That is definitely the best compromise. It doesn't take much to block immediately, but have a timeout on IP addresses which are blocked, so after a certain time (hours/days for DoS attacks, weeks/months for repeat spam addresses) they are delisted. Perhaps weight the algorithm as well, so if an IP range keeps triggering the blacklist code, it is blacklisted for a longer and longer time, although the time is always finite.
The latest version of Retrospect has a feature called proactive backup. You can define scripts to tell Retrospect to start backing up a client machine every x amount of time to your selected destination, and when the machine is connected, it will start or resume backing up where it left off. So, a user comes back from a trip, docks their laptop, and after 30-45 min (end user selectable), Retrospect does an incremental backup of anything that changed, or the user can select to have the laptop backed up ASAP, and it will do that in the background.
Laws like RIPA are on the books in every country because of the fear of a ticking time bomb scenario. No nation wants to be forced to release someone even though they know that on an encrypted hard disk is information on an imminent attack, or after an attack has taken place, have physical possession of something that can tell them of the connections between terrorist cells... and can't do anything with the info.
I have a strong feeling that there are more details on the situation than the article states. In the US, most DAs would be very hesitant to test a law like this on something less than a major terrorist case, for fear that a judge would strike the law down as unconstitutional.
Having a known self destruct switch may cause a person to end up even worse trouble. This is a discussion that occurs periodically on a number of cryptography forums.
Almost all police departments will image the drive, then present the person with the image to decrypt. If the image gets stung by a self destruct Trojan, then the police will know that its not a forgotten password, and then proceed to use rubber hose decryption to obtain the contents of the drive.
If one goes into the BIOS setup of a number of recent Dell laptop or upper end desktop, it will give you the option to permanently enable or disable Computrace's BIOS agent.
HP and Dell laptops have the ability to have CompuTrace be permanently installed in the BIOS, where even a full reformat of the hard disks or a reflash of the BIOS will not remove it. If I were betting, I'd lay odds on this being the way Outback's IT department got their man.
I am concerned about yanking cards out of a powered up machine which were not expressly designed for this purpose. Netfinity systems, upper end Dell Poweredges, and other high end servers have hot-pluggable PCI cards which you could punch a small button corresponding to the number of the card, and the machine will physically depower the card, allowing safe removal at a hardware level (the OS crashing/not crashing would be a different story altogether, but the physical PC hardware would be able to deal with it). Even at the voltages that PCI cards run under, unless the card was expressly designed to briefly maintain voltage grounds as it was being inserted or removed, there is (IIRC), a chance of arcing, which would damage both the card and the PCI controller. I may be wrong, and please correct if I am.
The only "expansion card" bus I would attempt to hot plug would be PCMCIA, Cardbus, or ExpressCard, where the cards are designed from the ground up to allow for hot plugging on a hardware level.
SSD based storage probably is more efficient because they require no power to spin up and keep running a mechanical spindle and platters or move a read/write head.
Something tells me perhaps the best of both worlds would be a drive that (I think IBM) was working on that had a large array of small read/write heads, and read data by shifting the platter on a x-y plane, where the whole array of heads could pick up bits at the same time as opposed to the 4-8 of a normal spinning HDD.
Boot locking, as in setting a hard disk password in the security section of BIOS?
Setting a hard disk password (all IDE and SATA hard disks made since 2001 or so have the ability to require a password before access is granted) is decent security, however how truly secure it is, is debatable. Some people have claimed there are backdoors and universal passwords, others have claimed that only a low level recovery service that has the clean room and tools to look at the actual bits stored on the platters can access the data.
Password recovery is also different. Some laptop vendors have a way to unlock a password locked hard disk, if you provide them the "challenge" serial number from the hard drive ID. Other laptop vendors will just shrug and tell you you are out of luck.
Because the ATA password locking is not definite, I use WDE. I then know that the data is encrypted, and not just protected with a system that could just be smoke and mirrors.
I'm running the VM I use for Web browsing in a TrueCrypt container (less for security than ease of backups), using VirtualPC, and I also have a Linux VM running under VMWare that is also residing on a TrueCrypt volume.
Performance on either is a little slower, but if the VM has enough RAM, its not too bad.
I'd give it a try, you probably won't notice the performance difference for most applications, especially Web browsing.
