Slashdot Mirror
Of Encrypted Hard Drives and "Evil Maids"
Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."
physical access > digital security
MP3 Search Engine
Someday I want to invent an attack, but only because I want the privilege of naming it.
I'm imagining a bunch of geeks dressed up in maid outfits.
Seriously, if you're worried about some hacker assassin breaking into your house or office and installing a bootloader, you're either doing something REALLY secretive (in which case the computer probably shouldn't even be on a network to upload any data back in the first place) or you're the kind of person who thinks Obama has your name on an "important persons" list and is coming for your guns. If someone has physical access to your machine and has the skills to install a bootloader, you're pretty much boned anyway, encryption or not (encryption isn't going to stop a simple keylogger). That's nothing new. Fortunately, for the vast vast majority of us, there are very few hacker black operatives who are running around breaking into hotel rooms just so they can get a single Visa number from Bob the dipshit middle manager. Newsflash Bob, YOU'RE NOT THAT IMPORTANT!
Oh, and I love how the article calls the prospect of a ninja hacker hotel maid sneaking a bootloader onto your laptop and then sneaking back into your room later to retrieve the data a "likely scenario." What hotels is this guy staying at anyway?
SJW: Someone who has run out of real oppression, and has to fake it.
Joanna Rutkowska is hot!
Leave your computer unprotected somewhere where you cant see it and someone can use it.
Encryption doesn't really have anything to with that and anyone not stupid should understand that.
Just another good reason to take your bootloader with you on a thumb drive or other type of removeable media.
Trojans still work and can be used against security software. News at 11.
If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive. This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).
Doolittle :
Bomb no.20 : To explode of course.
You could have found the evil bartender.
You leave your laptop at the hotel and you go out to take a beer. There, you meet the evil bartender, who because of a common past becomes your friend and starts inviting you to more and more beer. Then he closes the bar and you both go to a strip club where you meet the evil bartender's girlfriend and her friend who we shall call "Foxette".
The next morning, you wake up in an unknown appartment with Foxette and a guy you don't even know. You quickly get out of there and go to work, with such a massive headache than when asked about the laptop's full disk encription, you answer is "the what?".
Sorry, but my bootloader, GRUB, kernel and boot partition are on USB. The hard drive really is wholly encrypted... except a few hundred bytes in LUKS partition headers.
The evil maid will thus have to work harder: devise a LUKS partition header which will thoroughly corrupt my copy of cryptsetup as it tries to decrypt the partition.
With TrueCrypt, which doesn't put any identifiable information in partition headers, the job might be harder still.
1. who leaves their computer in the room when going "out" (isnt that why we all bought netbooks to take with us in our pocket/bag?
2. who does not put the "do not disturb" when going to a hotel room (yea, yea, not secure...)
3. cant do this to a linux livecd (unless they replace your cdr)
If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?
You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief. But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.
Really, if you have physical access to the machine, it's got no chance.
I didn't read the RTFA, but aren't MSFT's BitLocker supposes to validate the boot path (from BIOS code to bootloader up to the BitLocker decrypter) with the help of the TPM chip?
At least not with TPM hardware store, that's kind of the whole point. I'm surprised Bruce isn't aware of this combination.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
When you encrypt your system partition with Truecrypt it forces you to make a CD (you actually have to burn and mount it before it will let you continue). This CD contains a copy of the bootloader and encryption key. If you always boot off that CD it won't help to attacker to replace the bootloader on the HDD.
Of course they could target the CD but at least you can keep a mini CD in your wallet at all times.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It is very hard to prevent compromises when the attacker has physical access to the machine.
One thing that might slow/stop the evil maid is a BIOS boot passwd or BIOS disk passwd. This denies the maid a boot or any disk access (respectively). Of course, she could always pop the disk out and write it on her own machine. Unless key [boot] parts were BIOS encrypted.
As usual, security always has some cost for the user and has to be balanced against benefits [reduced risk of loss].
Use a USB or PS2 key logging dongle to grab the passwords.... Finger print scanners are not really reliable from what I understand. This is why the best security is physical security and limiting access to you hardware.
