Slashdot Mirror
Ohio Plans To Encrypt After Data Breach
Lucas123 writes "After a backup tape containing sensitive information on 130,000 Ohio residents, current and former employees, and businesses was stolen from the car of a government intern in June, the state government just announced it has purchased 60,000 licenses of encryption software — McAfee's SafeBoot — for state offices to use to protect data. It's estimated that the missing backup tape will cost Ohio $3 million. In September, the state docked a government official about a week of future vacation time for not ensuring that the data would be protected."
People just won't learn that security should be proactive. Society is a very slow learner.
Er, while this software encrypts data on the disk, it doesn't encrypt the backups. These will still be cleanly read from the disks and written out to tape.
Couldn't they have found an OSS solution that would have, y'know, saved the state an assload of money? I'm not an "OSS can do everything commercial software can, but better!" zealot, but that's a big bit of pocket change to be throwin' out for a solution, there.
Someone tell them they were supposed to encrypt the data before the breach!
Send email from the afterlife! Write your e-will at Dead Man's Switch.
If that was true, somebody would find out, and that would get people fired.
Probably a quick purchase based on needing something now.
The Kruger Dunning explains most post on
Help me close this barn door, would ya?
The state loses $3 million bucks, and the guy responsible gets the punishment of a whole week of lost vacation time? Wow....I want to find me a job where I can screw up so badly and get off so lightly. I mean....other than the Presidency.
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
Okay, I am having difficulty in understanding $3 million figure... So they bought 60,000 licenses. If we consider the complete $3 million towards licenses, it will be $500 per license, which I think is way too much. However I could not find the cost of the encryption software anywhere on the web (anyone with links????)
anyone care to explain approximately from where $3 million figure came?
...that same government official's boss has allotted him another week of vacation for not losing the REST of the data that all of Ohio stored.
Losing a week of vacation for a data breach that large is ridiculous; like a slap on the wrists. I bet he's going to get paid overtime for working that extra week.
...that the next time they get a backup tape stolen, it'll have a post-it note stuck to the tape with the password on it?
the state docked a government official about a week of future vacation time for not ensuring that the data would be protected
I work as a DBA in a nonprofit healthcare organization. If our backup guys lost a tape, and I hadn't bothered to check off the box in our database backup software that says "Encrypt: 256-bit AES", I would lose my job.
This guy got dinged a whopping 1 week of vacation time. That's not even '1 week suspended without pay'. It's the equivalent of having to stay in detention after school.
I need to move over to the public sector or something.
"In September the state docked a state government official about a week of future vacation time for not ensuring that the data would be protected."
So now we know how much Ohio state officials value the personal privacy of its citizens.
40hrs/130,000 - about 1.1 seconds of a government official's vacation time.
Makes me wonder why people stay in a state that values the personal privacy of its citizens so little.
Instead of using software, I wonder whether an IDE or SATA connector could be developed that encrypts and decrypts the data going to and from the drive. Basically your organisation would enter a key into the connector and the encryption would happen without the OS knowing. If you remove the drive then you wouldn't be able to use the drive without the connector.
Jumpstart the tartan drive.
Whether it's encrypted or not, why is sensitive data on employee laptops or in intern's cars?
How do you log and audit access to data to prevent abuses if you just hand out copies of databases?
exactly! safeboot does a good job. I can't say i like mcaffee, but the product comparision is most favorable.
I saw four horrifying words...
Intern, backup tape, car
encryption is probably low on the list of security concerns here... just WOW
I absolutely know that I don't want to hear the story of how those four words got used in the same sentence until happy hour is nearly over.
Those 4 words should never be needed in the same sentence. Process is just as important as encryption. That should have been 'backup tape', security company, armored transport, iron mountain in the sentence... oh wait, then there would be no story.
Support NYCountryLawyer RIAA vs People
...we see a story about 130,000 residence records locked and unavailable due to lost encryption passwords?
They just paid millions of dollars for something that systems like OpenBSD, Linux, and FreeBSD offer for free. OpenBSD's filesystem encryption is particularly good. And when you combine it with their meticulous code reviews and near-100% insistence on using as many security good practices as possible, there's really no reason to not use OpenBSD if security is one of your main concerns.