I keep wondering, if the data is that sensitive, IT departments should have it physically never leave the data center. Instead, offer different means of access via secure means, such as Remote Desktop, ssh, a secure webapp available after connecting to a VPN, or some other means of accessing the data and gathering reports from remote. Keep the data available, but have it physically reside in the (relatively) secure environment of the data center.
If someone needs offline access (for example in a remote location with no Internet access), that is a different story, but in a number of laptop theft cases, there is no real reason the info is physically sitting on the laptop.
Of course, this won't prevent an employee from doing an export of all the tables to their laptop, but having the sensitive data behind a username, password, and a SecurID token means that the losses due to a stolen laptop will be minimal. Add a decent FDE program (BitLocker is decent because it doesn't get in the way of users, provided they can access their user), and a laptop loss can be written off as "just" hardware.
A number of Dell laptops and desktops have the ability to have CompuTrace installed in the BIOS. This is another good tool to help find stolen goods.
By using the tools out there, from WDE, to having data physically residing on a different location (although there are cases where this isn't possible), to CompuTrace, damage done from a stolen laptop can be greatly mitigated.
I personally have not used PointSec, but I have had excellent results with other encryption programs, where you install, encrypt the boot/system volume (PGP can journal the encryption so a cold power failure won't juice the data), then not worry about it other than punching your password at bootup.
Performance wise, I've not noticed any slowdown (the bottleneck is the HDD rather than the encryption layer.)
Please don't discount WDE programs in general because one of them is underperforming. I have used WDE programs for years [1] and have had very few instances of catastrophic data loss where the program caused nothing on the HDD to be recoverable. However, I do make sure to do backups often just in case.
[1]: IANAMF (I am not a Mac fanboy), but what is ironic is that Macs around 1989 were one of the first machines to have complete WDE utilities like Fileguard, A. M. E., Empower, even FWB's Hard Disk Toolkit which automatically loaded the encryption driver on any SCSI hard disk plugged in. To this day, I still have not seen anything as secure as Casady & Greene's A. M. E.
TrueCrypt is an excellent program, the devs have put a lot of thought into every aspect of security. I use it for encrypting external drive volumes completely so if someone does a smash and grab on my stuff, they will end up with hardware, but the data is protected by a passphrase and a keyfile stored on the (WDE encrypted, using a hardware token) boot drive.
The biggest thing to remember with TrueCrypt, if you lose the first 1024k or so of an encrypted volume, you have completely lost the volume because the first part contains the encryption key (or keys) for the rest of the data. ALWAYS back up the volume headers (they are encrypted with the same mechanism as the volume itself, so they just need to be stored safely) of all critical volumes.
Of course there will be people saying that "I don't use encryption programs, I have nothing to hide." That is analogous to saying "Don't have a front door as you might has something to hide." Its not the governments these programs are for (most governments can obtain the decryption key via other means including a rubber hose), its thieves. These days, TrueCrypt and other security programs are highly necessary to keep a $1000 laptop from becoming a loss of many thousands in ID theft.
The best compromise for this I've seen is a hardware token. Of course, people are likely going to keep it in the same container as the laptop, but most hardware tokens can be configured to render themselves inoperable after a number of wrong password attempts.
Now, even if someone has the token and the laptop, they have 3-15 tries to guess the password on the token, and usually that password is 8 characters or more.
Thieves are getting smarter though. Its on the news often how the data stolen on a laptop was worth millions. Even the local "swipe and run" guy at the university prowling the library for people who briefly leave their laptops unattended are becoming aware that the data on the laptop is just as valuable if not more than the hardware itself, so they will be more likely to find a partner in crime to extract the data from it for either selling to someone else for ID theft, or just outright extortion. If a thief can't use the info, there are people who they can sell it to who can.
Even if its a personal laptop with nothing more sensitive than Facebook cookies, that is still valuable info to a thief.
I strongly urge anyone with a laptop to spend the $100 or so and buy a decent WDE (whole disk encryption) program. There are a number of good programs out there to choose from. I personally use (on different machines, of course) PGP, Jetico's BestCrypt, and MySecureDoc, and found them all to be pretty much install and forget (other than providing the passphrase at boot.) PGP and Jetico both offer eToken support for added security, so someone stealing the laptop would have to have the eToken, the laptop, and the password of the eToken to obtain any useful info.
