Slashdot Mirror
Of Encrypted Hard Drives and "Evil Maids"
Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."
physical access > digital security
MP3 Search Engine
Someday I want to invent an attack, but only because I want the privilege of naming it.
I'm imagining a bunch of geeks dressed up in maid outfits.
Seriously, if you're worried about some hacker assassin breaking into your house or office and installing a bootloader, you're either doing something REALLY secretive (in which case the computer probably shouldn't even be on a network to upload any data back in the first place) or you're the kind of person who thinks Obama has your name on an "important persons" list and is coming for your guns. If someone has physical access to your machine and has the skills to install a bootloader, you're pretty much boned anyway, encryption or not (encryption isn't going to stop a simple keylogger). That's nothing new. Fortunately, for the vast vast majority of us, there are very few hacker black operatives who are running around breaking into hotel rooms just so they can get a single Visa number from Bob the dipshit middle manager. Newsflash Bob, YOU'RE NOT THAT IMPORTANT!
Oh, and I love how the article calls the prospect of a ninja hacker hotel maid sneaking a bootloader onto your laptop and then sneaking back into your room later to retrieve the data a "likely scenario." What hotels is this guy staying at anyway?
SJW: Someone who has run out of real oppression, and has to fake it.
Leave your computer unprotected somewhere where you cant see it and someone can use it.
Encryption doesn't really have anything to with that and anyone not stupid should understand that.
Just another good reason to take your bootloader with you on a thumb drive or other type of removeable media.
Trojans still work and can be used against security software. News at 11.
If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive. This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).
Doolittle :
Bomb no.20 : To explode of course.
You could have found the evil bartender.
You leave your laptop at the hotel and you go out to take a beer. There, you meet the evil bartender, who because of a common past becomes your friend and starts inviting you to more and more beer. Then he closes the bar and you both go to a strip club where you meet the evil bartender's girlfriend and her friend who we shall call "Foxette".
The next morning, you wake up in an unknown appartment with Foxette and a guy you don't even know. You quickly get out of there and go to work, with such a massive headache than when asked about the laptop's full disk encription, you answer is "the what?".
Sorry, but my bootloader, GRUB, kernel and boot partition are on USB. The hard drive really is wholly encrypted... except a few hundred bytes in LUKS partition headers.
The evil maid will thus have to work harder: devise a LUKS partition header which will thoroughly corrupt my copy of cryptsetup as it tries to decrypt the partition.
With TrueCrypt, which doesn't put any identifiable information in partition headers, the job might be harder still.
If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?
You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief. But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.
Really, if you have physical access to the machine, it's got no chance.
I didn't read the RTFA, but aren't MSFT's BitLocker supposes to validate the boot path (from BIOS code to bootloader up to the BitLocker decrypter) with the help of the TPM chip?
At least not with TPM hardware store, that's kind of the whole point. I'm surprised Bruce isn't aware of this combination.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
When you encrypt your system partition with Truecrypt it forces you to make a CD (you actually have to burn and mount it before it will let you continue). This CD contains a copy of the bootloader and encryption key. If you always boot off that CD it won't help to attacker to replace the bootloader on the HDD.
Of course they could target the CD but at least you can keep a mini CD in your wallet at all times.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It is very hard to prevent compromises when the attacker has physical access to the machine.
One thing that might slow/stop the evil maid is a BIOS boot passwd or BIOS disk passwd. This denies the maid a boot or any disk access (respectively). Of course, she could always pop the disk out and write it on her own machine. Unless key [boot] parts were BIOS encrypted.
As usual, security always has some cost for the user and has to be balanced against benefits [reduced risk of loss].
Use a USB or PS2 key logging dongle to grab the passwords.... Finger print scanners are not really reliable from what I understand. This is why the best security is physical security and limiting access to you hardware.
If you are paranoid enough to be worried about ninja maids then you probably boot off a Live CD and keep all your data on the encrypted drive.
Boot from read-only removable media. Have a 'verification program' in the boot loader that verifies a signature on the OS bootstrap
Digitally sign everything that isn't encrypted, and contain the proper signatures/keys on the removable media that you always carry with you
What brainless clod would leave a laptop with sensitive data on it lying around in a hotel room anyway, encrypted disk or not?
This is a non story - as everyone has known for decades , someone with access to the machine can do what they like. And they probably will.
Evil maids are easy to spot because of their goatees.
Mother, do you think they'll like this sig?