If you are paranoid enough to be worried about ninja maids then you probably boot off a Live CD and keep all your data on the encrypted drive.
Boot from read-only removable media. Have a 'verification program' in the boot loader that verifies a signature on the OS bootstrap
Digitally sign everything that isn't encrypted, and contain the proper signatures/keys on the removable media that you always carry with you
What brainless clod would leave a laptop with sensitive data on it lying around in a hotel room anyway, encrypted disk or not?
This is a non story - as everyone has known for decades , someone with access to the machine can do what they like. And they probably will.
Evil maids are easy to spot because of their goatees.
Mother, do you think they'll like this sig?
Why is this an issue for us who lock our workstations or logoff before we leave it on and unlocked? Has someone found a vulnerability with gaining access to a live Linux file system via console or via SSH that we should know about? If you're answer this you may as well also include Windows, can you gain access to Windows after it's been locked? What are they going to do? The second they bounce it the data is useless.
Yet another "if someone has complete unrestricted access to your computer they can own it" attacks. If someone has the kind of access that they suggest in the article then they could hook in a keylogger between your keyboard and USB port, wait a week, pickup their keylogger and get all of your passwords and private information anyway.
Encryption is there to protected the *data* it is not there to protect your *computer.*
Frankly whole drive encryption is a bad idea.
- It slows stuff down.
- Makes your computer more likely to malfunction (and to be more serious when it does).
- But worst of all it makes it much easier to break into your encrypted data.
The more unencrypted data the attacker has, the easier it is to break the encryption. If you encrypt for example your Windows folder then you have just given the attacker a TON of information and while modern encryption cannot often be broken on PCs, the security services might be able to have a good shot at it.
You can see why it's called the "evil maid" attack; a likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. The same maid could even sneak back the next night and erase any traces of her actions.
Maybe if she's an idiot. Once you've installed your own bootloader, it can neatly remove itself. (After installing malware, or transferring the encryption keys and data it needs over the network.) Why in the world would the maid unnecessarily repeat the riskiest part of the entire attack?
But more to the point, it must be a slow week. Why are "serious" security researchers even wasting time on something this obvious? Of course your software-based hard disk encryption is hosed in the event that an attacker gets hold of your machine and can alter the bootloader. Hell, the really sophisticated bad guys aren't even going to do anything this difficult or risky. After all, the encryption key has to be in RAM somewhere whenever you're using software-based encryption (hardware encryption excluded). A well-engineered piece of malware will recover it, and two-factor authentication isn't going to help you.
Even trusted boot will only get you so far against a motivated adversary with this much sophistication. Don't leave your vital computing equipment behind in your hotel room.
I do an md5checksum of grub and /boot from a USB key which on me at all times every time I boot my computer.
Seriously, I don't know of any other foolproof way to defend against this. I do know where my encrypted laptop hard drive is most of the time.
http://www.truecrypt.org/faq#tpm
The best security is to pick an obscure poison. Take it in small doses until you're immune. Coat the keyboard with it. Better yet, get a keyboard that automatically dispenses the poison.
Evil maid now equals dead maid.
My only problem is, now that the maid is dead, who's gonna hide the body?
If you are really a paranoid traveler, then you should put the bootloader on a stick (and possibly one half of the key too, the other in your head).
I read a description somewhere how to make it work best. Install a bare bone windows OS on one partition, put on some icons for crap so it does not look too shrink wrapped. Put your real OS (preferably not a Windows one, as this would make security mostly futile anyway) on a second partition.
Then make your stick the primary boot medium, hdd the second one. Maid comes in and finds just a diversion OS with no data to compromise (as this boots when the stick is not inserted). Even if the bootloader is played with, once you put in your stick and boot up, your real and encrypted OS will be booted from stick, which had no manipulation what so ever.
Add some individual touch to make it harder to compromise.
You also evade stupid border guards stupid questions this way, as your real OS stays kind of camouflaged (well, not really, but more than enough for people with no clue).
And be careful of those flashable BIOS'es.
To say that this is pointless because "no one" would ever be the target of such an attack, is just silly.
