[mdlug] Password of DEATH
Gmail-otakurider
otakurider at gmail.com
Thu Jun 7 21:55:07 EDT 2012
Re: Password of Death..
Nice discussion.. wanted to add a real world kicker into the mix. There
are a few countries now (Israel for one) that are implementing a laptop
boot, login and E-mail-system scan or you will not be allowed in the
country.
Sounds correct that once they slap a seizure on the laptop and you do
anything to damage the data you are in contempt of court (federal level)
and clicky, clicky locked up. There may be a gray line that if you can
destroy it before served and it leaves your hands there is less they can
do, but if they want to make your life a hell about it they can and
will. Problem with thermite is if you set it off in a public location
you will be slapped with a "you are a terrorist" and shipped to a dark
place with rubber hoses, funny chemicals or "sad about your family" that
will make you talk.
Would be a bitch to set up but --
Layers could be the key to this if you really want to keep it secure
from the three letter government groups that have made an image of your
drive so they can hammer on it. Also read some papers that if they are
quick enough they can image the ram, ie key to unlock the HDD must be
stored for a short time to decrypt the HDD so freezing the ram you may
be able to get the key.
So for example Encrypt the HDD, then encrypt your home drive, but
you will also need to verify that the programs you run save the data in
/home, not in places like /etc/ usr..bla bla. Then perhaps set up
encrypted blobs that you can store the data in, truecrypt, cryptit, etc
type programs to be used to store the really important stuff. I like
truecrypt because of the hidden volume option.
Almost forgot -- and all the passwords must be different !!!
Like I said a bitch to set up --
Talking with few people that travel and when their company gives them a
laptop (that is fully wiped after use) for "out of area traveling" that
is just a basic load of the systems so when it is imaged and scanned it
has nothing really on it, they use a vpn account, external ID pin, only
for travel that connects to a systems that is only used to transferred
data and is air-gapped from the rest of the company system (yes they are
paranoid). A few of them use encrypted USB sticks that will self
destruct if given too many bad passwords. One company does not let them
travel with laptops, all the meetings are done in a secure office with
secured laptops. Hmm also add the thought that the people (TSA, CIS,
NSA, FBI, name your own government) may have added a keylogger when you
were not looking.
Everyone has the number for the EFF I hope just in case..hmmm? for the
TSA, how badly you want on the flight, you can when asked, fight it and
say they have no need for the keys because it will boot and they have
scanned it for "bombs", but they don't have a flight to catch, you do.
It seems with everything the TSA does is a gray area on what they really
have the right to do. Most people will do what they are told because
they are already late from security lines and we have been conditioned
to follow orders by authority figures. EFF I believe has a document on
human reading of the TSA policy's, that is what they can and can't do
before you need to contact a defense attorney.
More information about the mdlug
mailing list