[HacktionLab] book again. was: Hiding Stuff on your Computer
ana
anap at riseup.net
Fri Oct 8 23:19:06 BST 2010
Hi again
I have re-worded the last paragraphs and added some of the paras written
here by JohnC. I'm gonna try to take a few copies of this to the bookfair.
Shout if there are any objections ... do we have an irc channel? I am
there now, hanging around on the #aktivix channel
ana
ana wrote:
> Hi,
>
> haven't seen any update on this, and nothing seems to have been added
> since my last edition, so, how are we moving this on?
>
> Will we want to continue working on the book in this next gathering to
> include these concerns?
>
> The london anarchist bookfair is in about a months time, it would be a
> great place to make a first appearance ... or not?
>
> ana
>
> John wrote:
>
>> Hi,
>>
>> I think the section "Hiding Stuff on your Computer" i.e.
>>
>> http://www.booki.cc/tech-tools-for-activists/hiding-stuff-on-your-computer/
>>
>> Needs to be completely revised lest we lull activists into a false sense
>> of security just because they've encrypted a directory or two on their
>> computers.
>>
>> It's always been a pain to ensure the ongoing security of a computer
>> once an adversary has gained physical access to it, (e.g. the police
>> have seized it).
>>
>> Here is a list of some of the problems I've come across, read about etc,
>> please feel free to add to this if I've missed anything. My knowledge of
>> cryptography and security is rather humble compared to some of persons
>> on this list.
>>
>> Unencrypted Swap File/Page File:
>>
>> I've written a little about this already but I'm going to recap: On all
>> modern operating systems Linux, Windows, OSX etc. There is a feature
>> called virtual memory. This feature basically allows programs running on
>> your computer to use a piece of your hard drive in a similar fashion to
>> how they use RAM. This kicks in when more memory is required than is
>> provided for by the RAM chips in your computer. On windows this
>> information is stored in the pagefile on your hard drive and on
>> Linux/BSD/OSX etc. it is stored on the swap partition. Unfortunately the
>> information isn't encrypted and stays there after you have shut down
>> your computer. There are freely available tools to search this file.
>> I've retrieved browsing history, wireless network keys etc. from this
>> data with ease. If you use the same password for these resources as for
>> your encrypted files then potentially your data could be unencrypted by
>> a person with physical access to your computer. The best way to protect
>> against this is to encrypt not just your confidential folder(s) but also
>> your swap folder/ pagefile as well. An even better solution is to
>> encrypt your whole hard drive. Various Linux versions have this feature
>> built into their installers and there are plenty of wiki's out there on
>> how to do this. If you're stuck with using Windows (why? ;-) ) TrueCrypt
>> encryption of your whole hard drive is probably the way to go.
>>
>> Firewire memory dump attack:
>> See:
>> http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation.
>>
>> This has been around for a few years now: If you have a firewire port on
>> your PC/laptop and it is enabled it is possible to dump all of the
>> contents of your RAM, Unlock your computer, (that is - if it is on and
>> the screen is locked),and also to capture cryptographic keys stored in
>> RAM. The easiest solution to this is by disabling Firewire in your BIOS,
>> (also known as IEE1394). Note: this has been demonstrated on macs and on
>> PC's running Linux and Windows.
>>
>>
>> Cold boot attack:
>> https://secure.wikimedia.org/wikipedia/en/wiki/Cold_boot_attack
>> http://citp.princeton.edu/memory/
>>
>> When you shut down your PC it can take minutes for the data in RAM to be
>> lost. You can extend this to hours by cooling, (see above). It is
>> possible to quickly cool and power down the RAM chips in a computer and
>> then boot up a tiny version of linux which will dump the contents of
>> memory to disk/ usb drive etc. You can then recover cryptographic keys
>> from this dump and unencrypt your confidential folder(s). This attack is
>> hard to protect against but there are some things you can do: Disable
>> hibernate and sleep to ensure ram is fully powered down when the
>> computer is not in use and also use a second external form of encryption
>> involving a usb drive or other external device.
>>
>> For the uber-paranoid:
>> No system is fool-proof. If your computer/laptop has been
>> bugged/compromised in some way. It doesn't matter how good your
>> cryptography is if your keystrokes are being recorded!
>>
>> See:
>> https://secure.wikimedia.org/wikipedia/en/wiki/Key_logger
>> Also interesting
>> https://secure.wikimedia.org/wikipedia/en/wiki/Van_Eck
>>
>> Cheers,
>> John
>>
>
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.psand.net
> http://lists.psand.net/cgi-bin/mailman/listinfo/hacktionlab
>
>
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.psand.net
> http://lists.psand.net/cgi-bin/mailman/listinfo/hacktionlab
>
More information about the HacktionLab
mailing list