Why is this an issue for us who lock our workstations or logoff before we leave it on and unlocked? Has someone found a vulnerability with gaining access to a live Linux file system via console or via SSH that we should know about? If you're answer this you may as well also include Windows, can you gain access to Windows after it's been locked? What are they going to do? The second they bounce it the data is useless.
You second point against is the reason I steer clear on permanent whole-disk encryption on working machines.
Even with expensive servers, perfect RAID cards, BBU's and every other possible protection - sometimes the OS will just flip out and either crash or write crap to your filesystem. If not the OS, then the drive itself will do it. And then you have to do a chkdsk/fsck and with any form of encryption the chances are that you just trashed a whole lot more than a recent file entry and whatever open temporary files you have. Encryption ruining the basic readability of the filesystem and its underlying structure is the main reason I hate encryption products that operate whole-disk (which is the only perfect way to stop things being complete secure against permanent physical theft, I have to admit).
I can see using encryption for backups, I can see using it for any data that leaves the computer (network, tapes, etc.) but on the actual machine itself? I can see working on encrypted containers (with the knowledge that the data never gets written anywhere else in the meantime). But it's always seemed too risky to blanket-apply it to the whole storage device unless you're *really* certain about your backups being perfect and up-to-date all the time.
It's one of those "yeah, should never happen - but if it does, you're screwed" things.
You can see why it's called the "evil maid" attack; a likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. The same maid could even sneak back the next night and erase any traces of her actions.
Maybe if she's an idiot. Once you've installed your own bootloader, it can neatly remove itself. (After installing malware, or transferring the encryption keys and data it needs over the network.) Why in the world would the maid unnecessarily repeat the riskiest part of the entire attack?
But more to the point, it must be a slow week. Why are "serious" security researchers even wasting time on something this obvious? Of course your software-based hard disk encryption is hosed in the event that an attacker gets hold of your machine and can alter the bootloader. Hell, the really sophisticated bad guys aren't even going to do anything this difficult or risky. After all, the encryption key has to be in RAM somewhere whenever you're using software-based encryption (hardware encryption excluded). A well-engineered piece of malware will recover it, and two-factor authentication isn't going to help you.
Even trusted boot will only get you so far against a motivated adversary with this much sophistication. Don't leave your vital computing equipment behind in your hotel room.
I do an md5checksum of grub and /boot from a USB key which on me at all times every time I boot my computer.
Seriously, I don't know of any other foolproof way to defend against this. I do know where my encrypted laptop hard drive is most of the time.
If you are really a paranoid traveler, then you should put the bootloader on a stick (and possibly one half of the key too, the other in your head).
I read a description somewhere how to make it work best. Install a bare bone windows OS on one partition, put on some icons for crap so it does not look too shrink wrapped. Put your real OS (preferably not a Windows one, as this would make security mostly futile anyway) on a second partition.
Then make your stick the primary boot medium, hdd the second one. Maid comes in and finds just a diversion OS with no data to compromise (as this boots when the stick is not inserted). Even if the bootloader is played with, once you put in your stick and boot up, your real and encrypted OS will be booted from stick, which had no manipulation what so ever.
Add some individual touch to make it harder to compromise.
You also evade stupid border guards stupid questions this way, as your real OS stays kind of camouflaged (well, not really, but more than enough for people with no clue).
And be careful of those flashable BIOS'es.
To say that this is pointless because "no one" would ever be the target of such an attack, is just silly.
99.99999% of people would never be targeted by this kind of attack. But the 0.00001% for whom it matters (CIA operatives, for instance), it's in everyone's best interest that such attacks are known about and avoided (or at least for the government who is sponsoring the operative). A million unimportant, paranoid nerds getting hacked b/c they did full-disk encryption improperly is nothing compared to a single operative being discovered in the field, and dissolving a political landscape, or a source of critical intelligence that keeps us safe.
Luckily, we have millions of paranoid nerds to find these flaws so that the people who really do need it are better prepared.
This means on boot a checker runs from *inside the encrypted volume* to see if anything has changed. It should notice if the bootloader no longer checksums the same (so far as I understand).
Those are my principles, and if you don't like them... well, I have others.
So this could be considered a type of maid-in-the-middle attack?
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
...will she install that bootloader, when there in no BIOS, but an encrypted coreboot or EFI system, that is protected against meddling with, by a TPM (chip) under YOUR control? (Something possible with the Lenovo ThinkPads for example. In which case it is a good concept, as opposed to what the media companies planned to do with it.)
Hardware security against hardware meddling. Simple as that.