99.99999% of people would never be targeted by this kind of attack. But the 0.00001% for whom it matters (CIA operatives, for instance), it's in everyone's best interest that such attacks are known about and avoided (or at least for the government who is sponsoring the operative). A million unimportant, paranoid nerds getting hacked b/c they did full-disk encryption improperly is nothing compared to a single operative being discovered in the field, and dissolving a political landscape, or a source of critical intelligence that keeps us safe.
Luckily, we have millions of paranoid nerds to find these flaws so that the people who really do need it are better prepared.
This means on boot a checker runs from *inside the encrypted volume* to see if anything has changed. It should notice if the bootloader no longer checksums the same (so far as I understand).
Those are my principles, and if you don't like them... well, I have others.
So this could be considered a type of maid-in-the-middle attack?
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
...will she install that bootloader, when there in no BIOS, but an encrypted coreboot or EFI system, that is protected against meddling with, by a TPM (chip) under YOUR control? (Something possible with the Lenovo ThinkPads for example. In which case it is a good concept, as opposed to what the media companies planned to do with it.)
Hardware security against hardware meddling. Simple as that.
Now the next level would be physically modifying the motherboard. But even against that you can protect yourself. By using the TPM to check the trustworthiness of the components, encrypting bus communication, etc. (Which the TPM platform, if I'm correct, is doing already) and using a hardware dongle key, that is itself encrypted. That you both take with you. Perhaps only working with a class 3 USB dongle (included key reader, keypad and display).
I want to see you crack that system then. ^^
Of course, in reality, they will simply give you a good old-fashioned beating (or modern waterboarding), until you tell them the password and give them the key and class 3 device.
Which will only help them, if you did not destroy the key dongle beforehand. (Or had it split, and one of the parts is out of reach.) But the beating will always be yours to take. ^^
Any sufficiently advanced intelligence is indistinguishable from stupidity.
This is really old news and too many windows 7 fanboys are turning a blind eye to it as well..
I'll be yelling at the walls for a long time to come just so self absorbed supposed
'superior tech' morons can catch up to the obvious..
Paranoid security people like myself will always be
of value, but when you asshats don't listen to us, the joke is on YOU!!
The rest of the lamers
can fade away in the background for all I care, fruity asshat fanboys
and pretend security 'know it all's' suck!! as usual..
Bullshit.
The bootloader is signed. Use this in combination with the TPM chip (embedded smartcard) on your laptop - AS SPECIFIED BY THE GUIDANCE - and use a PIN. There's no loading the disk or getting at the data without cracking AES. At least once.
So... Start your engines.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
you have to assume that they can design a scenario to separate you from your bags for an hour. If you're important enough for someone to devote these kinds of resources to get information from you, you're already boned. This whole thought exercise is pretty silly.
Comment removed based on user account deletion
This isn't a new attack; it's just a specific variant of a "black bag" job; same idea as installing a hardware keylogger. I think there's likely a way to use Trusted Computing to defeat this particular variant, basically the TCM wouldn't give out keys to an untrusted bootloader.
And for cases where national security is concerned, probably more a likely attack vector than any other. So the likely defense is some kind of boot-time check of the loader's integrity, which is just as possible. For example, a utility to do this on a USB fob. Then of course the you have to remember to take your fob with you...
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
Pretty much all the responses so far completely miss the point.
I work for a large finiancial institution - one of the biggest. Plenty of folks here have sensitive client information on their laptops, which they take with them on business trips to see clients, technology partners etc. We have some extremely large clients (all the major banks, US and worldwide) and the client information could include contacts, details of trading, holdings in various stocks, etc. This information can be worth millions of dollars, and the company could be fined similar amounts if it was stolen from their posession.
Most of the employees/managers/sales guys etc that go on business trips are not particularly technically savvy. All they know is that they have their laptop, and it is encrypted, and they have been told that their laptop is safe because the evil h4xx0rz can't decrupt the 124-byte RSM keylock. This will give them a false sense of security, and will leave their laptop in their hotel room, safe in the knowledge that it has a kingston lock on it and no-one can walk off with it.
