Slashdot Mirror
Hackers, Activists, Journos: How To Build a Secure Burner Laptop (vice.com)
sarahnaomi writes to describe a presentation by security researcher Georg Wicherski at the t2'15 infosec conference; Wicherski outlined in his talk several steps that could be taken to render an ordinary Chromebook immune (or at least very, very resistant) to malware attacks, even when an adversary has physical access to it. These customizations make it difficult for an attacker to use any sort of turnkey solution, presenting a barrier to any off-the-shelf equipment attackers might use. At border crossings, Wicherski said possible attackers might have "an appliance, that comes with a manual, and low-skilled operators." By using a setup that is not very common, the border cops might not know what to do.
Install APKs host file generator so you don't have people tracking you by your DNS lookups.
I don't see a link to said presentation...
might have "an appliance, that comes with a manual, and low-skilled operators." By using a setup that is not very common, the border cops might not know what to do.
Oh, they know exactly what to do.
"..border guards confiscated his laptop and phones and detained him, telling him he would not be allowed to leave until he gave them his passwords."
This is a solved problem as far as they are concerned. You sit in a room until you unlock the device for them. Lawyer? You don't get no steenkin' lawyer.
It's a shame that TFA seems to suck, because this is a big concern for a lot of people. I encrypt my laptop, but at the border your rights are severely diminished and they can do all sorts of nasty things to you. So far the best option seems to be to carry an innocuous laptop with nothing of interest on it, and mail myself an encrypted flash drive with the real OS and data on it.
Even with a phone you can do a "nandroid" backup (on Android) of the real OS, wipe it back to factory and then restore when you reach safety.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
No, they'll keep the device, beat and rape you, then illegally hold you without charging you anything and without granting you access to a lawyer.
No, they'll keep the device, beat and rape you, then illegally hold you without charging you anything and without granting you access to a lawyer.
Except it won't be illegal because it'll be at the border.
In the free world the media isn't government run; the government is media run.
It's a shame that TFA seems to suck, because this is a big concern for a lot of people. I encrypt my laptop, but at the border your rights are severely diminished and they can do all sorts of nasty things to you. So far the best option seems to be to carry an innocuous laptop with nothing of interest on it, and mail myself an encrypted flash drive with the real OS and data on it.
Even with a phone you can do a "nandroid" backup (on Android) of the real OS, wipe it back to factory and then restore when you reach safety.
And that backup goes online, encrypted and you download it once you are across the border.
Done that with laptops as well.
In the free world the media isn't government run; the government is media run.
Personally, when I vacationed in Jamaica I set the bootloader to default to Windows rather than a serious OS with anything important on it. That should take care of 99% of TSA employees making $12/hour, and front-line customs clerks. The people I dealt with were probably working at Taco Bell the month before, they weren't top-tier forensic scientists.
Why do you need a "secure" burner laptop?
I don't mean that in the "if you have nothing to hide..." sense, but rather, the whole point of a "burner" comes from the fact that it doesn't have anything to hide on it. You pretty much just revert it to OEM condition before each trip, and if some hostile government-authorized terrorist agency like HSI (formerly ICE) decides to steal it from you (or hell, if a random thief decides to steal it from you), you haven't lost anything but the hardware.
Hey, I completely agree that we shouldn't have to put up with that sort of bullshit or take steps like prepping a burner laptop every time we want to go on vacation; but "securing" it just makes it look even more tempting to the idiots at the gates; similarly for setting up a UI that Officer Shout-and-Taze doesn't immediately recognize as Windows or OS X or Android or iOS.
If you want to make a stand, I fully support you. But if you just want to get on with your day, spare yourself from your own cleverness, and just restore to factory default and give it a highly secure password like "password".