It seems logical to me that this kind of information should be on a centralized servers at a state office with managed firewalls and all the rest with only hardwired terminals allowed access with maybe a VPN set up for remote access if absolutely needed out in the field. I know wireless isn't 100% secure and no system is but that just makes logical sense to me.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
Great, now they have a tool to encrypt! Let's hope they thought about key management before implementing it. It's great for vendors that some have no idea of security - more sales. Next we will read all the keys stolen by an employee (usually high in hierarchy, just my experience) and have to start all over again. Or am I too pessimistic / skeptical when it comes to security?
Your problem is? They have been seen to have done something.
Deleted
... but can't make it drink. Encryption is only a partial solution. You still need to keep your backup tapes secure (they won't be encrypted by this software, but most higher end backup software will), and you need to keep people from copying files to USB sticks or burning to CD.
Real programmers use "copy con program.exe"
You'll also be aware of the various rows here in England as the government displays its new networking technology: CDs and a courier. Most of us with medium-sized data farms (I herd about 50TB) are getting out of removable media as fast as we can. I've got 20TB of disk at the far end end of 30 miles of GigE, which with compression (all hail ZFS!) provides me enough space to keep copies of all the critical data, plus a few weeks of daily snapshots. My RPO is ``that day's work'' and my RTO is essentially zero: I can serve the data up over NFS from the replicas as easily as from the live systems. Obviously, some of it's better than ``that day'': the Oracle archive logs go straight over, and the Cyrus mail server will replicate live as soon as I can find the time to get it working. But we're only using tape now for monthly audit copies, and those can therefore safely stay in the machine room: the data replicates offsite, and then comes back into the tape silo monthly. A machine room fire costs us the audit copies: if I feel keen I'll start cloning those and sending them offsite. If I can scare up the budget and offsite space for a MAID then I can get out of tape entirely.
Encryption is crap unless it's used by those trained to understand how it works and what it's limitations are, which I'm sure 60,000 employees will not be. What happens when an employee copies data to a USB disk or e-mails it to someone. If the software prevents this, it will be a major pain in the arse that will cost a lot more than $3 million in lost productivity. If it doesn't, then data will get stolen and everyone will say "no problem, it was encrypted", until massive identity theft cases force them to admit that not all copies were encrypted, but, because the guy in charge spent $3 Million, he'll argue that he did everything reasonable and no one will be held accountable. The real solution is to LIMIT ACCESS TO SENSITIVE DATA TO TRAINED EMPLOYEES WHO ACTUALLY NEED IT TO DO THEIR JOB. I can't imagine that there's 60,000 employees who actually need the personal information of 130,000 Ohio residents. I'm not saying it's obvious who needs what data, but $3 million would buy a lot of manpower to figure it out.
And what happened to Encrypted File System. You know, built-in to NTFS, complete with administrative recovery keys, doesn't cost $3 million? This sounds like just more government waste and McAfee marketing to me.
Part of my job involves working on laptops owned by an agency that uses SafeBoot to encrypt data on laptops. Gather children, let me tell you of SafeBoot...
1. SafeBoot is whole-disk encryption, but Windows-partitions-only. If you dual-boot or use Linux, there is no solution for you except "Please don't lose your laptop".
2. SafeBoot requires a login before you can boot Windows. If you get your password wrong, you must wait a certain amount of time before you can re-enter your passwords. At first, it's not that bad -- a few seconds. But each successive failure increases the time... eventually, you're waiting minutes.
3. SafeBoot encrypts the drive so that you can't access the drive from another machine -- which is what it's designed for, of course. Try being an IT guy in this scenario: You can't perform ANY troubleshooting that doesn't involve booting Windows. If Windows fails to boot, you have to have your hard-drive decrypted (which, for us happens off-site and is a MAJOR pain in the ass). I cannot boot off a Windows CD to use the recovery console to replace damaged registry files. I cannot do a 'repair' install. I could wipe the drive and re-install Windows...
4. The password policy in place requires users to change their password periodically and be of a certain complexity level. Most users have their SafeBoot password written on a piece of paper and taped to their machine, now...
There's a line between security and usability. When SafeBoot works, it appears great -- it doesn't impact system performance *that* much and it encrypts the contents of the entire drive, woo. But when something goes wrong, it becomes a big pain.
To be honest, though, I think the bigger problems for the work *I* run into with SafeBoot is the policies in place, rather than SafeBoot itself.
