I am assuming that you already know how to set up an encrypted file system using cryptsetup with luks (or something else). There are several howtos. I am also assuming that you are familiar with LVM2.
This tutorial deals only with how to add an extra encrypted physical volume to a volume group pool containing other encrypted physical volumes. This is typical scenario if, at first, you have set up your encryption at a physical partition level (/dev/sdaX where X is the a number of your partition), then you setup your LVM on top of the encrypted partition. If at some later time you want to add another partition in your volume group, you will also want to have it encrypted in order to maintain the same level of security. In order for your machine to boot, initramfs needs to be able to unlock both PVs in order to reconstruct the entire volume group where your root lv is lying.
For those of you familiar with LVM2 and looking to securely encrypt data on your logical volumes, this article provides a great step-by-step tutorial on how to do so. This implementation requires passwords to be typed for each volume - maybe you can let us know how this would be done with a keyfile?
Source: Raiden's Realm - Posted by Eckie Silapaswang
One of the most prized rights of any American is the right to privacy and security. It's something people in some countries would kill for. Yet now there appears to be a very frightening trend growing. Your privacy and security are being thrown out the window wholesale in favor of easier access by law enforcement. A recent example of this can be seen with the announcement that Microsoft has been providing a tool to investigators that can effectively rip your Windows security to shreds in seconds, exposing all your private data to whoever wants to look at it.
A key point brought up in this article is the fact that prevention of crimes should hold higher priority over that of solving crimes. It seems that breaking security for the sake of forensics would not only make crimes easier to "solve", but also easier to commit. How do you feel about this approach to improving forensics?
Introduced in Ubuntu 7.10 was install-time encryption support where using the alternate installer one can fully encrypt their disk in an LVM using dm-crypt. Unfortunately, the Ubiquity installer in Ubuntu 8.04 continues to lack LVM and encryption support, but using Ubuntu 8.04 Alpha 6 we have looked at the performance cost of this encrypted configuration on Ubuntu Linux. Rather than looking directly at the disk read/write overhead caused by the encryption process, we have provided some benchmarks to see how the real-world performance is impacted in both gaming and other desktop tasks.
One reason most users don't encrypt their private information is that it takes too long. Checkout these benchmarks of encrypting an entire hard disk, you may be surprised.
Take a few minutes and read this security newsletter. His latest posting states some interesting ideas about computer privacy. And as always let use know what you think about it.
When I write and speak about privacy, I am regularly confronted with the mutual disclosure argument. Explained in books like David Brin's "The Transparent Society," the argument goes something like this: In a world of ubiquitous surveillance, you'll know all about me, but I will also know all about you. The government will be watching us, but we'll also be watching the government. This is different than before, but it's not automatically worse. And because I know your secrets, you can't use my secrets as a weapon against me.
If you travel across national borders, it's time to customs-proof your laptop. Customs officials have been stepping up electronic searches of laptops at the border, where travelers enjoy little privacy and have no legal grounds to object. Laptops and other electronic devices can be seized without reason, their contents copied, and the hardware returned hours or even weeks later.
Now that we're jumped ahead an hour and are seeing less snow (at least here out east), we can start moving about the world again with our trusty laptops - be sure to give a quick once over of the above article! This includes tips / tools for ALL operating systems to ensure you have properly secured your laptop - wireless hacks, encryption techniques, and general security apply.
A flaw in the way the Firefox and Opera browsers handle an image file could allow an attacker to see what Web sites a person has visited. The problem concerns how the two browsers handle a ".BMP," or bitmap, image file, according to an advisory written by Gynvael Coldwind of Vexillium.org, who posted a video illustrating the problem.
I always find it interesting when two pieces of software together can cause a security vulnerability.
Most people lock their doors and windows, use a paper shredder to protect themselves from identity theft, and install antivirus software on their computers. Yet they routinely surf the Internet without giving a second thought to whether their browser is secure and their personal information safe. Unfortunately, it's easy for someone with nefarious intentions to use a Web site to glean data from -- or introduce spyware to -- your computer. Even worse, sometimes all you have to do is randomly click on a site to have your data probed in a most unwelcome way.
Any tools which helps my security and privacy while surfing the Internet is worth looking at. There are many Firefox extensions which can improve your privacy and security on the Net. This articles talks about 10 such tools.
Source: Network World - Posted by Eckie Silapaswang
You pay for your broadband modem, you pay the ISP to keep delivering your service, and what do you get in return? They spy, monitor, and insert ads into your web pages for good measure. Apparently a certain vendor (lets call them NebuAd) has been selling devices to ISPs to do precisely that. Your privacy is exchanged for traffic habits, you preferences, and custom tailored ads for you. Whatever happened to just 'um, no?'
Source: Slashdot.org - Posted by Benjamin D. Thomas
"Suppose your girlfriend called up Match.com and said, "I think my boyfriend might be cheating on me. His e-mail address is joeblow - at - aol - dot - com. Can you tell me if he's a member?" And Match.com phone support told her, "Why, yes, he is a member. You'd better have a talk with him." After you had gotten over the guilt of getting caught -- I mean, the guilt of cheating -- would you not feel like Match.com had violated your privacy by telling a third party that you were a member?"
Wired News, with help from some readers, attempted to get real answers from the largest United States-based ISPs about what information they gather on their customers' use of the internet, and how long they retain records like IP addresses, e-mail and real-time browsing activity. Most importantly, we asked what they require from law-enforcement agencies before coughing up the data, and whether they sell your data to marketers.
