A Linux Distro From the US Department of Defense 210
donadony writes "The Lightweight Portable Security distribution was created by the Software Protection Initiative under the direction of the Air Force Research Laboratory and the U.S. Department Of Defense. The idea behind it is that government workers can use a CD-ROM or USB stick to boot into a tamper proof, pristine desktop when using insecure computers such as those available in hotels or a worker's own home. The environment that it offers should be largely resistant to Internet-borne security threats such as viruses and spyware, particularly when launched from read-only media such as a CDROM. The LPS system does not mount the hard drive of the host machine, so leaves no trace of the user's activities behind."
Re:Ha! BIOS, gotcha! (Score:4, Insightful)
Re:BIOS? (Score:3, Insightful)
If I were a country whose internal stability relies on the economy and the economy relies solely on exports, I'd be really careful about doing that.
Re:close, but no cigar.. (Score:3, Insightful)
This is what things like SSL are for. No need to reinvent the wheel here.
Re:RAM (Score:5, Insightful)
As someone else pointed out, this is an "approved" method, meaning they have vetted the distro and believe it to be secure. This actually makes sense, and is much better than telling your soldiers "go download some live linux cd and make sure it is secure".
More likely it is about CYA. Government security runs on CYA. Having an approved distribution means that everyone else in the organisation can use it, recommend it, even mandate it without having to worry about taking the blame if there is something wrong with it. Without an approved distro, no distro would be permitted at all.
More generally government security is totally top down - you have groups of "experts" (who may or may not actually be experts) who come up with procedures and requirements. Those are then made into official policy and distributed downline to security officers and regular users who are expected to follow those procedures to the letter without trying to think through the actual goals. When the official policy is fuzzy, you get different sites making different interpretations, sometimes with head-shakingly comedic effect - like mandatory windows virus-scans on non-windows comptuers or forbidding the installation of ssh (because its not officially approved) while leaving rlogin in place. But even those, often ridiculous, interpretations still have full CYA as long as they don't violate the official documented policies.
Re:No trace, eh? (Score:4, Insightful)
Re:No trace, eh? (Score:5, Insightful)
You know what child pornographers and "other people" are interested in? Air. They like breathing. Is that a knock on oxygen?
Do you really believe that a seriously secure OS is something bad just because "child pornographers...among other people" might be interested in it?
That sounds a lot like an argument you'd hear from people who believe that there should be a back door in everything so "the authorities" can take a peek.
Here's a news flash: I don't give a fuck if child pornographers are interesting in something. I'm not prepared to give up every last bit of my own privacy just because there happen to be perverts in the world.
Among other people.