One feature of Jetico's offering I like is the fact that you can install it on a BartPE CD, which makes recovery of a damaged, encrypted filesystem a lot easier. You do not need to decrypt the volume completely, just mount it, and do the repairs needed.
I'd like it to have xen, VMWare ESX Server (though would add to the cost) or some VM technology that works with Windows, and support the graphics drivers. Then, I could have an install of Windows just for gaming, one for web browsing, and Linux for general work, and if the web browsing instance gets hit by a new type of malware attack, it won't affect anything else.
I don't see how this is a backdoor either. Its intended for a remote admin to be able to reboot a secure machine, knowing that there is a slight risk of attack by a fairly sophisticated attacker in the time it takes from when the machine reboots to when it starts up and Bootguard gets the passphrase, zeroes it out on the hard disk, and continues the boot process.
This is needed functionality for a number of places, for example domain controllers at remote sites, which should have everything protected from booting forward, but still be able to be remotely accessed by the core IT people and rebooted for Windows updates without any need for intervention at the remote site.
One idea that PGP might do to mitigate the risk during the boot would perhaps be using the TPM module on newer servers, similar to BitLocker's functionality. When the command is issued for a remote reboot, PGP WDE would have the TPM store the key instead of having it on the hard disk, and after the boot process is successful, PGP would then tell the TPM to zero that information out. An added bonus would be that the TPM would detect tampering and not allow the machine to be rebooted should someone physically try altering it before Bootguard loads.
When coding a game, developers spend a lot of man hours making the game run reliability. Copy protection does the opposite. It is intended to ruin the reliability of a game. People will pirate a game no matter what methods you use unless you use methods that upset legitimate people so much that its not purchased, or you make the game only for consoles.
IMHO, the best copy protection is none on the local end. Instead, have a CD key where the game uses that for online content, be it additional maps or levels, a way for players to find other players to play against others online, or just additional content.
Bioware did this right with Neverwinter Nights 1. They eventually patched out the CD-ROM protection, and piracy did not spike at all after they did this. What keeps people from pirating NWN1 before NWN2 came out was the fact that to access any online content, a unique CD key was needed, and two people couldn't use the same CD key to go online.
Of course, CD keys are not perfect. They can be stolen (maybe less so if "bound" to a player's account), but if one has to have some form of copy protection, this probably sucks the least.
I can see someone with a small botnet, distributed globally, running brute-force code on each machine to keep hitting MS's WGA servers guessing keys which pass the genuine test. If the bot-herder wanted to be really evil, run the keys that pass genuine through the activation server with random hardware hashes until the activation servers report "fail" messages. This would be a major denial of service attack on many levels, because MS could not tell true activations from fake ones.
Jolitz's 386BSD (the BSD that FreeBSD, NetBSD forked from), due to ITAR requirements, stored passwords in/etc/passwd (I think it had the option to run pwconv to move them to/etc/shadow, but don't remember) in 100% plaintext. You could recompile from source with a flag for the usual crypt(3) function, like other UNIX variants.
Early Linux distros (SLS) always used crypt(3) for their passwords, originally stored the passwords in/etc/passwd, but around '92 or '93, they moved to storing them in/etc/shadow.
If you need to protect the swap file, you can set Windows to zero it out cleanly on shutdown (a setting under security options if you pull up secpol.msc.)
For further protection, there is a third party utility called BestCrypt which loads a low level device driver that intercepts the read and write calls between Windows and the swap file, and encrypts it with a randomly generated key every time the machine gets booted.
IMHO, the best protection for nearly any Windows machine is whole disk encryption (BitLocker or a third party utility like BestCrypt or PGP), but a number of WDE programs won't work with Windows Server 2003, so protecting the swap file helps.
On Windows servers such as domain controllers, BitLocker will be a good security feature, assuming the machine has a usable TPM chip. The machine can then boot as normal (without requiring a password at boot as with other WDE utilities), but barring someone with a physical device that can read the RAM on a machine while its on, there is no easy way to just boot from a CD and access a machine's SAM to crack the passwords. BitLocker is intended to reduce the attack profile on a local machine to just the username and password on the console.