Now the next level would be physically modifying the motherboard. But even against that you can protect yourself. By using the TPM to check the trustworthiness of the components, encrypting bus communication, etc. (Which the TPM platform, if I'm correct, is doing already) and using a hardware dongle key, that is itself encrypted. That you both take with you. Perhaps only working with a class 3 USB dongle (included key reader, keypad and display).
I want to see you crack that system then. ^^
Of course, in reality, they will simply give you a good old-fashioned beating (or modern waterboarding), until you tell them the password and give them the key and class 3 device.
Which will only help them, if you did not destroy the key dongle beforehand. (Or had it split, and one of the parts is out of reach.) But the beating will always be yours to take. ^^
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Bullshit.
The bootloader is signed. Use this in combination with the TPM chip (embedded smartcard) on your laptop - AS SPECIFIED BY THE GUIDANCE - and use a PIN. There's no loading the disk or getting at the data without cracking AES. At least once.
So... Start your engines.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
you have to assume that they can design a scenario to separate you from your bags for an hour. If you're important enough for someone to devote these kinds of resources to get information from you, you're already boned. This whole thought exercise is pretty silly.
Comment removed based on user account deletion
1. Pretty much anyone who doesn't want to lug their work laptop around with them to the restaurant, etc. at the end of a long, shitty day on the client site. Most of my colleagues are just itching to be free of the laptop and tie at the end of the day.
2. I typically hang the "do not trojan" sign on the doorknob instead, as this offers a much higher degree of protection.
3. Our corporate laptop image is not available as a LiveCD, and unless you're running the corporate image you don't have access many of the tools you need in order to do your job.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
This isn't a new attack; it's just a specific variant of a "black bag" job; same idea as installing a hardware keylogger. I think there's likely a way to use Trusted Computing to defeat this particular variant, basically the TCM wouldn't give out keys to an untrusted bootloader.
And for cases where national security is concerned, probably more a likely attack vector than any other. So the likely defense is some kind of boot-time check of the loader's integrity, which is just as possible. For example, a utility to do this on a USB fob. Then of course the you have to remember to take your fob with you...
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
Pretty much all the responses so far completely miss the point.
I work for a large finiancial institution - one of the biggest. Plenty of folks here have sensitive client information on their laptops, which they take with them on business trips to see clients, technology partners etc. We have some extremely large clients (all the major banks, US and worldwide) and the client information could include contacts, details of trading, holdings in various stocks, etc. This information can be worth millions of dollars, and the company could be fined similar amounts if it was stolen from their posession.
Most of the employees/managers/sales guys etc that go on business trips are not particularly technically savvy. All they know is that they have their laptop, and it is encrypted, and they have been told that their laptop is safe because the evil h4xx0rz can't decrupt the 124-byte RSM keylock. This will give them a false sense of security, and will leave their laptop in their hotel room, safe in the knowledge that it has a kingston lock on it and no-one can walk off with it.
The data on some of these machines is valuable enough that people certainly would think about trying to get their hands on it.
This needs to be a wakeup call to the big banks that they need to educate their staff - simply telling them "your laptop is encrypted, you are safe" is not good enough. They need to keep the machine with them at all times
All the talk of "boot from liveCD" or BIOS passwords, or hidden TrueCrypt volumes, simply are not feasible on a large corporate scale, and are certainly above your average client portfolio manager.
Comment removed based on user account deletion
what is more likely to happen
http://xkcd.com/538/
this is the most important sig ever! In your face 446154!
Paranoid security people like you normally get chewed up and spat out by knowledgeable security people like me.
As someone who works as a security consultant for a hardware vendor, I meet you types on my customer sites every day of my life. You're the arrogant, mouthy type of security person that I find it very easy to make look like the total idiot you are.
I work with great security people both within my company and with my clients - these are people that listen to others, contribute their knowledge and learn something new every day.
You are just a walking mouth who has elevated himself to his own little throne - I'm so pleased you're an AC because I'm not sure I'd like you very much if I actually knew you.
Gentoo Linux - another day, another USE flag.
...if you locked your computer's screen before you walked away from it? You know, like YOU SHOULD ALWAYS DO?
The ones that get me are the encrypted disks that unlock themselves (no user supplied password) on boot-up. Don't people realize that they're taping the key underneath the lock in that sort of configuration?
Whenever I travel, I changed my splash screen graphic to a simple red-on-black message that reads:
"Dear Housekeeping,
Use of this system is monitored and you intrusion attempt has been reported to the system owner. The time has been recorded and the built-in webcam has taken your picture. Stop now and no charges will be filed."