The data on some of these machines is valuable enough that people certainly would think about trying to get their hands on it.
This needs to be a wakeup call to the big banks that they need to educate their staff - simply telling them "your laptop is encrypted, you are safe" is not good enough. They need to keep the machine with them at all times
All the talk of "boot from liveCD" or BIOS passwords, or hidden TrueCrypt volumes, simply are not feasible on a large corporate scale, and are certainly above your average client portfolio manager.
Comment removed based on user account deletion
Boot from a memory stick, CD, whatever. This way you won't have to run code that wasn't encrypted, from the internal harddrive (i.e. boot loader).
what is more likely to happen
http://xkcd.com/538/
this is the most important sig ever! In your face 446154!
As part of my init script, I've hashed the data in my boot partition and I am alerted if there is a change. You should all do the same.
...if you locked your computer's screen before you walked away from it? You know, like YOU SHOULD ALWAYS DO?
The ones that get me are the encrypted disks that unlock themselves (no user supplied password) on boot-up. Don't people realize that they're taping the key underneath the lock in that sort of configuration?
Whenever I travel, I changed my splash screen graphic to a simple red-on-black message that reads:
"Dear Housekeeping,
Use of this system is monitored and you intrusion attempt has been reported to the system owner. The time has been recorded and the built-in webcam has taken your picture. Stop now and no charges will be filed."
Another method would be working for an under-funded government agency (like me). That last time I went to a conference I had to bring a 'company laptop'. Since the system was impressively 'designed for Windows 2000', I just took the battery out of the laptop when I was away from the room (along with the AC adaptor). I doubt anyone could find a retail outlet that sold nearly decade-old laptop batteries. SUck on that super maid spies!
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
I'm imagining a bunch of geeks dressed up in maid outfits.
As long as they're Japanese and female, that's fine with me:
http://images.google.com/images?q=maid+cafe
http://www.google.com/search?q=maid+cafe
What can be done about TrueCrypt? It also "Encrypts an entire partition or storage device such as USB flash drive or hard drive."
The maid would be more likely to just steal the laptop, especially since most hotels/motels do not (and cannot) guarantee that items will not be stolen from your room. So they disclaim any responsibility for any items left in the rooms. The best security is not let anyone else have physical acess to your computer, and to NOT use any version of Windows!
One idea is to take the hard drive out of your laptop and take it with you.
that I got out of that shithole called 'security world'.
It was really fun and interesting until 2003, but these days it's a joke.
Hey, even in year 1997 we all realized that once someone has physical access to your computer - you are fucked.
And here we are, in year 2009, reading "research" telling us things we all already know.
Sigh...
P.S: maid doesn't need to install any fancy shit, a keylogger will do just fine.
Burn the contents of your thumb drive to a business card sized CDROM.
"Liechtenstein is the world's largest producer of sausage casings, potassium storage units, and false teeth."
NO EXCEPTIONS!
No sig for the moment.
If I own the machine, and I am the user of that machine - I want the master TPM key and the ability to sign stuff for myself.
http://xkcd.com/538/
Seriously. If someone wants in your computer, they are getting in. Period. Full stop.
However:
A) Likely you and your laptops super secret porn stash are not important enough to bother.
B) Most people are too stupid to care. 99 times out of 100 your laptop will be stolen, maybe wiped and sold on ebay or equivalent.
The evil cook seems much more dangerous. How can I protect myself against him/her?
Has Schneier run out of real security problems? Yeah, people with physical access to your hardware can break your encryption. They can put a key logger in your machine. They can bug your keyboard or your hotel room. They can even spread LSD or strychnine on your keyboard. Imagine that!
I wanna be the man in the middle of a two evil maid attack. Mmmm she can install a high heeled boot loader on my hard drive any time.
Parent: win.
if the whole disk is encrypted how is the data from the usb stored in the hard drive in the first place?
Physical Security can usually mitigate these types of risks. We all know that once an attacker has physical access to a device, all bets are off.
Lock your server room, lock your office. When in hotels put your laptop in the safe, all hotel rooms I've been to in the U.S. have had a safe.
