Join our Mailing List

"I believe that to meet the challenges of our times, human beings will have to develop a greater sense of universal responsibility. It is the foundation for world peace."

A Secure OS for the Dalai Lama?

April 20, 2009
April 18, 2009

"I am editor of the Infowar Monitor and co-author
of the recent report, Tracking Ghostnet. I have
been asked by the Office of His Holiness, the
Dalai Lama (OHHDL) and the Tibetan Government in
Exile (TGIE) to offer some policy recommendations
in light of the ongoing targeted malware attacks
directed at the Tibetan community worldwide. Some
of the recommendations are relatively
straightforward. For example, I will suggest that
OHHDL convene an international Board of Advisers,
bringing together some of the brightest minds in
computer and international security to advise the
Tibetans, and that the new Tibetan university
stands up a Certified Ethical Hacking course.
However, one of the more controversial moves
being actively debated by Tibetans on the
Dharamsala IT Group [DITG] list, is a mass
migration of the exile community (including the
government) to Linux, particularly since all of
the samples of targeted malware collected exploit vulnerabilities in Windows.

I would be very interested to hear Slashdot
readers opinions on this debated here. Allow me
to play devil's advocate for a moment here: in
the short term, moving to a platform that is
perhaps less familiar to the attacker provides
considerable relief, but it is essentially less
difficult to write exploits for Mac OS/Linux than
it is for Windows, given the many
anti-exploitation mechanisms Microsoft has
embedded in the last years, so in the long run,
if the attackers want your data, the entire move is moot.

People should choose a platform based on their
productivity requirements instead of purely
security. Furthermore, most of the web servers
broken into during these attacks (to be used as
command and control servers) were not Windows, but Linux.

What do you think? (While I have the floor I'd
also like to take this opportunity to plug two
initiatives where Slashdot readers can directly
help the Tibetan tech community, either through
sharing your expertise or your cash!

Firstly, one of the obstacles to migrating to
Linux for a Tibetan speaker is the lack of decent
Tibetan font -- can you help?

Secondly, Avaaz is raising funds for projects
that will help End The Blackout in Tibet,
including a proposal to support the deployment of
Psiphon's circumvention network.

Thanks, or in Tibetan,!"
CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665
Developed by plank