Another method would be working for an under-funded government agency (like me). That last time I went to a conference I had to bring a 'company laptop'. Since the system was impressively 'designed for Windows 2000', I just took the battery out of the laptop when I was away from the room (along with the AC adaptor). I doubt anyone could find a retail outlet that sold nearly decade-old laptop batteries. SUck on that super maid spies!
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
What can be done about TrueCrypt? It also "Encrypts an entire partition or storage device such as USB flash drive or hard drive."
One idea is to take the hard drive out of your laptop and take it with you.
that I got out of that shithole called 'security world'.
It was really fun and interesting until 2003, but these days it's a joke.
Hey, even in year 1997 we all realized that once someone has physical access to your computer - you are fucked.
And here we are, in year 2009, reading "research" telling us things we all already know.
Sigh...
P.S: maid doesn't need to install any fancy shit, a keylogger will do just fine.
Burn the contents of your thumb drive to a business card sized CDROM.
"Liechtenstein is the world's largest producer of sausage casings, potassium storage units, and false teeth."
NO EXCEPTIONS!
No sig for the moment.
If I own the machine, and I am the user of that machine - I want the master TPM key and the ability to sign stuff for myself.
http://xkcd.com/538/
Seriously. If someone wants in your computer, they are getting in. Period. Full stop.
However:
A) Likely you and your laptops super secret porn stash are not important enough to bother.
B) Most people are too stupid to care. 99 times out of 100 your laptop will be stolen, maybe wiped and sold on ebay or equivalent.
Has Schneier run out of real security problems? Yeah, people with physical access to your hardware can break your encryption. They can put a key logger in your machine. They can bug your keyboard or your hotel room. They can even spread LSD or strychnine on your keyboard. Imagine that!
FDE has been around since the days of Macs and FWB Hard Disk Toolkit doing a modified (2 rounds IIRC) version of DES on any external hard disks (or Casady and Greene's A. M. E. doing a full DES on disks). It does have a performance it, but from what I've seen (and I've been using WDE in many platforms for a long time), the hit is not an issue with almost all FDE types of programs.
Encryption is a tradeoff. Yes, you lose reliability. However, if you have a decent backup mechanism (and you should regardless of the presence of encryption), the reliability loss isn't much, assuming you remember your password or keep your keyfiles safe.
The last assertion of being easier to break into encrypted data doesn't make sense. I can see people installing a FDE utility then assuming they are safe from all attacks (including ones via remote). If a person is concerned about data, perhaps it might be wise to install TrueCrypt in addition to the FDE security to only mount sensitive files when used and dismount them immediately. This way, should the laptop be seized while on and the memory dumped, an attacker would not have access to the whole filesystem. Similar functionality can be accomplished with multiple users on Windows and EFS.
Oh, the chosen plaintext attack would be a problem if people kept using 64 bit blocks and lame implementations of encryption like ECB. However, with modern algorithms that use a bigger blocksize and a more advanced diffusion protocol which uses a different subkey per sector, an attacker can know all they want to about plaintext, but it will not help them discern the key. The TrueCrypt manual has a good section on this.
Parent: win.
if the whole disk is encrypted how is the data from the usb stored in the hard drive in the first place?
If you always boot from an external media, let's say truecrypt bootable CD-R, wouldn't this solve the problem?
...
2. I typically hang the "do not trojan" sign on the doorknob instead, as this offers a much higher degree of protection.
...
Insert immature joke here. That was awesome. LOL
Ah... iocane powder
If someone else has unrestricted physical access to your computer, it's not your computer anymore.
-- I was raised on the command line, bitch
If it's been rebooted back to the truecrypt passphrase entry, then you know that someone's been monkeying with it. If you notice that your bios password and settings are gone, you can assume the bios ROM has been replaced in hardware. Or if you're sufficiently paranoid, you can assume the same just from the reboot, and junk the computer.
This evil maid can do anything she wants on my laptop!
Have gnu, will travel.
Comment removed based on user account deletion
For that matter, the guys video taping the room to sell you and your wife's activities to that voyeur site aims the camera at your laptop, watches your keystrokes, and boom - he has all you passwords you type in. Banking? PayPal? E-Mail.
You really need to use both a password and a physical device. Such as RSA tokens. My bank offers this for online banking. I have several for different things.
So lock the boot device to the FDE drive, and lock the hardware to the boot device. You can (could on PPC, still true on Intel?) with Macs. Sure, you can defeat it. But you necessarily can't re-enable it with the same pasword. So if you're this paranoid, lock booting to a particular device, and lock the boot device to full encryption. Check your that your first lock is still in place from time to time, as regularly as you need.
