Written by slashdotaccount the 22 Aug 12 at 20:14.
Global category: Security.
New
It has been demonstrated [2] by researchers, that contents of RAM can be extracted for at least 5 minutes [3] even after the machine has already been powered off. Most users are not aware of this. The RAM can contain sensitive data, such as passwords, documents and encryption keys, etc.
Ubuntu should wipe (securely delete) contents of RAM when the system gets shut down, restarted or on request. Other distributions (Tails and Liberte Linux) do already do it.
That feature is even more important for people using Full Disk Encryption, where everything except /boot is encrypted. Cold Boot Attacks [1] can be used to retrieve encryption keys from RAM. Only wiping the RAM ensures, that all data on a fully encrypted disk is safe the moment the system got powered off. Otherwise there is a window for at least 5 minutes for the adversary the extract content.
Note:
Do not believe unstained claims, that DDR3 RAM would circumvent this attack. That has never been claimed or proven by any researchers and if you mail them, they won't tell you, that this is the case.
Prior work:
- Tails RAM Wipe introduction [6]
- Some more information about tails RAM Wipe implementation [8]
- Liberte Linux RAM Wipe introduction [5]
- More implementation details about Liberte Linux RAM Wipe implementation [7]
- memtest not deleting everything [4]
- Test if RAM Wipe is working [9]
- Tails mailing list discussion [10]
- Another Tails mailing list discussion [11]
- Kernel bug report [12]
- Debian bug report [13]
- Erase memory: the GRUB way [14]
Written by slashdotaccount the 16 Aug 12 at 00:38.
Global category: Security.
New
Currently Ubuntu gets sets it's system clock over unauthenticated NTP. Thus, any man in the middle can modify answers from NTP servers and the client's or server's operating system has no way to recognize that, only hope the user will recognize and act accordingly.
Correct time is absolutely crucial for many security related things. Some systems do not have a hardware clock or hardware clock is defunct (battery low). If an adversary managers to set the time several years back, he can let the user accept already revoked, broken, expired certificates. Replay old, broken, outdated, known vulnerable updates etc.
Written by slashdotaccount the 19 Oct 11 at 14:24.
Related project: Unity.
Not an idea
When you open unity and start typing a word, sometimes the word you type doesn't show the application you want. Please allow the user to add custom tags to applications
Before installing Ubuntu, you are asked, in which language you want to install it and the base system is installed in that language. However, there are some porgramms that are still in English (for example OOo I think).
In addition to that, if you install some packages they are in English although there is a language package in the sources (Enigmail for Thunderbird for example).
You have to go to the system menu and then to language to install all the missing language packages. Ubuntu knows which packages you might be interested in so why doesn't it give me that list earlier?
Written by slashdotaccount the 3 Oct 10 at 08:39.
Global category: Usability.
Already implemented
My idea here is to have an application switcher that would display certain selected software programs in large(ish) items on the desktop, and let a remote control user use the aroow keys and OK button to move between applications and select one. Alternately, make the desktop remote aware so that the remote can be used to select a program to run from the desktop.
Users can add old repositories and turn off their new repositories and then download old packages. The old packages can replace the newer ones causing dependency issues.
The system of packages and dependencies causes a lot of trouble and brings a lot of compatibility issues (example: older programs that link to old system libraries that are no longer compatible with the newer ones and cannot be installed because they are incompatible and break the rest of the system). It had sense to use it in the past when disk space and memory usage was scarce, but nowadays security risks trumps most of the usefulness of sharing libraries and disk space is both cheap, and huge. In fact, orphan and dependency packages are now more of a problem than a solution, and it constantly waste disk space.
Installing programs nowadays is a headache because instead of downloading all the files you need, you need to create a puzzle by downloading all required parts from different repositories and hope you gather all of them and are compatible with what you have installed.
Uninstalling programs is also troublesome, because bad dependency checks means that removing one package (ex, gnome games) might create a chain of uninstalls (visual impairment aid, gnome desktop, etc).