BitLocker may not be 100% secure, but its extremely hard to make a whole disk encryption program for a server that requires no password on bootup. On servers, BitLocker is intended to be the last ditch protection, after the machine is put in a locked server room with adequate physical security. I may sound like a shill, but I do think MS did a good job making encryption to protect volumes, but still allow the machine to boot up and go into service after patches are applied.
If the machine doesn't have a TPM chip, then one can still use a conventional program (PGP, BestCrypt, SecureDoc) for whole disk encryption, but someone trusted will have to know it on site should a server get powered off or rebooted.
Vista and Windows 2008 Server (the beta that is) both don't store LM hashes by default. You can turn it on by running secpol.msc, if you have older machines that need that.
You are right. Someone can log one's bank transaction if the home machine is compromised, or if the crook is fast, use the generated one time number before the legitimate retailer can.
What the individual, one time use, credit card numbers provide protection from are unscrupulous or poorly secured retailers rather than a user's machine with bad security.
Some banks address the way one time numbers are distributed by sending the bank customer a scratch off card via physical mail. When the customer needs to use a new one time number, he or she just scratches off the line and enters it in. Of course, physical mail is interceptable, but it keeps a purely remote thief from making off with the goodies.
I thought myself that on screen keyboards would be a great thing, but most modern keyloggers can take highly compressed screenshots when someone clicks the mouse, and some can do FRAPS-like video logging. To boot, a number of on-screen keyboards use the keypress stack, so the keylogger will catch the key clicked on like a normal pressed one.
Probably the best of all worlds for guarding passwords to make sure that a logged password doesn't mean full access would be a securID like system with a keyfob that gives numbers, or a device you punch in your PIN, it gives a random number that you use instead of your password. As for a solution without a hardware device, S/Key or OPIE would a great help here, and has been in BSD for many years. Just print out a list of one time passwords before leaving for the day.
For credit cards, some banks are proactive and offer one time use numbers. This should be a lot more widespread, so if a bad guy does grab a card number, all it will get him/her would be DECLINE messages.
That is definitely the best compromise. It doesn't take much to block immediately, but have a timeout on IP addresses which are blocked, so after a certain time (hours/days for DoS attacks, weeks/months for repeat spam addresses) they are delisted. Perhaps weight the algorithm as well, so if an IP range keeps triggering the blacklist code, it is blacklisted for a longer and longer time, although the time is always finite.
The latest version of Retrospect has a feature called proactive backup. You can define scripts to tell Retrospect to start backing up a client machine every x amount of time to your selected destination, and when the machine is connected, it will start or resume backing up where it left off. So, a user comes back from a trip, docks their laptop, and after 30-45 min (end user selectable), Retrospect does an incremental backup of anything that changed, or the user can select to have the laptop backed up ASAP, and it will do that in the background.
Laws like RIPA are on the books in every country because of the fear of a ticking time bomb scenario. No nation wants to be forced to release someone even though they know that on an encrypted hard disk is information on an imminent attack, or after an attack has taken place, have physical possession of something that can tell them of the connections between terrorist cells... and can't do anything with the info.
I have a strong feeling that there are more details on the situation than the article states. In the US, most DAs would be very hesitant to test a law like this on something less than a major terrorist case, for fear that a judge would strike the law down as unconstitutional.
Having a known self destruct switch may cause a person to end up even worse trouble. This is a discussion that occurs periodically on a number of cryptography forums.
Almost all police departments will image the drive, then present the person with the image to decrypt. If the image gets stung by a self destruct Trojan, then the police will know that its not a forgotten password, and then proceed to use rubber hose decryption to obtain the contents of the drive.
There is a link to this on HP's website:
http://h20331.www2.hp.com/Hpsub/downloads/HP_Computrace_BIOS_FAQ.pdf
Its a PDF.
As for Dell:
http://www.dell.com/content/topics/global.aspx/corp/pressoffice/en/2005/2005_12_13_rr_000?c=us&l=en&s=corp
If one goes into the BIOS setup of a number of recent Dell laptop or upper end desktop, it will give you the option to permanently enable or disable Computrace's BIOS agent.
HP and Dell laptops have the ability to have CompuTrace be permanently installed in the BIOS, where even a full reformat of the hard disks or a reflash of the BIOS will not remove it. If I were betting, I'd lay odds on this being the way Outback's IT department got their man.
