Turorial about customization of backtrack in a LiveCD

[Bart]

Hello everybody,

I still am a WinXP user (I use a lot of security gadgets, such as Comodo Firewall, AviraAntivir, Win Firewall, lavasoft ad aware, sophos anti-rootkit, mcafee site advisor anti-phishing, sandboxie, truecrypt, automatic update for win, and I keep the browser and these gadgets updated, I did no care too much for the loss of system processing, nevertheless, that’s still windows), but now I’m just making some tests with bitcoins. As I gain security in the system, maybe I make transactions with high ciphers. I’ll will install the Ubuntu in my notebook this week and I’ll let it almost exclusive for finance transactions, not only bitcoins, so the restrictions in favor of security is not a problem. But, by what I was reading in the web, a liveCD, mainly the pre-configured BackTrack, would be the safer option.

As I never was a Linux user, I’m not intend to move to such “alien” distribution like BackTrack right away. I’m in no hurry with this progress, but read some tips now will not kill me.

Does anybody have a tutorial of how to configure the BackTrack to the most secure and paranoid way? Does anyone knows if there is a anti-phishing wich works on Tor (onion) or a good firewall for BackTrack? And how I can save my wallet in a LiveCD distribution?

Now,
Grateful

BartSimpson

Ps: Sorry for my English.

[shakaru]

Really sorry for your english. What are you trying to build here and why? I do not understand.

[joulesbeef]

backtrack livecd is pretty damn secure out of the box, though most people use it for hacking and not for security.

as for anti phishing for tor.. yeah type in the addresses manually.. dont click links. Otherwise no and that wouldnt be a good idea, tor is designed to hide were you are going, and anti phish would want to know where you are going. You'd still have a lot of anonymity but it's antithesis to the idea that is tor. You could configure your own firefox to use tor but that is just a bad idea.

and you can save your wallet just normally while running alive cd..you can even leave it in the normal place on xp.


I'm not really sure exactly all you are trying to accomplish but I would just do that linuxcoin if concerned about trojans and such, really dont think you want backtracks, especially if you have never used it. It's not exactly the most non geek friendly app. And you really have to love the command line a lot.

[Bart]

Really sorry for your english. What are you trying to build here and why? I do not understand.

What part did you not understand.

The main part is: I want to customize a backtrack in a liveCD to work with bitcoins. Assuming a liveCD cannot be changed, in other words, you can't install/unistall apps and you can't save changes in the system, it is a very secure option to work with bitcoins (nobody can install a trojan in the system to stole your wallet). But the problem is: how to save the wallet.dat in a LiveCD?

I know you can save the wallet in a external HD and indicate the archive (wallet.dat) in each boot, but I think this is not the safer alternative.

Does somebody have a tutorial about customize the backtrack (or any other linux distribution) in a LiveCD?

[Bart]

backtrack livecd is pretty damn secure out of the box, though most people use it for hacking and not for security.

as for anti phishing for tor.. yeah type in the addresses manually.. dont click links. Otherwise no and that wouldnt be a good idea, tor is designed to hide were you are going, and anti phish would want to know where you are going. You'd still have a lot of anonymity but it's antithesis to the idea that is tor. You could configure your own firefox to use tor but that is just a bad idea.

So, you are not safe to phishing at all (even with a anti-phishing you are not). That's what I was thinking.

But, anyway, thanks for the advice.

and you can save your wallet just normally while running alive cd..you can even leave it in the normal place on xp.

But this is exactly what I don't want. I want to save my wallet with the backtrack in the liveCD, so, nobody would be able to stole it.

I'm not really sure exactly all you are trying to accomplish but I would just do that linuxcoin if concerned about trojans and such, really dont think you want backtracks, especially if you have never used it. It's not exactly the most non geek friendly app. And you really have to love the command line a lot.

Ok.
I'll try a most non-geek-friendly like Ubuntu first.

Maybe the problem was not only my English, but I my ignorance about what I was asking too.

I was just thinking: "Oh, if the LiveCD can't be changed, nobody can install a app (like a trojan) to stole my wallet. But if the system can't be change, how can I use my wallet?"

I know there is a way to customize your liveCD with all apps, programs and archives you use, such your bitcoin client and the wallet.dat, but I didn't understand the tutorials I have read about this topic (even in portuguese). I'll study more before posting my doubts in the next time. It's a virtual etiquette to use google and try yourself before asking for help in foruns, I know. Sorry for my immediacy. I'm studying a tutorial right now.

I hope you get the idea now...

[joulesbeef]

interesting.. yeah you could put your wallet on the cd as well

it wont be stolen from the hard drive however, if you are using livecd.

If you put your wallet on the livecd.. you have to update teh livecd every 100 addresses that you use.

I would do it every 80 addresses just to make sure you didnt forget a few.
but yeah no problem putting your wallet on a cd if you wanted to.

[Bart]

Oh, this time I was more understandable. Thank God.

interesting.. yeah you could put your wallet on the cd as well

it wont be stolen from the hard drive however, if you are using livecd.

Yeah!

If you put your wallet on the livecd.. you have to update teh livecd every 100 addresses that you use.

I would do it every 80 addresses just to make sure you didnt forget a few.
but yeah no problem putting your wallet on a cd if you wanted to.
[/quote]
Like I said, I'll try by myself first. If I have some difficulty to use my wallet and bitcoin client in the liveCD, I'll ask for help here.

[drgr33n]

I did post over on the backtrack forum months ago on how to get mining up and running using their livecd. You theory on your wallet cannot be stolen from a live cd is totally wrong. The live cd copies the filesystem to ram and acts like any other storage media. You can r/w to the filesystem so you can install something on the system if you had access to the machine via a exploit or physical access.

Not only that backtrack is not the choice I would pick for offline storage this distro is not secure at all and it's intended for pentesting not protecting your information. I wrote linuxcoin for this purpose and it has hardened security, tor & everything needed to buy, sell, trade & store bitcoins as safe as you can be. 0.2-final is the current version but there is to be another release shortly with even more security features like memory wiping apon shutdown or removing the media, A shiny new linux-3.0 kernel with the latest grsecurity patch with RBAC and PAX hardening features. Plus wallet encryption, sandboxed applications and lots more.

http://www.linuxcoin.co.uk

[Bart]

I did post over on the backtrack forum months ago on how to get mining up and running using their livecd. You theory on your wallet cannot be stolen from a live cd is totally wrong. The live cd copies the filesystem to ram and acts like any other storage media. You can r/w to the filesystem so you can install something on the system if you had access to the machine via a exploit or physical access.

But if it's possible just by physical access, it would restrict a lot the ways to be stoled.

Not only that backtrack is not the choice I would pick for offline storage this distro is not secure at all and it's intended for pentesting not protecting your information.

Well, thanks for the information. I'm not a expert in this area at all, and you must understand the insecurity a newbie user feels when he is putting his money on web.

I was reading some posts on internet like this:
http://sectools.org/sec-distros.html
That's the why I was think backtrack as safe. But now I think is just safe for advanced users. Beginners users could exposed theirself without knowing what they are doing.

I wrote linuxcoin for this purpose and it has hardened security, tor & everything needed to buy, sell, trade & store bitcoins as safe as you can be. 0.2-final is the current version but there is to be another release shortly with even more security features like memory wiping apon shutdown or removing the media, A shiny new linux-3.0 kernel with the latest grsecurity patch with RBAC and PAX hardening features. Plus wallet encryption, sandboxed applications and lots more.

http://www.linuxcoin.co.uk

Oh, REALLY THANKS, man.

Debian is non-geek-frindly. I'll study and try this one.