The way it's worded seems a little ambiguous to me. Did the theft alone cost the state $3 million or did the theft cause the state to spend $3 on licensing a product from mcafee? Both sound like reasonable figures when dealing with the public sector and taxpayer money.
If they have 60,000 computers with 'sensitive' data on it then they're borked already.
... if they want to prevent
If they want to encrypt people's laptops/desktops then fine
personal civilian data from leaking out they're off by a few orders of magnitude on the
extent of their distributed storage.
Belthize
Why don't they just use GPG? It won't cost them three million dollars, and it'll be just as good. It's not going to cost Ohio's government three million dollars. It's going to cost the people who live in Ohio three million dollars in tax dollars. Every time someone says, "Let the government pay for that," they really mean, make us all pay for that, because where does the government get its money? From your hard work! And every time someone says, "Let corporations pay for that," they really mean, make us all pay for that, because where do corporations get their money? That's right! It comes out of your pocket whenever you buy any product or service. Somewhere along the line, it was mined, grown, processed, moved, removed, produced, packaged, housed, assembled, displayed, sold, etc., by a corporation. And when that corporation's expenses go up, it becomes included in the price structure of the product or service you buy.
TrueCrypt is a very nice free solution and I've been using it for months, haven't had a single problem with it. I guess they were not aware of that software, maybe because they simply didn't look for ANY other products beside McMoney's..
The government has a software package they use for such things already. The Macafe stuff it's weak in comparison.
You can joke about this being a case of closing the barn door long after the horses have gone scurrying into the country side but......someone got punished and a preventative measure is being taken. You can't hope for a whole lot more than that, especially from a government agency.
There are some people that if they don't know, you can't tell 'em.
Jeez, put a finger in the dike!
Here is the SECRET on HOW NOT TO LOOSE DATA IN CARS!
Ready?
Really, Ready?
No, Are you Really, Really, Ready?
DONT LEAVE YOUR LAPTOP IN YOUR CAR!
Go back and get it.
A friend of mine, decades ago, lost his portfolio on Syquest cartridges, that he left in his car, ( I would have writtten them off already, but I digress ). I learned the lesson from his mistake. NEVER EVER EVER leave your laptop in your car. Take it out before your lunch, If you really had to, you could replace your lunch.
I went back to Ohio
But my data was gone...
What's the use to encrypt your hard drive just to make a nice decrypted backup later? Conversely, this particular problem can be probably solved cheaper, since I doubt that they have 60000 tape drives in the office. Any decent backup software should already support encryption anyway.
I am not saying workstation security is not important, but here it sounds like someone doesn't even understand the problem that they had.
How to spell "lose" !
..one gpg command in between tar and the output device.
Why, oh why, didn't I become a government contractor?!?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The state will now be called kaV#29v@a
Hmm... I wonder if they give a damn that their state-wide reliance on Windows is another accident waiting to happen.
Care about trojans, keyloggers, viruses, and all the other uncountable ways to lose confidential data, not to mention productivity?
Get rid of Windows as well. You'll never regret it.
you had me at #!
McAfee ??? I can just see some state dude going down to Best Buy and asking the Geek Squad which software is best. Seriously, McAfee sucks. That software always gave me problems. Could they not find a better solution ? The ONLY reason McAfee is in there is because whoever made the purchasing decision did not know any better.
hmmm My money is at stake so what do they do? They pay for this solution with my money!
The game.
This is the umpteenth report of sensitive data on laptops being lost. A) Why did these people need laptops in the first place? B) Why was sensitive data present on an unsecured system?
Maybe the Ohio department has such MI-5-like employees that they need interns as decoys?
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
As an IT professional in Ohio who works in a field very close in both location and function to what this company did, I just want to say that this whole thing has been blown so far out of proportion it's not even funny. Yes, there was some sloppiness going on. Yes, someone, maybe a few people, deserved to lose their jobs over this. However, the amount of time and money that has been spent on this is so far overboard it's ridiculous.
No actual loss has ever been reported as a result of this breach. The tape that was stolen was in a relatively obscure tape format. (I don't believe it's ever been reported, but I work with similar systems, and I would guess it's probably 5 1/4 inch format, likely not even in ASCII. Most of the data backups we get are EBCDIC.) It was unencrypted, but in order for someone to get anything off this, they would need the correct hardware, the correct software and they'd really need to know that they were looking for something. Add to that it wasn't reported until weeks after the loss, by which time the thug who broke into the car had log since ditched the useless cassette tape that he stole.