I am concerned about yanking cards out of a powered up machine which were not expressly designed for this purpose. Netfinity systems, upper end Dell Poweredges, and other high end servers have hot-pluggable PCI cards which you could punch a small button corresponding to the number of the card, and the machine will physically depower the card, allowing safe removal at a hardware level (the OS crashing/not crashing would be a different story altogether, but the physical PC hardware would be able to deal with it). Even at the voltages that PCI cards run under, unless the card was expressly designed to briefly maintain voltage grounds as it was being inserted or removed, there is (IIRC), a chance of arcing, which would damage both the card and the PCI controller. I may be wrong, and please correct if I am.
The only "expansion card" bus I would attempt to hot plug would be PCMCIA, Cardbus, or ExpressCard, where the cards are designed from the ground up to allow for hot plugging on a hardware level.
SSD based storage probably is more efficient because they require no power to spin up and keep running a mechanical spindle and platters or move a read/write head.
Something tells me perhaps the best of both worlds would be a drive that (I think IBM) was working on that had a large array of small read/write heads, and read data by shifting the platter on a x-y plane, where the whole array of heads could pick up bits at the same time as opposed to the 4-8 of a normal spinning HDD.
Boot locking, as in setting a hard disk password in the security section of BIOS?
Setting a hard disk password (all IDE and SATA hard disks made since 2001 or so have the ability to require a password before access is granted) is decent security, however how truly secure it is, is debatable. Some people have claimed there are backdoors and universal passwords, others have claimed that only a low level recovery service that has the clean room and tools to look at the actual bits stored on the platters can access the data.
Password recovery is also different. Some laptop vendors have a way to unlock a password locked hard disk, if you provide them the "challenge" serial number from the hard drive ID. Other laptop vendors will just shrug and tell you you are out of luck.
Because the ATA password locking is not definite, I use WDE. I then know that the data is encrypted, and not just protected with a system that could just be smoke and mirrors.
I'm running the VM I use for Web browsing in a TrueCrypt container (less for security than ease of backups), using VirtualPC, and I also have a Linux VM running under VMWare that is also residing on a TrueCrypt volume.
Performance on either is a little slower, but if the VM has enough RAM, its not too bad.
I'd give it a try, you probably won't notice the performance difference for most applications, especially Web browsing.
I keep wondering, if the data is that sensitive, IT departments should have it physically never leave the data center. Instead, offer different means of access via secure means, such as Remote Desktop, ssh, a secure webapp available after connecting to a VPN, or some other means of accessing the data and gathering reports from remote. Keep the data available, but have it physically reside in the (relatively) secure environment of the data center.
If someone needs offline access (for example in a remote location with no Internet access), that is a different story, but in a number of laptop theft cases, there is no real reason the info is physically sitting on the laptop.
Of course, this won't prevent an employee from doing an export of all the tables to their laptop, but having the sensitive data behind a username, password, and a SecurID token means that the losses due to a stolen laptop will be minimal. Add a decent FDE program (BitLocker is decent because it doesn't get in the way of users, provided they can access their user), and a laptop loss can be written off as "just" hardware.
A number of Dell laptops and desktops have the ability to have CompuTrace installed in the BIOS. This is another good tool to help find stolen goods.
By using the tools out there, from WDE, to having data physically residing on a different location (although there are cases where this isn't possible), to CompuTrace, damage done from a stolen laptop can be greatly mitigated.
I personally have not used PointSec, but I have had excellent results with other encryption programs, where you install, encrypt the boot/system volume (PGP can journal the encryption so a cold power failure won't juice the data), then not worry about it other than punching your password at bootup.
Performance wise, I've not noticed any slowdown (the bottleneck is the HDD rather than the encryption layer.)
Please don't discount WDE programs in general because one of them is underperforming. I have used WDE programs for years [1] and have had very few instances of catastrophic data loss where the program caused nothing on the HDD to be recoverable. However, I do make sure to do backups often just in case.
[1]: IANAMF (I am not a Mac fanboy), but what is ironic is that Macs around 1989 were one of the first machines to have complete WDE utilities like Fileguard, A. M. E., Empower, even FWB's Hard Disk Toolkit which automatically loaded the encryption driver on any SCSI hard disk plugged in. To this day, I still have not seen anything as secure as Casady & Greene's A. M. E.