Also things like setting the BIOS to boot only from HDD and add a pw to the BIOS can help mitigate this.
If you always boot from an external media, let's say truecrypt bootable CD-R, wouldn't this solve the problem?
http://xkcd.com/538/
If someone else has unrestricted physical access to your computer, it's not your computer anymore.
-- I was raised on the command line, bitch
If it's been rebooted back to the truecrypt passphrase entry, then you know that someone's been monkeying with it. If you notice that your bios password and settings are gone, you can assume the bios ROM has been replaced in hardware. Or if you're sufficiently paranoid, you can assume the same just from the reboot, and junk the computer.
The USB key fits in your pocket and can be kept safe with your other keys. Don't lose your keys; just like a car, if you don't have the key, you can't start it.
In Linux, this is easily implemented with the bootloader, kernel and initial ramdisk setup/installed on the key. Without the key, the laptop will "hang" at boot and appear to be "broken" by the casual observer.
This approach seems safer than approaches that require validating the bootloader, kernel and initial ramdisk. YMMV.
already been done on cash machines.
been around for decades...
This evil maid can do anything she wants on my laptop!
Have gnu, will travel.
Comment removed based on user account deletion
As an example, instead of whole disk encryption, suppose you just want to read some PGP encrypted emails on your coworker's computer, which you are allowed to SSH into (as is the case where I am now). One strategy you might try is to SSH in and use the microphone to listen to your coworker's keystrokes while he is reading his email...
That scenario is so far fetched that it nearly made me laugh.
If someone is that paranoid about security (or actually has the need for such) that he needs to have his emails encrypted, on a private machine, to which he has to SSH... It is just absurd to think that the machine has that horrible level of *digital* security. If an account exists only for accessing emails of a specific person, it sure as hell isn't given the rights to access peripheral equipment.
Thus, policies must be in place -- perhaps that no microphones may be installed on systems dealing with high security information.
Well, usual tactic - at least in government - is to not have internet access on computers that deal with high security information. Honestly, if you have something truly secret on the machine, it should not be used as a desktop and thus should have nothing to do with microphones in the first place.
Either don't give examples or give examples that could have something to do with real world. Giving absurd examples is worth nothing.
For that matter, the guys video taping the room to sell you and your wife's activities to that voyeur site aims the camera at your laptop, watches your keystrokes, and boom - he has all you passwords you type in. Banking? PayPal? E-Mail.
You really need to use both a password and a physical device. Such as RSA tokens. My bank offers this for online banking. I have several for different things.
So lock the boot device to the FDE drive, and lock the hardware to the boot device. You can (could on PPC, still true on Intel?) with Macs. Sure, you can defeat it. But you necessarily can't re-enable it with the same pasword. So if you're this paranoid, lock booting to a particular device, and lock the boot device to full encryption. Check your that your first lock is still in place from time to time, as regularly as you need.
--
$tar -xvf
"Citation Needed."
Sorry, but I'll need something more than the word of some random guy on the Internet to believe this for a number of reasons, not the least of which being that such a backdoor would be something security testers would notice.
Do this to 3 or 4 Bobs, and pretty soon you'll have an understanding of the corporate org chart, upcoming projects, and most importantly you'll be able to target your future EvilMaid attacks with pinpoint accuracy.
Bob's my uncle. Let's play devil's advocate.
What does the consumer get in terms of higher competition, better products, lower prices, etc. if there was absolute transparency? Imagine a fantasy world where companies bent over because security was found out to have no value so they just gave the entire world access to their entire network?
Life might just stay the same old, same old for most people. There will be more frantic activity in some quarters as people find new opportunities, and some wackos will try to corner particular markets (but on this new pool table there will be way too many corners available to drop a ball into so that only goes so far). The status quo is that the most challenging problems are still going to be challenging. The most leading edge ideas are still risky. Consumers still have only a limited means of buying while there is far greater variety of classes of items than the number of classes that can be purchased from by the average individual.
As more and more knowledge becomes available on the Internet, would it even matter in business that some people have secrets? Someone may safeguard a work in progress for a long time until a product is released, only to have a competitor reverse engineer it in far less time.