Meanwhile, Ohio taxpayers are spending millions of dollars doing credit checks on every person whose information was potentially on that tape.
I'm not advocating that we forgo due diligence. I take great care in making sure that all backups from my company are encrypted. I hound everyone in the office to make sure their passwords are secure. However, the fact that we're still speding money on this makes me irate. If there was any indication whatsoever that this data was compromised, I'd be OK, but there's a 99% chance that this tape is in a landfill in southern Columbus right now.
-Arthur
Cave ne ante ullas catapultas ambules
It was due to general incompetence and cutting corners, and the lack of security on the entire OAKS project, which was virtually nonexistant. A shared drive was left open during project development, and it had been discovered many times that people who weren't involved in the project could log in download personal info. My cousin in law interviewed various employees and wrote a good article for the Cleveland Free times: http://www.freetimes.com/stories/15/28/system-failure .
I would use a MAC and file vault to solve this issue
The data shouldn't be stored on the local machines. It should be in a centralized database that supports encryption at least at the table level, if not the specific field level. That database should be accessed by a client workstation that doesn't cache the data locally. Then the backups should be password protected and encrypted. This isn't exactly rocket science here.
I use McAfee and have had good luck so far (knock knock on wood). Is there a better virus/firewall application out there for Win XP that I don't know about? Do tell!
If only CompUSA was still around.
"Hello, I would like 60,000 copies of McAfee Safeboot please."
"Do you want the extended warranty with that?"
Yea, one disaster after another. And I was taught lightning never hits the same spot twice... 60 fucking thousand licenses must've cost them some sweet greenbacks! And some people wonder why ohio is seen as backwards red neck country... oh boy!
Doesn't matter if it's carved into a brick of lead weighing 4 tons and can only be read by a half blind midget who is kept locked in a dungeon under the guard of five dragons.
The brick being stolen is a security breach, and the information that was carved into it is now to be considered 'out in the open.'
Security through obscurity? Get real.
Not a Twitter sockpuppet... but I wish I was.
Of course, if you parse the Slashdot article title, you'd think that Ohio plans to do lots of remedial encryption *every* time they have a data breach rather than preventing problems up front
The much more serious problem is all that data that the state has, and the lack of controls on agency and employee use of the data, plus the _planned_ abuses of the data by state agencies and Feds that they're sure to share it with. Since the Feds have effectively gutted most of the privacy laws over the last decade or two, about the only things you can do to protect any of it are to encourage the state to keep using obsolete inadequately supported computer systems (:-), or scare the anti-privacy right-wingers into restricting access to data to keep terrorists from getting it and keep DMV employees from having enough access to licenses to immigrants.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
We'll have data utterly lost. "We lost the piece of paper with the password." Whee!
Just another knee jerk reaction
- High-tech workers usually change companies often, so they don't get very high up the vacation curve, while government workers usually stick around a long time. Working at startups is especially that way, because they often don't last more than two-three years, and many high-tech workers do contract work so they also don't usually accrue much vacation. There are exceptions, mostly old-line businesses like IBM and telcos, or first-wave computer companies that survived, like Sun or Apple, and a lot of academic-style companies give you a sabbatical after a few years.
- Government workers tend to get all kinds of random holidays in addition to their vacation - Columbus Day, Martin Luther King Day, some kind of Founding-of-the-State day, etc., which non-government workers generally don't get as many of. (My company provides three special floating holidays, which they can't reschedule on you unlike regular vacation - they typically get used for Jewish holidays by Jewish employees or as regular vacation by goyim.)
- Some high-tech companies lump vacation and sick-time together, while governments and older companies tend to handle the two separately.
Your figures for how much vacation you get after N years of experience are more generous than I've usually seen, but they're in the ballpark.Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I just checked that page, and while I may be jumping the gun a bit, I see no mention of "backup" or "tape". Thus, I can only conclude that unless their backup software itself separately encrypts the backup, or unless the backups are full disk images (taken while the OS is shut down), the backups will not be encrypted.
Of course, those are a couple of assumptions, but they're pretty likely ones.
Disclaimer: I'm not the grandparent poster.
Don't thank God, thank a doctor!
Explain what the requirement of FDE is.