--
$tar -xvf
...
...
2. I typically hang the "do not trojan" sign on the doorknob instead, as this offers a much higher degree of protection.
Insert immature joke here. That was awesome. LOL
Something about Yahoo! and missing out on the latest developer swag due to misinterpretation, no doubt.
"Citation Needed."
Sorry, but I'll need something more than the word of some random guy on the Internet to believe this for a number of reasons, not the least of which being that such a backdoor would be something security testers would notice.
Do this to 3 or 4 Bobs, and pretty soon you'll have an understanding of the corporate org chart, upcoming projects, and most importantly you'll be able to target your future EvilMaid attacks with pinpoint accuracy.
Bob's my uncle. Let's play devil's advocate.
What does the consumer get in terms of higher competition, better products, lower prices, etc. if there was absolute transparency? Imagine a fantasy world where companies bent over because security was found out to have no value so they just gave the entire world access to their entire network?
Life might just stay the same old, same old for most people. There will be more frantic activity in some quarters as people find new opportunities, and some wackos will try to corner particular markets (but on this new pool table there will be way too many corners available to drop a ball into so that only goes so far). The status quo is that the most challenging problems are still going to be challenging. The most leading edge ideas are still risky. Consumers still have only a limited means of buying while there is far greater variety of classes of items than the number of classes that can be purchased from by the average individual.
As more and more knowledge becomes available on the Internet, would it even matter in business that some people have secrets? Someone may safeguard a work in progress for a long time until a product is released, only to have a competitor reverse engineer it in far less time.
Secrecy is valuable for businesses in terms of data integrity. If someone dressed up as a maid or as anyone trusted so that they can mess around with the data, one can tell if the data became corrupted. The cost of having someone copy the data is probably far less than the cost of having to rebuild the data.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
Well, #1... security measures only serve as deterrents. There will be a way around every security device, the only metric you really need to worry about is whether your:
(cost to circumvent) / (value of assets + cost to secure)
ratio is conveniently higher than your neighbors (ha ha, security people hate any mention of "convenience").
So... #2: by far the best thing you can do is to make sure your assets are relatively worthless compared to what other "target" have. Live a frugal life. Keep offsite backups of your photo albums. Don't keep secrets. And if you do, bury them with enough other crap (maybe using steganography if necessary) to decrease the signal/noise enough to make finding and sorting through the information kind of useless to those not in the know. Maybe you have lots of invalid bank and credit card information lying around. Or put a whole bunch of passwords in your secret password vault, in case it gets compromised (good sites will eventually lock them out for trying them all, and failed attempts will also tip you off and give you time to respond).
Next measure in the equation is to increase the cost of your perpetrator to circumvent security measures or commit crimes, far above what they'd gain by stealing your assets.
Cheap deterrents first: live up a flight of stairs... thieves are inherently lazy and will go for the "low hanging fruit" instead of you. In the context of this article, put your laptop up high in a closet or stash it in a drawer... make them search through dirty laundry for it.
The best society wouldn't need any security at all... if there was enough transparency and free flow of information, all thieves would get caught and reprimanded. So participate in the whole neighborhood watch thing, make sure your perp has to perform his act in very public settings, uniquely tag your stuff, and post warnings to remind them and make them nervous about getting arrested / shot / going to hell etc.
Finally, we get to the part of the equation where you actually have to actively do something for extra security measures.
First, make it a habit to perform the rudimentary simple steps of locking your door and always having your keys on you. Deadbolt is much better than the handle switch, and also helps insure that you remembered your keys. I involuntarily lock my house and car doors now, and always brush my pockets with my hands to check that my keys and wallet are still there. At this point, I usually notice within 5 minutes if something's missing.
Passwords and encryption are just more sophisticated keys and locks. Not uncircumventable, but much better than nothing. But before spending lots of money on more complex 2- & 3-factor keys and locks ... especially those that can completely shoot you in the foot and result in losing all your data... most people invest in other measures ... alarms and security cameras that would increase the chances of the perp getting caught. I haven't seen a whole lot that focuses on this area yet... the phone home mechanisms and stuff like that, but I figure it would be much more productive to concentrate on these kinds of security measures in the near term.
Duh. Move along, nothing to see here, news at eleven.
eh?
It might not be easy to prep, but you could have your firmware checksum the bootloader before it executes.