Secrecy is valuable for businesses in terms of data integrity. If someone dressed up as a maid or as anyone trusted so that they can mess around with the data, one can tell if the data became corrupted. The cost of having someone copy the data is probably far less than the cost of having to rebuild the data.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
They just aren't real
Well, #1... security measures only serve as deterrents. There will be a way around every security device, the only metric you really need to worry about is whether your:
(cost to circumvent) / (value of assets + cost to secure)
ratio is conveniently higher than your neighbors (ha ha, security people hate any mention of "convenience").
So... #2: by far the best thing you can do is to make sure your assets are relatively worthless compared to what other "target" have. Live a frugal life. Keep offsite backups of your photo albums. Don't keep secrets. And if you do, bury them with enough other crap (maybe using steganography if necessary) to decrease the signal/noise enough to make finding and sorting through the information kind of useless to those not in the know. Maybe you have lots of invalid bank and credit card information lying around. Or put a whole bunch of passwords in your secret password vault, in case it gets compromised (good sites will eventually lock them out for trying them all, and failed attempts will also tip you off and give you time to respond).
Next measure in the equation is to increase the cost of your perpetrator to circumvent security measures or commit crimes, far above what they'd gain by stealing your assets.
Cheap deterrents first: live up a flight of stairs... thieves are inherently lazy and will go for the "low hanging fruit" instead of you. In the context of this article, put your laptop up high in a closet or stash it in a drawer... make them search through dirty laundry for it.
The best society wouldn't need any security at all... if there was enough transparency and free flow of information, all thieves would get caught and reprimanded. So participate in the whole neighborhood watch thing, make sure your perp has to perform his act in very public settings, uniquely tag your stuff, and post warnings to remind them and make them nervous about getting arrested / shot / going to hell etc.
Finally, we get to the part of the equation where you actually have to actively do something for extra security measures.
First, make it a habit to perform the rudimentary simple steps of locking your door and always having your keys on you. Deadbolt is much better than the handle switch, and also helps insure that you remembered your keys. I involuntarily lock my house and car doors now, and always brush my pockets with my hands to check that my keys and wallet are still there. At this point, I usually notice within 5 minutes if something's missing.
Passwords and encryption are just more sophisticated keys and locks. Not uncircumventable, but much better than nothing. But before spending lots of money on more complex 2- & 3-factor keys and locks ... especially those that can completely shoot you in the foot and result in losing all your data... most people invest in other measures ... alarms and security cameras that would increase the chances of the perp getting caught. I haven't seen a whole lot that focuses on this area yet... the phone home mechanisms and stuff like that, but I figure it would be much more productive to concentrate on these kinds of security measures in the near term.
Duh. Move along, nothing to see here, news at eleven.
This just in...
Someone discovered how to pick a lock...
Strangely, people are still locking their doors!
Seriously, man has created nothing that another man could not destroy or subvert. Get used to it folks.
BIOS Password! BIOS Password! BIOS Password!
What I am trying to tell you all, is that it is critical that your laptop (and even desktops, really) need to have a BIOS password entered so that the evil maid cannot reboot your computer to any external device such as a USB without knowing your BIOS password. So you first configure your BIOS so that no external devices are bootable; then you set the BIOS password to something non-guessable. Even this does not guarantee hacking, because if the thief has long-term access to your laptop, and the willpower, they will open your laptop and disconnect your BIOS settings battery so that your BIOS settings are reset. But, if you are sharp then you will realize upon a reboot or awakening from hibernation that the system is no longer querying you for the password, which means you have been hacked! Then again, a genius thief might have a mock BIOS password query screen, but that starts to enter the realm of paranoia. But . . . am I paranoid *enough*?
It might not be easy to prep, but you could have your firmware checksum the bootloader before it executes.
BIOS BOOT PASSWORD
A pathetic attempt to give a cute name - and make it look like original research - to an incredibly simple attack.
Also, bootloader on USB thumb drive in pocket.
OR bootloader on USB thumb drive on keychain.
OR bootloader on USB thumb drive under skin.