I currently boot my laptop off a USB stick. While I have only configured it to use every single partition encrypted (Linux root, swap, and shared NTFS with Windows), it would be a small step to encrypt the whole disk. (Of course, then I couldn't boot Windows.) I don't currently have passphrases on the key files on that USB stick, but I don't use it for anything else, and, again, that would be a small step.
Obviously, the USB stick cannot itself be encrypted. Must there be some BIOS support for it, then? And if so, what's to prevent the BIOS from being as easily compromised as my USB stick?
Unless you're using a trusted computing chip, I don't really see how you can get much more secure than that.
There is OpenOTFE for Windows, but, unfortunately, it won't encrypt the Windows boot partition, and for some really strange reason, it doesn't support the Windows Defrag API. (Thus, just about any defragger on Windows won't be able to defrag this drive, but some defraggers on Linux might.)
Don't thank God, thank a doctor!
We are the ones who are constantly telling people to implement things like encryption.
They either think we're paranoid, or... I don't know what the fuck they think. Probably just don't want to deal with it...
So now they've been bitten, and now they "get it".
Any time someone finally admits you've been right all along, especially when it's a bit too late to prevent the damage, is cause for both glee and frustration.
Now, I'm not saying that them adopting encryption now is a bad thing, though maybe the particular product they chose is...
Don't thank God, thank a doctor!
According to your definition, there is a whole hell of a lot of data "out in the open." In Windows 2000/XP, it's reasonably difficult to encrypt your system drive and your pagefile. Even if you diligently keep 100% of your data on an encrypted volume, can you guarantee that no social security numbers were written to your pagefile? That data can be scraped, you know. Plus, if your computer is stolen, can you tell with any degree of confidence which records were in that pagefile? No? Then you have to assume that all of them were compromised.
Truthfully, the only perfect security is a computer that's disconnected from the Internet, underground, in a locked room turned off with all the hard drive cables removed. And even then, "they" can probably read the information from their satellites in space. In the real world, we need to make compromises.
All of our company backups are encrypted using 256-bit AES encryption. If one gets stolen, I can't "guarantee" that the data hasn't been compromised. After all, someone with a few billion^10 CPU cycles to spare could crack the encryption algorithm. Sure, AES is trusted by the Pentagon, but that doesn't mean it's 100% infallible. In fact, there's a calculable mathematical chance that someone could guess the encryption key on the very first try, even without a supercomputer. It's damn unlikely, but certainly not impossible.
So the question comes down to this: what level of risk are you prepared to accept? More importantly, what level of security are you willing to pay for? Security isn't free. "Perfect" security (like nuclear launch codes, where failure is absolutely not an option) is very expensive. Would you be willing to donate a couple thousand dollars of your own money (along with every other taxpayer) to replace all computers in the country with ones that have hardware-level encryption? Is that good enough? Most of our customers are small, non-profit organizations already run on a shoestring budget. Most of them can't afford to hire a proper secretary, let alone an IT specialist who knows how to use TrueCrypt and enforce security policies.
Listen, I'm not arguing against data security. If you knew me personally, you'd know I'm a very security conscious individual, but I'm saying that we need to be realistic. We need to spend a finite amount of money where it will do the most good. Those millions of dollars in Ohio put towards useless credit checks were funneled directly away from our customers' already meager budgets. My boss is a nice guy, but he needs to keep the company running, so he can't donate our services. That money could have been spent on education, or updated hardware, or proper disposal of old equipment. Put in perspective, there are breaches far more egregious than this one that happen every day, and I can say first-hand that they are usually the result of ignorance. Some people don't know it's not OK to save a SQL backup to a USB key and take it home. Some people don't know that you have to DBAN a hard drive before you throw the computer away. These are far more dangerous than a lost (and probably trashed) AS400 backup.
-Arthur
Cave ne ante ullas catapultas ambules
First, there's open source, which is great if you can remember to scan your hard drive every now and then. (I keep waiting for someone to bundle this on a boot CD.)
Then, for more sophisticated protection, there's avast and AVG. Of course, these mostly focus on anti-virus.
I recommend Avast, and I use Clamwin, because the only place a virus scanner really helps someone with good online habits is when you've downloaded a file which you know is suspect, and you'd like to scan it prior to use.
On the anti-spyware front, there's Spybot S&D, which has been known about for ages, and is still good.
