Xaro
Ranter Level 1
Karma: 0
Posts: 8
|
 |
« Reply #45 on: October 21, 2008, 10:23:42 PM » |
|
Hmm interesting article there... I always keep a Boot N Nuke near my laptop at all times anyway  . |
|
|
|
|
Logged
|
|
|
|
|
destined
|
|
« Reply #46 on: October 31, 2008, 12:56:52 AM » |
|
Xaro: I would refer you to page two and three of this thread on Boot N Nuke (or dban for short.)
Depending on the speed of your CPU and hard drive size, it may take time over write the data on your tower, mini-tower, desktop or laptop.
|
|
|
|
|
Logged
|
|
|
|
|
destined
|
|
« Reply #47 on: October 31, 2008, 01:07:23 AM » |
|
Just thought up a wonderfully evil idea.
What if you three partitions. A small one with a boot loader, decryptor, small swap partition (encrypted with a different encryption technology or key than the main partition.) the your main partition is encrypted with what ever technology and keying system you wanted, connected to the /boot partition or some linked up boot strap program.
The /boot would be like grub or some other type of disk manager, it would take a password and run it against a key encryption system that would reveal the other keys for the disk partitions. Would have to be very small for the very last step.
If for some reason, some group of souls decided to come into your business, home or ?, you would have a button, keyprompt that could do an immediate wipe of this small /boot and run the disk in ram until it was shut off. When groups of souls shut off the machine, the bootstrap program would be wiped, the keys would be wiped that would be used to reboot the machine and if you used a very strong encryption system, they would have to use some form of very strong brute force calculations to unencrypted the swap file-paging system-or-swap partition and the / or C:/ drive for windows.
So what do you guys think of my idea?
|
|
|
|
|
Logged
|
|
|
|
|
B.O.R.G
|
|
« Reply #48 on: November 04, 2008, 06:48:06 PM » |
|
It is possible to freeze ram chips in order to extract your private keys before the caps collapse, but the police won't have that kind of capability for a while yet. Unless you are under investigation by some group with a lot better resources than the local cops, this is not a likely outcome.
I wonder how this would work if you have ASLR (Address space layout randomisation) enabled. As per the new Vista security standard. Yes, you can find the key, but its hard work. Also why not just use peerguardian or something like TOR to thwart their tracking of torrents. If that fails you have drive encryption at your disposal in the form of a removable drive. If they trip the front gate beams or motion sensors, you can unplug the drive and toss it into your microwave oven, or dip it into a vat of sulphuric acid, or just toss it down the laundry chute. Oh wait, destruction of evidence is bad. Err, OK so you swap your external drive with another one. Just throw it into a box labeled "broken shit". Alternatively keep your arc welder handy, then just weld a hole through the drive. Tell them you were making modern art and that its in the eye of the beholder. Oh, you will also need a ferris beuler voice on the doorbell answering system to slow them down while you fire up the arc welder. If you are a real pro, you can disassemble the drive and remove the platters before they make it into your home. Tell them you were fixing the drive since it crashed. Oops. Once the platters are unaligned, my understanding is that its easier to kill all the mosquitos in Canada than to get it up and running again. Plan B is to run a virtual OS inside another OS. Put the virtual OS in an encrypted volume. That is simple to do and a real pain in the nethers for your local boy genius to decipher. Even if they get the key off the RAM, you can have several drives with the same filename on it. Different key. That should slow down those knowitall agents of the law. You can always just use your neighbour's weak WEP key to get cheap wireless that way. Then buddy up with some intrepid russians who will allow you to download movies, porn and the missile schematics that they stole from the US via a SSL encrypted connection. Pay them via a cayman island ceiling limited credit card linked to a false pseudonym paypal account that you signed up using a SSL Proxy in guatemala which you get to via several routes that you manually put into various cisco routers that the dumbo sysadmins left running with the default password or an old IOS. Oh wait.... you could also just go to the video store. Then rip the stuff, share with buddies over external drives. Undetectable. Oooops. Yes it costs more. I know that part. Except for Khazakstan interestingly. Their bandwidth is massively expensive. The other major alternative is to fly to china. Get every movie ever made for a few dollars (since you cant buy the real thing even if you wanted to. I believe thats only for the export market). Watch them till you are sick and then come home. They cant take that from you you know. Now the big question is ... why dont the RIAA tackle China ? Maybe they dont have words for "intellectual property" in Mandarin or Cantonese. |
|
|
|
|
Logged
|
"Never attribute to malice that which can be adequately explained by stupidity." - Robert Heinlein
|
|
|
|
B.O.R.G
|
|
« Reply #49 on: November 04, 2008, 07:40:26 PM » |
|
Just thought up a wonderfully evil idea.
