men – Thaddeus Shortz and Keith Brian Russell – suspected of allegedly trying to smuggle drugs and porn into a state prison using a drone, according to law enforcement authorities.

The men, with the intention to fly a Yuneec Typhoon drone into local jails, were arrested near the Western Correctional Institution and the North Branch Correctional Institution in Cumberland, Maryland late Saturday.

The authorities seized:

• A Yuneec Typhoon drone, which retails for around $1,300
• Synthetic marijuana (also known as "Spice")
• Pornographic DVDs
• Tobacco
• Prescription drugs
• A mobile phone
• A loaded pistol

However, the pistol likely was not going to be carried by the drone as it was apparently too heavy that it probably would have weighed down the aircraft.

What's Authorities Biggest Fear?

Larger drones exist that could even carry a gun, Stephen T. Moyer, secretary of the Maryland Department of Public Safety and Correctional Services, told reporters at a press conference on Monday.

"That's my biggest fear," Moyer said. "The use of these drones to bring this type of contraband into a facility is very, very troubling, and we're going to address it."

Moyer is now planning to ask for up to $400,000 for each of the state's 27 correctional facilities to build drone detection infrastructure, Associated Press reported.

This is not the first time when criminals have tried to use drones for illegal prison special deliveries. A similar incident took place in late July when a drone dropped a package of marijuana, heroin and tobacco in an Ohio prison.