The reason McAfee sucks isn't necessarily anything to do with its relative security, vs Norton/Symantec or anyone else. It's that the others are so much smaller and lighter -- McAfee and Symantec are both bloated performance hogs -- something you really can't afford on something that runs in the background 24/7 -- and Norton in particular is buggy as all hell -- something you really can't afford on something that controls every file access and network connection.
And all of them are completely unnecessary, now that there's so much out there as good or better, and free (for home use, at least).
The reason for the subject "My god" is that you're on Slashdot and you need to be told. I thought it was public knowledge already; guess not.
Don't thank God, thank a doctor!
The technological revolution has happened far faster than the ability of humans to adjust.
TrueCrypt is free encryption for both Windows and Linux. It works extremely well, in my experience.
Unless you are using FDE (full disk encryption), you just can't trust that Windows or some Windows application won't write your sensitive data in a place you won't think to encrypt.
I use Truecrypt myself, but also have to take steps to wipe the free space on the drive after I open a file with sensitive info. Even this isn't really, truly secure as it doesn't take care f anything in the Windows swap file.
First 2 factual clarifications on this story: The stolen "tape" was actually a "device" that has not been officially disclosed as to what type. Some speculate a laptop while others say it was a USB Flash Drive. Second, nearly 1 million people are estimated to be affected by the theft, not 130,000 as the story states.
Well....okay. I live in Ohio and therefore could be in the group of State of Ohio employees, state taxpayers, Ohio lottery winners, and others and since it regarded social security numbers bank account information and such, along with the fact that the theft happened in my hometown of Hilliard, I paid close attention to the story.
What ACTUALLY happened was an INTERN took the device home for whatever reason. Some speculate to have an off-site backup of the data. The intern left it in their car and their car was broken into and the device was stolen.
To clarify the cost: Ohio is providing, free of charge, 1 year of credit monitoring service to each Ohioan that was affected by the theft. That cost estimate is very high. Even at a bargain basement price of $2 per year per taxpayer, that would be about $2 million. The lowest price you can find online is $4.95 per MONTH and about $60 per year.
Further: The official that lost vacation time was not the intern that took the drive home. That official lost the time because they were responsible for ensuring the safety of the data to begin with. Although the intern is the person in possession of the data and should have verified its safety, they were following the procedure that official set up. The intern is not the only one responsible for the theft.
but whoever was responsible for a breach of that magnitude should be also be encrypted, right after he's properly embalmed.
The higher the technology, the sharper that two-edged sword.
Here's what I think really happened, folks:
1. Government official gets idea to make a bit of money.
2. Official gives intern important tape, knowing it will be left in the car.
3. Official knows where intern lives, and goes and steals tape from car.
4. Official sells data on the black market for a dollar value far in excess of a week's vacation time.
5. Official gets to keep his job.
There is no "???" step here.
Really, what are the chances that this intern gets his car broken into on the VERY SAME DAY he happens to be carrying this tape? I mean come on. Anybody who thinks this was a coincidence is crazy.
And how the hell is encryption going to help? A corrupt official HAS THE KEYS. If more than one person has keys, there is no way to prove who caused the breach. This is going to happen more and more. Probably the majority of these incidents have been inside jobs.
I'm quite sure these anti-virus companies must be having people dedicated to writing viruses so that they can remain in business. If people stopped writing viruses, these companies would have to shut down. They probably cannot afford to let this happen. If fact, if I have a security product, the best way to demonstrate and market it to a company would be to hack their systems and then appear out of nowhere and be the savior. Savvy.
I guess this is a classic example of "closing the hatch after the chicken has booted" But all said and done, it is great that data will be encrypted from now on !
Chris ,
Php Programmers.
Doesn't matter if it's carved into a brick of lead weighing 4 tons and can only be read by a half blind midget who is kept locked in a dungeon under the guard of five dragons.
Where can I get such a brick?
http://www.securesystems.com.au/ No I don't work for them.
And let me say it sucks. It was implemented and we were told everything would be transparent...well its about as transparent as mud. Most of the problems happen when we have password change day because the program will check to sync the safeboot and windows passwords at a random time within 30 minutes of turning the PC on, and then every 8 hours afterwards. So it is possible to change a password and not have it actually change for another day. So then I get the call to reset the password, and the program doesn't recognize that when the safeboot password gets reset it should check to resync with the windows password. Sorry about my rant, but good luck to Ohio, they're going to need it.
