Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday April 07 2014, @09:44PM   Printer-friendly
from the but-do-we-trust-it? dept.

The US Department Of Defense (DOD) has released version 1.5 of their LPS (Lightweight Portable Security) OS. LPS is a highly secure CD/USB bootable OS based on a thin Linux client.

The LPS family was created to address particular use cases: LPS is a safer, general-purpose solution for using web-based applications.

LPS allows general web browsing and connecting to remote networks. It includes a smart card-enabled Firefox browser supporting CAC and PIV cards, a PDF and text viewer, Java, and Encryption Wizard. LPS turns an untrusted system (such as a home computer) into a trusted network client. No trace of work activity (or malware) can be written to the local computer. Any malware that might infect a computer can only run within that session. A user can improve security by rebooting between sessions, or when about to undertake a sensitive transaction. For example, boot LPS immediately before performing any online banking transactions. LPS should also be rebooted immediately after visiting any risky web sites, or when the user has reason to suspect malware might have been loaded.

The DOD provides two different versions available for download in the form of an ISO image: LPS-Public (281 MB), and LPS-Public Deluxe (440 MB). The Deluxe edition is the same as the Public, but also includes Libre Office and Adobe Reader.

A few of the recent updates to version 1.5 include:

  • Firefox v24 (With HTTPS Everywhere v3.4.5 and NoScript v2.5.8.14)
  • Adobe Reader v9.5.5
  • Libre Office v4.1.5
  • Pidgin v2.10.9
  • IPv6 support
  • Linux Kernel v3.10.22

LPS has been my favorite go-to tool when I am using a possibly compromised system, or even one that is just plain slow; pop in my keychain USB drive and reboot the computer, now I can do whatever I need without any worries of stolen passwords. I also occasionally use it to test the functionality of the hardware on systems that have a botched OS.

Are there any other great tools like this that you would suggest? What do you use?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by VLM on Tuesday April 08 2014, @01:30PM

    by VLM (445) Subscriber Badge on Tuesday April 08 2014, @01:30PM (#28132)

    Although you might be implying "because its more secure" the real reason might be "because its way harder to monitor and log our employees every action if they use Debian"

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2, Insightful) by bookreader on Tuesday April 08 2014, @02:08PM

    by bookreader (3906) on Tuesday April 08 2014, @02:08PM (#28156)

    All I am trying to say is that this is a good move for DOD's management. Whether one would use or not DOD's version of secure OS depends on how much they trust the people who run DOD.

    Imagine this is a business case. There is a lot of talking in the public media last couple of years about security - Wikileaks, Snowden, and so on. Many people who never cared before start thinking they should be more 'secure'. So there is a demand for secure platforms. And DOD is supplying a product to this market (for free as in beer). There are certainly people who trust DOD and would prefer their product - goal accomplished for DOD. While here on SoylentNews almost nobody would be in this group, this does not mean DOD's decision to release their 'secure OS' is stupid and meaningless.

    • (Score: 3, Interesting) by VLM on Tuesday April 08 2014, @02:34PM

      by VLM (445) Subscriber Badge on Tuesday April 08 2014, @02:34PM (#28174)

      One interesting problem neither of us have mentioned so far, is we can assume that "secret pwonage technique #2326" has been embedded in the OS by the DoD to make it easier for them to monitor and track the activities of their own people... And that helps security if you assume only the DoD knows "secret pwonage technique #2326". But how do you know the Chinese secret service and russian private hackers don't know about that technique, perhaps completely independently? Or the same guy who they paid to seed a random function or weaken some other function didn't spill the beans to someone?

      TLDR is even if you trust the DoD, they're not omniscient gods. Its quite likely someone else knows the same hacks they haven't publicized yet. No such thing as being wide open to the DoD and no one else.

      This is aside from double agent type stuff, where one group tells one local guy to "invent" "secret pwonage technique #2326" because they've got the perfect countermeasure to firewall it or perfect way to detect or block it or whatever.

      So you think you're safe from everyone on the planet except for the DoD... however Boeing employees would be idiots to trust this if it turns out the French govt independently can pown those machines using the same technique as the DoD, and it wouldn't be the first time a private company like Airbus got some "extra help", we do it all the time and so do they.

      And everyone assumes the DoD powned it, so its going to get a lot of attention from other groups looking for new techniques, so using it is like holding up a big sign saying "fun free stuff here". Or is using it like "hey heres a honeypot"?