[HacktionLab] book again. was: Hiding Stuff on your Computer

ana anap at riseup.net
Wed Sep 29 13:25:00 BST 2010 

Hi,

haven't seen any update on this, and nothing seems to have been added
since my last edition, so, how are we moving this on?

Will we want to continue working on the book in this next gathering to
include these concerns?

The london anarchist bookfair is in about a months time, it would be a
great place to make a first appearance ... or not?

ana

John wrote:
> Hi,
>
> I think the section "Hiding Stuff on your Computer" i.e.
>
> http://www.booki.cc/tech-tools-for-activists/hiding-stuff-on-your-computer/
>
> Needs to be completely revised lest we lull activists into a false sense
> of security just because they've encrypted a directory or two on their
> computers.
>
> It's always been a pain to ensure the ongoing security of a computer
> once an adversary has gained physical access to it, (e.g. the police
> have seized it).
>
> Here is a list of some of the problems I've come across, read about etc,
> please feel free to add to this if I've missed anything. My knowledge of
> cryptography and security is rather humble compared to some of persons
> on this list.
>
> Unencrypted Swap File/Page File:
>
> I've written a little about this already but I'm going to recap: On all
> modern operating systems Linux, Windows, OSX etc. There is a feature
> called virtual memory. This feature basically allows programs running on
> your computer to use a piece of your hard drive in a similar fashion to
> how they use RAM. This kicks in when more memory is required than is
> provided for by the RAM chips in your computer. On windows this
> information is stored in the pagefile on your hard drive and on
> Linux/BSD/OSX etc. it is stored on the swap partition. Unfortunately the
> information isn't encrypted and stays there after you have shut down
> your computer. There are freely available tools to search this file.
> I've retrieved browsing history, wireless network keys etc. from this
> data with ease. If you use the same password for these resources as for
> your encrypted files then potentially your data could be unencrypted by
> a person with physical access to your computer. The best way to protect
> against this is to encrypt not just your confidential folder(s) but also
> your swap folder/ pagefile as well. An even better solution is to
> encrypt your whole hard drive. Various Linux versions have this feature
> built into their installers and there are plenty of wiki's out there on
> how to do this. If you're stuck with using Windows (why? ;-) ) TrueCrypt
> encryption of your whole hard drive is probably the way to go.
>
> Firewire memory dump attack:
> See:
> http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation.
>
> This has been around for a few years now: If you have a firewire port on
> your PC/laptop and it is enabled it is possible to dump all of the
> contents of your RAM, Unlock your computer, (that is - if it is on and
> the screen is locked),and also to capture cryptographic keys stored in
> RAM. The easiest solution to this is by disabling Firewire in your BIOS,
> (also known as IEE1394). Note: this has been demonstrated on macs and on
> PC's running Linux and Windows.
>
>
> Cold boot attack:
> https://secure.wikimedia.org/wikipedia/en/wiki/Cold_boot_attack
> http://citp.princeton.edu/memory/
>
> When you shut down your PC it can take minutes for the data in RAM to be
> lost. You can extend this to hours by cooling, (see above). It is
> possible to quickly cool and power down the RAM chips in a computer and
> then boot up a tiny version of linux which will dump the contents of
> memory to disk/ usb drive etc. You can then recover cryptographic keys
> from this dump and unencrypt your confidential folder(s). This attack is
> hard to protect against but there are some things you can do: Disable
> hibernate and sleep to ensure ram is fully powered down when the
> computer is not in use and also use a second external form of encryption
> involving a usb drive or other external device.
>
> For the uber-paranoid:
> No system is fool-proof. If your computer/laptop has been
> bugged/compromised in some way. It doesn't matter how good your
> cryptography is if your keystrokes are being recorded!
>
> See:
> https://secure.wikimedia.org/wikipedia/en/wiki/Key_logger
> Also interesting
> https://secure.wikimedia.org/wikipedia/en/wiki/Van_Eck
>
> Cheers,
> John

_______________________________________________
HacktionLab mailing list
HacktionLab at lists.psand.net
http://lists.psand.net/cgi-bin/mailman/listinfo/hacktionlab

More information about the HacktionLab mailing list