It's amazing what you can find at state auctions, and maybe even eBay.
My point being don't count on the cassette tape from being completely useless, and EBCDIC to ASCII translation is not that big a deal.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
whats the point of hounding everyone for password security if its just windows? i can blank out any windows password with a linux boot disk.
A competent sysadmin with good understanding of encrypted volumes, Kerberos, NTLMv2 and group policy can enforce good security, even in Windows. There are definitely risks that I live in fear of, but some kid with a LiveCD isn't one of them.
-Arthur
Cave ne ante ullas catapultas ambules
I know that EBCDIC -> ASCII isn't a big deal to geeks like us, but any person that even knows what those words mean can make more money in the IT industry than stealing car stereos.
I like your other point, too. There are far more serious breaches being made every day auctioning off equipment at state auctions and on eBay. A cash-strapped homeless shelter might auction off a Pentium 200MMX to pay for another hot meal, not realizing that a list of indigent names and social security numbers could be a gold mine for an identity thief. The only way to fight ignorance is with education, not with credit monitoring.
-Arthur
Cave ne ante ullas catapultas ambules
You assume the car thief is the same person doing the ID theft. Chances are good that the thief passed the cassette to someone else, and the press unwittingly authenticated the cassette to the potential buyer.
Well that wasn't really my point. My point was that a reader for the cassette is not that hard to come by. State governments are always auctioning off excess or out-of-date equipment.
You make some assumptions of the technical abilities of a "common" thief. I remember when there were a rash of credit card number thefts from unscrupulous waiters/waitresses swiping credit cards in a portable card reader and selling the stored numbers on the internet. There a lot of unauthorized cable and satellite viewers who are not in the I.T. business. Let's not forget about the script kiddies!
Besides why can't I.T. professionals be car thieves? They could be recently unemployed from the last round of outsourcing to India.
At any case, it was a very bad thing to have a backup tape in an employee's car. It is also a very bad thing to assume that the cassette tape is safe because it may be obscured.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Or are you just playing devil's advocate?
/boot partition, according to Unix philosophy, but it's the same idea.
What would you call that first partition on the disk, which houses the (unencrypted) hypervisor? Oh yeah, a boot partition! Maybe not technically a
And before you say it, having the entire thing be in the bootloader in the MBR does not count either.
Don't thank God, thank a doctor!
It is also a very bad thing to assume that the cassette tape is safe because it may be obscured. I don't assume it's safe. But I don't assume anything is safe. I assume that every machine in my office is going to be stolen tomorrow, and I try to imagine what would be in my report to the state if that were to happen. Is our security airtight? Not by a longshot. Anyone telling you that their security is airtight either works at the Pentagon, or has a dangerously sad understanding of security. (or both) However, I can say that we've used the best technology available and practical to assure that the data on our networks doesn't fall into the wrong hands.
-Arthur
Cave ne ante ullas catapultas ambules
I agree. It's never a matter of if, it's a matter of when. The idea behind encryption is to try to delay the information from being interpreted until after it is no longer valuable.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
You originally said:
"And no software can give you the ability to encrypt boot partitions."
Quite correct. (Unless you implement it at a BIOS level, but I'll gloss over that because it's not exactly commonplace).
However, the theoretical decrypting hypervisor (which I accept is a boot partition) would allow you to have any OS boot from an encrypted partition, while hiding itself from the OS.
Obviously you don't store the encryption keys on the disk itself (duh!).
The net result would be while the boot partition itself is unencrypted, that does not really matter as the boot partition doesn't do anything apart from decrypt the partitions which contain the interesting information - and it can't do that without the key.
Safe storage of the keys is another matter altogether.
I will say that the risks of your method, vs, say, having a physically removable boot partition (like I do), are very small -- just as the risks of my method vs a TCPA chip are pretty small.
However, it is still possible to mess with that boot partition you describe, and thus intercept not only the keys and passphrases, but anything else you want later in the boot process -- much moreso than if a hypervisor wasn't used. Really, about the only way to make this entirely tamper-proof is to use some sort of dedicated hardware (like a TCPA chip), which is itself tamper-proof.
Sorry about the "retarded" comment, looks like it wasn't deserved. (I should reserve that for people who actually don't know what they're talking about -- I thought you didn't -- rather than semantic debates.)
Don't thank God, thank a doctor!