OR bootloader on USB thumb drive in anus.
the only confidential content on it should be the crypto key your remote control client uses to access your home/office computer on which the actual confidential information is. Which shouldn't do the aspiring data thief any good minus the password. Carry your portable entertainment content on the computer instead.
While this means that you don't get access to your own confo information unless you're hooked up to the Net via wifi or 3G wireless dongle, it also means that if you lose your computer, the expensive part is replacing the hardware, not the much more expensive job of attempting to find or recreate the actual data. And data that never was on your computer can't be stolen either by a random thief, the "bad guys", or the Feds when you cross an international border.
Tech Public Policy stuff
Are you aware that whole-disk encryption programs encypt a sector (or small group sectors) independently from each other? Plus, these programs are completely independent from file system structure. I would be more concerned about encryption software that worked on a file-by-file basis or was built into the filesystem than the traditional whole-disk encryption.
Meaning that if you write crap (or have a few bad sectors) to a small (encrypted) block, the rest of the disk is still perfectly readable (and decryptable). There is little difference between crap on an unencrypted disk and crap on an encrypted disk. In either case, crap that takes out the file allocation table will trash everything, otherwise it will only corrupt one or two files...
I use linux (full-disk) encryption for both my main disk as well as my backups... (There is little point in encrypting the server if the backup is plaintext!)
Have a hardware or BIOS-level password. If you dont have the password, you cant even boot the machine on any medium. Combine this with a screen lock (where the screen will lock if the screensaver/blanker activates) and it should protect things. If the bad guy doesn't have the password, they cant unlock the machine. They cant reboot either due to the
To prevent someone simply opening up the machine and installing a hardware keylogger, fit some sort of sticker that cant easily be forged/replaced and that easily indicates the machine has been opened.
You really think the NSA controls all US crypto? Ummm ok, well then lets take a look at a little thing called AES. That stands for Advanced Encryption Standard, and it is the official US encryption standard. The NIST wanted a replacement for the aging Triple DES, and that is what we now call AES. So, how did AES come about? Surely it was some secret project at the NSA that was released with no oversight and made a standard! Actually, not so much. AES was originally called Rijndael and was developed by two Belgian cryptographers, not US citizens or residents. It was chosen in an open competition from a number of other algorithms, including Twofish and RC6.
It was a completely public and open process. The entire algorithm is an open standard that anyone can examine, and people do. AES is the most tested crypto system the world has ever seen. Crypto experts from all over the world see if they can break it. Though there have been a few attacks that can make minor reductions in the key space, thus far it remains solid and there is no way to recover AES encrypted data until the sun goes dark.
That is the official, US government chosen and endorsed crypto system. Even the NSA has signed off on it for classified use.
So that leaves a situation with two possibilities:
1) The NSA is so far ahead of everyone else in crypto that they can crack AES, and could do so 7 years ago when it was standardized. Not only that, they are so sure that they are the only ones that can do this, they are willing to allow the algorithm to be used to secure critical assets like the US financial system, knowing the vulnerability, which is contrary to their mission. Only mathematicians in the US are smart enough to figure out this break, not in any other country including those like China which have made major crypyanalysis breakthroughs like the MD5 vulnerability.
or
2) AES is really very secure, the NSA did an evaluation of it and their experts found what all the other experts in the world did: It is a good crypto system.
Now which is more likely?
Also consider that the NSA was involved with the original DES. IBM developed it for civilian use at the request of the government, and the NSA looked over it. One of the things they did was suggest changes to the s-boxes. People theorized this was to weaken the algorithm. However, when differential cryptanalysis was publicly discovered in 1990, it turned out that the s-boxes in DES were very resilient to it, much more so than had they just been random. Turns out the NSA new about differential cryptanalysis and so did the IBM team that made DES. The NSA asked them to keep it a secret at the time. So far from inserting a backdoor, they instead helped IBM ensure it was secure.
Finally there is the fact that the Windows source code isn't secret. It isn't open, but it isn't secret. Many academic institutions have copies. ASU would be one I know of. So it isn't as though the code is something no one outside MS ever sees. It is out there, many people have had a look.
So seriously, get off the conspiracy BS.