Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Home
Progress
[stage #1]:
~15%
Start
Mempo project aims to provide most secure and yet comfortable out-of-the-box computer for Desktop and Server,
to professionals, business, journalists, and every-day users avoiding PRISM-like spying.
Mempo Project is the answer to increasing surveillance of people, and endangered freedom of speech
- as well to other IT attacks, cracking by hackers, viruses. Even professional tools are not secure if there exist way around them for an attacker. Therefore - in Mempo, the best Privacy & Security tools are used together on all levels from kernel to Apps; preconfigured for VM+Tor+VPN, for virtualization and compartment
- all available in one-click fashion as Full Installable OS, Live-CD, or separate programs (sources and .deb files + deb-repo). Do I need Mempo? [read more...]
Comparison of existing systems with Mempo (as planned in Stage-1 and 2 - roadmap).
Mempo* System Tails Whonix QubesOS Gentoo-H
Live-CD/Primary-OS/Packets GrSecurity hardened Kernel GrSecurity max protection GrSecurity PAX, RBAC profiles Hardened compilations (fortify) Removed unsafe JIT code; PAX Patching ALL privacy problems Running any App in VM isolation Running any App in H-chroot jail Hardened VNC&Xnest isolation VM: easily toggle Tor, VPN VM: toggle Darknet, FW, Tunnel Tor, I2P, Freenet, VPN preconfigured Stacking networks e.g. VPN+I2P All Apps and System uses privacy Verify-build, multisign apt-get White-list AV and known-files DB Bitcoin/Altcoin/e-Currency Provides custom open hardware
wip /
wip
/ /
/ /
http://127.0.0.1:8888/...fiXFPRPKw3miEP1tXIi3Mz2BvfkKK1FsoATqAWi~NbY,DWl1hGrdJEpMT5-ofWBAH1HIYDauTNh8xilF8l2tCfE,AQACAAE/mempo/2/[2013/10/28 08:55:47]
Mempo Project: Security+Privacy Crowdfunding fixes, fast devel Real time threats warnings Buy prebuilt on most open hardware Paranoia-free lead developers
FAQ-1: To clear any initial miss-conceptions or questions: Mempo is: Light and fast Easy for non-technicals Modular addons Learning from Tails, Qubes-OS, Hardened-Gentoo ...but providing more Prefering GrSec+PAX over SE Linux Usable like regular Debian Developed inside Debian.org Usable on all Linux Usable on home-made PC As Primary OS As packets As Live-CD Flash/Wine/etc compatible (VM) At stage of prototyping To deliver custom hardware Always BSD/GPL/0-CC licensed Giving back to FOSS Cooperative! To be crowdfunded Apolitical User education focused Mempo description
checkbox to open
click
http://127.0.0.1:8888/...fiXFPRPKw3miEP1tXIi3Mz2BvfkKK1FsoATqAWi~NbY,DWl1hGrdJEpMT5-ofWBAH1HIYDauTNh8xilF8l2tCfE,AQACAAE/mempo/2/[2013/10/28 08:55:47]
Mempo cooperation
Created in cooperation
Mempo roadmap
This project is ambitious in scope - it will be release in stages.
Stage 1
Addon to Debian that makes it hardened (Kernel, PAX) and allows easy, secure, private, compartment-based use for communication, publishing, e-currencies. Kernel: GrSecurity, PAX, on max settings Grsecurity profiles (like FW+AV rules) for main software Hardened-compilation of important software Executable code anti-troyan hardening of some applications (removing JIT), with allowing also the -fast version Firewall on Host Easy creation of VMs Easy execution of important applications in isolation (chroot, secured Xnest?) Easy toggle of VM settings: Tor, VPN, Darknet One-click access to no-censorship storage darknet: Freenet with FMS (boards) and Sone (twitter) One-click access to no-censorship darknet: including id3nt twitter, darknet-IRC (irc2p), darknet-chat (jabber?) One-click access to break-prism applications, many preconfigured for Tor where possible Repository Verificable builds Secure multi-signed build
Mempo source-code
Editing code is very easy. To edit this website over github:
For users with GitHub account: On https://github.com/mempo/mempo-websites use fork repository. $ git clone git@github.com:your-username/mempo-websites.git # download over Internet $ (edit files) # also git add new_file # if you added files $ git commit -a -m "your comment" $ git push # send over Internet
http://127.0.0.1:8888/...fiXFPRPKw3miEP1tXIi3Mz2BvfkKK1FsoATqAWi~NbY,DWl1hGrdJEpMT5-ofWBAH1HIYDauTNh8xilF8l2tCfE,AQACAAE/mempo/2/[2013/10/28 08:55:47]
Computer stealing
Physical access to computer. Hard disk encryption Access to data on hard disk. Cleaning RAM memory Physical access to when going to shutdown, new SysRq (Panic computer. User sensitive button?), RFID blocking device data exposure
Software backdoor
Part of program source code allowing to bypass authentication, securing illegal remote access to a computer, while attempting to Unauthorized Runnig application in remain undetected. access to the virtual machine intended
Detailed description: system only for this application. http://en.wikipedia.org/wiki/Backdoor_%28computing%29
Example: http://en.wikipedia.org/wiki/NSAKEY Hardware backdoor
Similar to software but built in computer hardware Rootkit
A rootkit is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
Detailed description: http://en.wikipedia.org/wiki/Rootkit
Examples: http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal Unauthorized Using access to the only. system open hardware
Trojan Horse
Imitates a normal application, but implements hidden to Unauthorized Running users, undesirable functions. access to the application
Detailed description: system, data, isolation https://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 passwords theft
Example: Attacker can Identity Spoofing (IP Address Spoofing) access to the
Attacker may fake IP address so the victim thinks it is sent from a local network ? location that it is not actually from. with a valid IP address. Packet sniffing
Interception of data packets traversing a network
untrusted in strong
Passwords Using only encrypted compromised. communication, using User sensitive HTTPS Everywhere data exposure Attacker captures and modify messages in controlling communication. ? Attacker is eavesdropping encrypted communication. Cleaning RAM memory Private keys when going to shutdown, compromised. SysRq, RFID
capturing,
and
Cold-boot attack
Attack requiring physical access to computer, right after cold reboot.
http://127.0.0.1:8888/...fiXFPRPKw3miEP1tXIi3Mz2BvfkKK1FsoATqAWi~NbY,DWl1hGrdJEpMT5-ofWBAH1HIYDauTNh8xilF8l2tCfE,AQACAAE/mempo/2/[2013/10/28 08:55:47]
Education: Never trust Passwords Social engineering anyone with your compromised
Attacker uses persuasion or deception to gain access to information User sensitive passwords, private keys, systems. or sensitive data data exposure Phishing User sensitive
Attacker attempting to acquire information such as usernames, data exposure passwords, and credit card details by masquerading as a trustworthy ? Passwords entity in an electronic communication, e.g. bank website. Phishing is compromised typically carried out by email spoofing or instant messaging. User sensitive Quantum computer cryptography data exposure Multi-crypt with using QC
In the near future quantum computers will be powerful enough to break resistant cryptography Passwords some of presently popular cryptografic algorithms compromised DNS poisoning
Attack where DNS information is falsified. ... ? ... ? ...
BTC 15s3n39RT1kRh2GKU5EAE2FC1Tqjshm74p
http://127.0.0.1:8888/...fiXFPRPKw3miEP1tXIi3Mz2BvfkKK1FsoATqAWi~NbY,DWl1hGrdJEpMT5-ofWBAH1HIYDauTNh8xilF8l2tCfE,AQACAAE/mempo/2/[2013/10/28 08:55:47]