Re: Important: community effort to harden Ubuntu
This is exactly what I'm thinking. Without encryption most of the security plans you have are rendered useless. Even with encryption there's still the fact that /boot must remain unencrypted, which opens up the possibility of a kernel rootkit because the kernel is completely unsecured. To reduce the possibility of this I use a shell script I made based on another already existing (and extremely useful) one that checks to make sure the contents of /boot haven't changed. I attached the script to this post if you're interested (it currently requires KDE but could be modified for other DEs). Of course there's also the threat of a cold-boot attack, and only the TRESOR (TRESOR Runs Encryption Securely Outside RAM) kernel patch can prevent that, but it's only for older kernels.
Originally Posted by SeijiSensei
Encryption is everything. Only encryption (in combination with common sense of course) gives even a remote chance of fending off a physical attack.
The whole thing is so patently infantile, so foreign to reality, that to anyone with a friendly attitude to humanity it is painful to think that the great majority of mortals will never be able to rise above this view of life.