BIOS BOOT PASSWORD
eh?
http://tech.slashdot.org/article.pl?sid=09/10/22/1232225
the only confidential content on it should be the crypto key your remote control client uses to access your home/office computer on which the actual confidential information is. Which shouldn't do the aspiring data thief any good minus the password. Carry your portable entertainment content on the computer instead.
While this means that you don't get access to your own confo information unless you're hooked up to the Net via wifi or 3G wireless dongle, it also means that if you lose your computer, the expensive part is replacing the hardware, not the much more expensive job of attempting to find or recreate the actual data. And data that never was on your computer can't be stolen either by a random thief, the "bad guys", or the Feds when you cross an international border.
Tech Public Policy stuff
Are you aware that whole-disk encryption programs encypt a sector (or small group sectors) independently from each other? Plus, these programs are completely independent from file system structure. I would be more concerned about encryption software that worked on a file-by-file basis or was built into the filesystem than the traditional whole-disk encryption.
Meaning that if you write crap (or have a few bad sectors) to a small (encrypted) block, the rest of the disk is still perfectly readable (and decryptable). There is little difference between crap on an unencrypted disk and crap on an encrypted disk. In either case, crap that takes out the file allocation table will trash everything, otherwise it will only corrupt one or two files...
I use linux (full-disk) encryption for both my main disk as well as my backups... (There is little point in encrypting the server if the backup is plaintext!)
Have a hardware or BIOS-level password. If you dont have the password, you cant even boot the machine on any medium. Combine this with a screen lock (where the screen will lock if the screensaver/blanker activates) and it should protect things. If the bad guy doesn't have the password, they cant unlock the machine. They cant reboot either due to the
To prevent someone simply opening up the machine and installing a hardware keylogger, fit some sort of sticker that cant easily be forged/replaced and that easily indicates the machine has been opened.
You really think the NSA controls all US crypto? Ummm ok, well then lets take a look at a little thing called AES. That stands for Advanced Encryption Standard, and it is the official US encryption standard. The NIST wanted a replacement for the aging Triple DES, and that is what we now call AES. So, how did AES come about? Surely it was some secret project at the NSA that was released with no oversight and made a standard! Actually, not so much. AES was originally called Rijndael and was developed by two Belgian cryptographers, not US citizens or residents. It was chosen in an open competition from a number of other algorithms, including Twofish and RC6.
It was a completely public and open process. The entire algorithm is an open standard that anyone can examine, and people do. AES is the most tested crypto system the world has ever seen. Crypto experts from all over the world see if they can break it. Though there have been a few attacks that can make minor reductions in the key space, thus far it remains solid and there is no way to recover AES encrypted data until the sun goes dark.
That is the official, US government chosen and endorsed crypto system. Even the NSA has signed off on it for classified use.
So that leaves a situation with two possibilities:
1) The NSA is so far ahead of everyone else in crypto that they can crack AES, and could do so 7 years ago when it was standardized. Not only that, they are so sure that they are the only ones that can do this, they are willing to allow the algorithm to be used to secure critical assets like the US financial system, knowing the vulnerability, which is contrary to their mission. Only mathematicians in the US are smart enough to figure out this break, not in any other country including those like China which have made major crypyanalysis breakthroughs like the MD5 vulnerability.
or
2) AES is really very secure, the NSA did an evaluation of it and their experts found what all the other experts in the world did: It is a good crypto system.
Now which is more likely?
Also consider that the NSA was involved with the original DES. IBM developed it for civilian use at the request of the government, and the NSA looked over it. One of the things they did was suggest changes to the s-boxes. People theorized this was to weaken the algorithm. However, when differential cryptanalysis was publicly discovered in 1990, it turned out that the s-boxes in DES were very resilient to it, much more so than had they just been random. Turns out the NSA new about differential cryptanalysis and so did the IBM team that made DES. The NSA asked them to keep it a secret at the time. So far from inserting a backdoor, they instead helped IBM ensure it was secure.
Finally there is the fact that the Windows source code isn't secret. It isn't open, but it isn't secret. Many academic institutions have copies. ASU would be one I know of. So it isn't as though the code is something no one outside MS ever sees. It is out there, many people have had a look.
So seriously, get off the conspiracy BS.
OH! :D
She is also a man.....
http://www.rutkowska.yoyo.pl/
If you ignore ACs because they are anonymous - you're an idiot.
netbooks are not a laptop replacement. Of course you would leave your laptop in your room, because there is an expectation of security, close to that ofy our own home. Or, there should be.
If you ignore ACs because they are anonymous - you're an idiot.