TrueCrypt is an excellent program, the devs have put a lot of thought into every aspect of security. I use it for encrypting external drive volumes completely so if someone does a smash and grab on my stuff, they will end up with hardware, but the data is protected by a passphrase and a keyfile stored on the (WDE encrypted, using a hardware token) boot drive.
The biggest thing to remember with TrueCrypt, if you lose the first 1024k or so of an encrypted volume, you have completely lost the volume because the first part contains the encryption key (or keys) for the rest of the data. ALWAYS back up the volume headers (they are encrypted with the same mechanism as the volume itself, so they just need to be stored safely) of all critical volumes.
Of course there will be people saying that "I don't use encryption programs, I have nothing to hide." That is analogous to saying "Don't have a front door as you might has something to hide." Its not the governments these programs are for (most governments can obtain the decryption key via other means including a rubber hose), its thieves. These days, TrueCrypt and other security programs are highly necessary to keep a $1000 laptop from becoming a loss of many thousands in ID theft.
The best compromise for this I've seen is a hardware token. Of course, people are likely going to keep it in the same container as the laptop, but most hardware tokens can be configured to render themselves inoperable after a number of wrong password attempts.
Now, even if someone has the token and the laptop, they have 3-15 tries to guess the password on the token, and usually that password is 8 characters or more.
Thieves are getting smarter though. Its on the news often how the data stolen on a laptop was worth millions. Even the local "swipe and run" guy at the university prowling the library for people who briefly leave their laptops unattended are becoming aware that the data on the laptop is just as valuable if not more than the hardware itself, so they will be more likely to find a partner in crime to extract the data from it for either selling to someone else for ID theft, or just outright extortion. If a thief can't use the info, there are people who they can sell it to who can.
Even if its a personal laptop with nothing more sensitive than Facebook cookies, that is still valuable info to a thief.
I strongly urge anyone with a laptop to spend the $100 or so and buy a decent WDE (whole disk encryption) program. There are a number of good programs out there to choose from. I personally use (on different machines, of course) PGP, Jetico's BestCrypt, and MySecureDoc, and found them all to be pretty much install and forget (other than providing the passphrase at boot.) PGP and Jetico both offer eToken support for added security, so someone stealing the laptop would have to have the eToken, the laptop, and the password of the eToken to obtain any useful info.
One feature of Jetico's offering I like is the fact that you can install it on a BartPE CD, which makes recovery of a damaged, encrypted filesystem a lot easier. You do not need to decrypt the volume completely, just mount it, and do the repairs needed.
I'd like it to have xen, VMWare ESX Server (though would add to the cost) or some VM technology that works with Windows, and support the graphics drivers. Then, I could have an install of Windows just for gaming, one for web browsing, and Linux for general work, and if the web browsing instance gets hit by a new type of malware attack, it won't affect anything else.
I don't see how this is a backdoor either. Its intended for a remote admin to be able to reboot a secure machine, knowing that there is a slight risk of attack by a fairly sophisticated attacker in the time it takes from when the machine reboots to when it starts up and Bootguard gets the passphrase, zeroes it out on the hard disk, and continues the boot process.
This is needed functionality for a number of places, for example domain controllers at remote sites, which should have everything protected from booting forward, but still be able to be remotely accessed by the core IT people and rebooted for Windows updates without any need for intervention at the remote site.
One idea that PGP might do to mitigate the risk during the boot would perhaps be using the TPM module on newer servers, similar to BitLocker's functionality. When the command is issued for a remote reboot, PGP WDE would have the TPM store the key instead of having it on the hard disk, and after the boot process is successful, PGP would then tell the TPM to zero that information out. An added bonus would be that the TPM would detect tampering and not allow the machine to be rebooted should someone physically try altering it before Bootguard loads.
When coding a game, developers spend a lot of man hours making the game run reliability. Copy protection does the opposite. It is intended to ruin the reliability of a game. People will pirate a game no matter what methods you use unless you use methods that upset legitimate people so much that its not purchased, or you make the game only for consoles.
IMHO, the best copy protection is none on the local end. Instead, have a CD key where the game uses that for online content, be it additional maps or levels, a way for players to find other players to play against others online, or just additional content.