What if you three partitions. A small one with a boot loader, decryptor, small swap partition (encrypted with a different encryption technology or key than the main partition.) the your main partition is encrypted with what ever technology and keying system you wanted, connected to the /boot partition or some linked up boot strap program.
The /boot would be like grub or some other type of disk manager, it would take a password and run it against a key encryption system that would reveal the other keys for the disk partitions. Would have to be very small for the very last step.
If for some reason, some group of souls decided to come into your business, home or ?, you would have a button, keyprompt that could do an immediate wipe of this small /boot and run the disk in ram until it was shut off. When groups of souls shut off the machine, the bootstrap program would be wiped, the keys would be wiped that would be used to reboot the machine and if you used a very strong encryption system, they would have to use some form of very strong brute force calculations to unencrypted the swap file-paging system-or-swap partition and the / or C:/ drive for windows.
So what do you guys think of my idea?
They can still get the encryption key from RAM. Lets start with that given that its the most painful thing to overcome. Then they will clone the drive, and start undeleting/restoring files. OK so now they have your deleted volume and your key. Then they open that. Once open, they can open any further volumes using the key that was in RAM. You have a better bet by having a RAM wiping application that loads at boot. You press reset and that wipes RAM instantly. Something like this should do the trick : http://www.bodrag.com/ram-booster.html. I could be wrong, but since it is messing with RAM all the time, chances are that it will overwrite your RAM very quickly. Esp if you have a RAM intensive process which you conveniently start up before the martians eat through your door to take you and your PC away. A final and hilarious defense is running an imac. Since the RAM chips are pretty much impossible to get to, and booting from USB may be a problem using knoppix, or similar tools, the poor bastards are going to have to dip the entire thing into liquid nitrogen to get it back to the lab. Another gem. Use a vista readyboost USB drive. When you pull it out, windows will lose at least part of the RAM that it was using. It may be possible to store the key on the USB drive as well, not in RAM in which case you have another alternative. This whole RIAA thing is very tiring really. Soon taking a dump will be illegal. |
|
|
|
|
Logged
|
"Never attribute to malice that which can be adequately explained by stupidity." - Robert Heinlein
|
|
|
fire_missionary
Ranter Level 3
Karma: 32
Posts: 182
Flamethrower for the masses.
|
|
« Reply #50 on: November 06, 2008, 12:53:59 PM » |
|
With all the talk of data erasing tools, i'm suprised nobody linked this one: http://www.heidi.ie/node/6 Eraser. Simple, open source, free. It goes through the process outlined in Peter Gutmann's paper. It *theoretically* makes the data 100% unrecoverable in any way shape or form, without damage to the disks. From the site: Eraser Features
Works with Windows 95, 98, ME, NT, 2000, XP (32/64),Vista (32/64), Windows Server 2003 and DOS. It works with any drive including IDE, SCSI and RAID, and CD-RW's.
Uses the Guttmann (Default), Pseudorandom Data and US DoD 5220-22.M methods.
Erases Files and Folders.
Erases Files/Folders that were only previously 'deleted'.
Erases all hard drives using 'Darik's Boot and Nuke' method.
Erases Index.dat on Reboot
Erases Encrypted Files and Drives.
Erases FreeSpace on 95, 98, ME, NT, 2000, XP and DOS.
Erases contents of the Recycle Bin.
Erases Compressed Files and Drives.
Erases Network Files, Floppy Disks, CD-RW, DVD-RAM, DVD-RW.
Erases Windows Temporary Files.
Erases Internet Cookies.
Erases Paging (swap) file.
Erases Internet Cache.
