Slashdot Mirror

← Back to Stories (view on slashdot.org)

Delete Data On Netbook If Stolen?

Posted by kdawson on from the grab-brick-smash-window dept.

An anonymous reader writes "I have just moved overseas on a 2-year working holiday visa and so I picked up a netbook for the interim, an MSI Wind U100 Plus running WinXP. I love it to bits. But as I am traveling around I am somewhat worried about theft. Most of my important stuff is in Gmail and Google Docs; however, I don't always have Net access and find it useful to gear up the offline versions for both. Ideally I would like to securely delete all the offline data from the hard drive if it were stolen. Since it is backed up in the cloud, and the netbook is so cheap I don't really care about recovery, a solution that bricks it would be fine — and indeed would give me a warm glow knowing a prospective thief would have wasted their time. But it's not good if they can extract the HD and get at the data some other way. All thief-foiling suggestions are welcome, be they software, hardware, or other."

22 of 459 comments (clear)

  1. Encryption by pyite · · Score: 5, Informative

    Encrypt the entire drive with TrueCrypt or something. Use a strong cipher and a very strong passphrase. The laptop is as good as bricked to anyone who gets it.

    --

    "Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman

    1. Re:Encryption by Anonymous Coward · · Score: 1, Informative

      Get a seagate momentus FDE and do pre-boot authentication.
      encryption is done in hardware, on the drive, viola.

      Just make sure you get one of the FDE drives that does AES CBC not AES ECB.

    2. Re:Encryption by MichaelSmith · · Score: 3, Informative

      Your average thief will spend five seconds looking for porn to keep, then reinstall the lot. The crummiest possible encryption would satisfy 99% of cases.

      --
      http://michaelsmith.id.au
    3. Re:Encryption by wvmarle · · Score: 4, Informative

      Your average thief will try to resell it as soon as he can. Most thieves are not interested in the loot as such but in the money they can get for it.

    4. Re:Encryption by Wrath0fb0b · · Score: 5, Informative

      My personal experience with a Inspiron 1520 is that whole disk encryption significantly reduces battery life, which is a real usability problem.

      Most likely, when I get back to the states (I only encrypted for some overseas travel anyway), I will decrypt it and move back to an encrypted truecrypt container for the small number of documents that are really sensitive.

    5. Re:Encryption by AmiMoJo · · Score: 2, Informative

      I have a Pentium 3 Mobile 1.7GHz Thinkpad and Truecrypt makes no appreciable difference in performance. Even during benchmark tests the CPU is only about 50% loaded, so the bottleneck is the HDD itself. 50% sounds like a lot, but keep in mind we are talking artificial benchmarks here. Real world performance is probably in the order of 5-10% when loading an app or large file.

      Truecrypt is by far the best option. Not only does it protect your data in case of theft or over-zealous customs staff, but you can wipe the entire disk instantly just by destroying the TC header (1 sector). Without the header you can't even do a dictionary attack, you would need to brute force AES which is basically impossible in the foreseeable future.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:Encryption by Anonymous Coward · · Score: 1, Informative

      I'm not sure what you were doing wrong there, but the veteran testers at Tom's Hardware found that TrueCrypt whole disk encryption reduced battery life just by 1% for AES.

      http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125-11.html

      Battery Runtime Test Passed

      Our MobileMark 07 testing was conducted with a Dell Latitude D610 and a 9-cell battery. It resulted in a 1% runtime decrease for AES and 3% for AES-Twofish-Serpent. The same percentage decreases should also apply to smaller batteries.

  2. Encryption by swmike · · Score: 2, Informative

    That is what encryption is for. Get truecrypt or other similar application and then the data won't be extractable by anyone without the password.

  3. Lojack for Laptops by zhiwenchong · · Score: 3, Informative

    Website: http://www.absolute.com/products/lojack
    FAQ: http://www.absolute.com/resources/public/FAQ/L4L-FAQ-E.pdf

    Costs $59.95/year for the premium package which supports Remote Wipe. Embeds itself in the BIOS/EFI. Supports XP and OS X.

  4. What do they want to steal? by 1s44c · · Score: 4, Informative

    Most casual thieves want the hardware to use, resell, or simply because it's pretty. They don't give a toss about your data unless they can get easy cash out of it.

    Encrypt the disk to protect your data. It doesn't even have to be very strong encryption but obviously good encryption is better if your CPU can handle it. You can save CPU cycles by only encrypting data that really needs to be kept personal.

    Personally I'd be tempted to have some kind of low trick on there just to fuck with their minds. Add a script like
    echo "GPS location tracking started..."
    sleep 13
    echo "Device location found and reported."
    read x

    There is absolutely no security in this but casual thieves are normally not too smart so might shit their pants.

    1. Re:What do they want to steal? by subreality · · Score: 4, Informative

      It doesn't even have to be very strong encryption but obviously good encryption is better if your CPU can handle it.