Bioware did this right with Neverwinter Nights 1. They eventually patched out the CD-ROM protection, and piracy did not spike at all after they did this. What keeps people from pirating NWN1 before NWN2 came out was the fact that to access any online content, a unique CD key was needed, and two people couldn't use the same CD key to go online.
Of course, CD keys are not perfect. They can be stolen (maybe less so if "bound" to a player's account), but if one has to have some form of copy protection, this probably sucks the least.
I can see someone with a small botnet, distributed globally, running brute-force code on each machine to keep hitting MS's WGA servers guessing keys which pass the genuine test. If the bot-herder wanted to be really evil, run the keys that pass genuine through the activation server with random hardware hashes until the activation servers report "fail" messages. This would be a major denial of service attack on many levels, because MS could not tell true activations from fake ones.
Jolitz's 386BSD (the BSD that FreeBSD, NetBSD forked from), due to ITAR requirements, stored passwords in /etc/passwd (I think it had the option to run pwconv to move them to /etc/shadow, but don't remember) in 100% plaintext. You could recompile from source with a flag for the usual crypt(3) function, like other UNIX variants.
/etc/passwd, but around '92 or '93, they moved to storing them in /etc/shadow.
Early Linux distros (SLS) always used crypt(3) for their passwords, originally stored the passwords in
If you need to protect the swap file, you can set Windows to zero it out cleanly on shutdown (a setting under security options if you pull up secpol.msc.)
For further protection, there is a third party utility called BestCrypt which loads a low level device driver that intercepts the read and write calls between Windows and the swap file, and encrypts it with a randomly generated key every time the machine gets booted.
IMHO, the best protection for nearly any Windows machine is whole disk encryption (BitLocker or a third party utility like BestCrypt or PGP), but a number of WDE programs won't work with Windows Server 2003, so protecting the swap file helps.
On Windows servers such as domain controllers, BitLocker will be a good security feature, assuming the machine has a usable TPM chip. The machine can then boot as normal (without requiring a password at boot as with other WDE utilities), but barring someone with a physical device that can read the RAM on a machine while its on, there is no easy way to just boot from a CD and access a machine's SAM to crack the passwords. BitLocker is intended to reduce the attack profile on a local machine to just the username and password on the console.
BitLocker may not be 100% secure, but its extremely hard to make a whole disk encryption program for a server that requires no password on bootup. On servers, BitLocker is intended to be the last ditch protection, after the machine is put in a locked server room with adequate physical security. I may sound like a shill, but I do think MS did a good job making encryption to protect volumes, but still allow the machine to boot up and go into service after patches are applied.
If the machine doesn't have a TPM chip, then one can still use a conventional program (PGP, BestCrypt, SecureDoc) for whole disk encryption, but someone trusted will have to know it on site should a server get powered off or rebooted.
Vista and Windows 2008 Server (the beta that is) both don't store LM hashes by default. You can turn it on by running secpol.msc, if you have older machines that need that.
You are right. Someone can log one's bank transaction if the home machine is compromised, or if the crook is fast, use the generated one time number before the legitimate retailer can.
What the individual, one time use, credit card numbers provide protection from are unscrupulous or poorly secured retailers rather than a user's machine with bad security.
Some banks address the way one time numbers are distributed by sending the bank customer a scratch off card via physical mail. When the customer needs to use a new one time number, he or she just scratches off the line and enters it in. Of course, physical mail is interceptable, but it keeps a purely remote thief from making off with the goodies.
I thought myself that on screen keyboards would be a great thing, but most modern keyloggers can take highly compressed screenshots when someone clicks the mouse, and some can do FRAPS-like video logging. To boot, a number of on-screen keyboards use the keypress stack, so the keylogger will catch the key clicked on like a normal pressed one.
Probably the best of all worlds for guarding passwords to make sure that a logged password doesn't mean full access would be a securID like system with a keyfob that gives numbers, or a device you punch in your PIN, it gives a random number that you use instead of your password. As for a solution without a hardware device, S/Key or OPIE would a great help here, and has been in BSD for many years. Just print out a list of one time passwords before leaving for the day.
For credit cards, some banks are proactive and offer one time use numbers. This should be a lot more widespread, so if a bad guy does grab a card number, all it will get him/her would be DECLINE messages.