Appears as an 'Erase' option on the Context Menu of Windows Explorer and Recycle Bin.
Comes with an Eraser Scheduler that allows you to create user-defined tasks.
Defeats File Recovery software applications Hardware tools.
Supports FAT32 and NTFS Files Systems.
Eraser is easy to use and comes with a dedicated support network. |
|
|
|
|
Logged
|
Spreading the Flame
"A contradiction cannot exist in reality. Not in part, nor in whole." - Zeddicus Zu'l Zorander
|
|
|
Scott Skawronska
Ranter Level 5
Karma: 81
Posts: 1151
Don't Pick Me.
|
|
« Reply #51 on: November 07, 2008, 12:11:00 AM » |
|
DBAN does Gutmann, too.
The question is, HOW LONG DOES IT TAKE?
S
|
|
|
|
|
Logged
|
"It burns me up when elitists try to force us into a situation where we must either beg for a totalitarian police state or submit to the desires of the antisocial."
SL: SSkawronska Seid
|
|
|
Xwaste
Ranter Level 2
Karma: 3
Posts: 47
|
|
« Reply #52 on: November 10, 2008, 02:16:18 AM » |
|
Isn't all this work pretty much redundant when they get your isp logs?
|
|
|
|
|
Logged
|
|
|
|
fire_missionary
Ranter Level 3
Karma: 32
Posts: 182
Flamethrower for the masses.
|
|
« Reply #53 on: November 10, 2008, 11:06:22 AM » |
|
Isn't all this work pretty much redundant when they get your isp logs?
If you encrypt your network activity (ip tunnel, TOR, w/e) then the isp logs aren't going to be of mush use. I suggest doing this if you plan on doing any "shady dealings" on the net. Granted, they could 'theoretically' unencrypt it on the fly, but that is a lot of money for hardware for that. And quite frankly, Comcast is in the business of making money, not spending it, so it is doubtful that you would have to worry about it much. Also, afaik, isp logs can only log the following information: Host IP Dest IP Port Time and possibly Size for each packet. But still, that is a lot of data to be logging, especially if you are one of the larger isps and have tens of thousands of customers. as far as how long it takes to do a Gutmann wipe. I used Eraser on my 80gb hdd at work, doing only the free space, and it took nearly a day and a half. I'd say it was about 60gb of free space too. Definetly not an optimal speed solution. But if you know that "ZOMG THEYZ AREZ WATCHINGZ MEZ!!!" and they aren't AT your door busting it down, you probably have time to burn your disks, or at least start on it. |
|
|
|
|
Logged
|
Spreading the Flame
"A contradiction cannot exist in reality. Not in part, nor in whole." - Zeddicus Zu'l Zorander
|
|
|
Yugosaki
Ranter Level 5
Karma: 81
Posts: 934
Professor Badass
|
|
« Reply #54 on: November 10, 2008, 11:35:41 AM » |
|
Isn't all this work pretty much redundant when they get your isp logs?
ISP doesn't know what you were downloading. Only when, and from where. To know what it was, they would have to keep a cached copy of all net traffic ever. that is impossible, Since even I would probably have several terabytes all to myself by now, I have a hard time storing all of MY OWN data. multiply this by like, 900,000 at, say. 10 tb a year each (keep in mind, this would include just regular web page surfing and stuff like youtube) that is a mindboggling amount of data for my city alone. The logistics of this is insane, so unless you specifically are being monitored, don't worry about the ISP's logs too much. My solution is just to keep all my drives encrypted, when the time comes, I can run a script which will unmount all drives, and then begin formatting them. even though chances are they wouldn't be completely destroyed before someone got in the door and stopped it, the data would still be inaccessible, since enough of the drive would be erased making it unmountable, and even if it was mountable you still need to defeat the encryption. if they ask me what the password is, well i've left the drives mounted for so long, I can't remember what it is. Sorry officer. |
|
|
|
|
Logged
|
second life: Yugosaki Coronet
Optimism- Ignoring the obvious
Pessimism- Believing the world sucks and if the worst can happen, it will happen.
Survivalism- realizing the universe is malevolent and doing everything in your power to thwart it's plans.
|
|
|
|