      AES is quite fast on 32-bit CPUs. There's no excuse for bad crypto.

  5. Re:Whole Disk Encryption by Anonymous Coward · · Score: 4, Informative

    I know it doesn't help the OP, but on linux-based netbooks it's trivial to re-install linux with whole disk encryption if you want to upgrade to Ubuntu anyway. I've been running this way on my primary laptop for over a year and haven't really noticed any performance degradation.

  6. Re:Booby trap it? by Anonymous Coward · · Score: 1, Informative

    There is probably room in the case for a few ounces of C4 explosive, and a detonator. You might have a hard time getting it through customs though.....

    I doubt it. The security theater at the airports I've seen only exists to inconvenience and intimidate, it would be pretty easy to for someone of average or greater intelligence to get knives, bombs, or other improvised weapons though.

  7. Re:Identity Theft or Physical Theft by Anonymous Coward · · Score: 1, Informative

    You could just use something as simple as a screensaver password. After a few minutes of not using the machine, they would need the password to get back to your session.

    There would be no way for them to run any tool to brute force the password or anything, without rebooting the machine. But then if they reboot the machine, they have to decrypt the drive again.

  8. Why do they want your E-mail? by ogl_codemonkey · · Score: 2, Informative

    Firstly: You're not that interesting - nobody wants to read your E-mail, and the 'important' stuff (like your PGP keys) are individually passphrase protected, aren't they.

    Secondly: You're not that interesting - the thief either wants the device for themselves, or to fence it for $50 worth of crack (or food, depending on where you travel). If they want it for themselves - chances are they'll just wipe it with a clean Windows install (you even leave the registration key on that little sticker on the back, don't you...) to get past your login/resume password. If they don't whoever fences it will.

  9. Re:Whole Disk Encryption by muckracer · · Score: 2, Informative

    Would also like to mention FreeOTFE (http://www.freeotfe.org). Unlike Truecrypt it happens to be Linux/LUKS compatible.

  10. Re:Whole Disk Encryption by shentino · · Score: 2, Informative

    Google did IIRC.

  11. Difficult to take seriously... by bemymonkey · · Score: 1, Informative

    You're worried about security and privacy? Then why are you using Gmail and Google Docs for that oh-so-important data? If you're going to be paranoid, you might want to start there...

    I mean, I use Gmail too, but as a student, I don't exactly have a lot to hide - a few forum passwords, slashdot credentials, a few measly bucks in the bank. If you were really AT ALL serious about privacy and security, you should be using services that aren't paid for by a company that makes money from knowing your private data...

    Sorry, but this makes it very difficult to take your post seriously...

  12. Dongles by rysiek · · Score: 1, Informative

    You can do the same with Bluetooth and you mobile - I bet the netbook in question has Bluetooth. For Linux, there's KBlueMon (and some GTK equivalent), it let's you define the Bt devices that need to be in range; if they're not, it locks the machine. I am sure there must be something like this for Windows.

  13. Don't place an OS on the drive by Anonymous Coward · · Score: 1, Informative

    Many netbooks boot from USB or an SDcard. Run the OS off of one of these. If you use an Ubuntu live CD, there will be no information on the drive upon reboot. For local storage use a USB drive with Truecrypt.

  14. Re:Are you evil enough? by saynt · · Score: 2, Informative

    True, but there are ways to get a reasonably high level of confidence that something will happen. Most flash utils that I've dealt with either do no checking on the image, which is awful, or simply check it for size, extension, or a basic checksum. I'm guessing that this is because the developers believe that only an insane person would try to flash a .jpg or whatever to their BIOS. Since this is one of a very few things that can actually make your computer unusable, you would think that they would take more care, but they don't. As for testing, most of the flash utilities that I've used give you at least two chances to confirm that you really want to perform the flash, usually the last one is after the new BIOS has been read in and, presumably, passed any checks being done. If you were very familiar with the flash program and had the fortitude, you could run the process right up to the point of no return and then say 'no', and I would be pretty confident that something bad would have happened should you have gone ahead...

  15. Re:encryption is not the answer by swillden · · Score: 2, Informative

    The Atom can only barely play higher-quality youtube videos. Any little thing will tip it over the edge. I agree that it is only a minor impact for most users. But Atoms are a different case.

    You should actually try it. I have an OLPC XO-1 (with a Geode processor -- even slower than the Atom) and full-disk encryption makes no detectable difference in performance.

    What you're missing is the fact that symmetric ciphers, which are actually what the bulk encryption is done with, are very fast. Even low-end processors are typically able to encrypt/decrypt *many* times faster than they can read or write data to disk/flash. And, actually, there shouldn't be any storage I/O involved in playing a youtube video, so even if full-disk encryption were slow, it wouldn't cause a problem with that.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.