 |
| |||||||
| Notices |
| Computer Geek, Gadgets and Electronics- Περι υπολογιστών Software, hardware, help, coding, recomend a computer, electronics and gadgets... - Λογισμικό, ηλεκτρονικές συσκευές, βοήθεια, προτείνετε έναν υπολογιστή.. |
 |
| | Thread Tools | Display Modes |
06-20-2008, 09:39 AM
| #1 |
| The Big Boss  Join Date: Oct 2006 Location: In your head
Posts: 4,237
   
| Good tips on how to avoid the government spying on your computer Good tips on how to avoid the government spying on your computer Intrusive Surveillance THOMAS: What is this thing?Intrusive Surveillance basically means any type of surveillance that is occurring due to some form of intrusion into your machine. As such, it is the most difficult form of "forensics" to defend against, since doing so involves the securing and hardening of your operating system against attack. While keeping up with security patches is a necessary condition to be secure, sadly it is not sufficient. In spite of this, there are several obvious indicators that someone is investigating you/watching what you do with your computer. I should probably start this section off by saying that if you need anonymity, you should probably reinstall your system now. Especially if you use Windows and Internet Explorer. It is way to easy for those machines to become infected with spyware if you haven't been practicing safe computing up to this point. I've even seen spyware that modifies the Internet Explorer To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. string to contain a unique 128bit identifier. Root Kits Root Kits are the most intrusive and stealthy form of system surveillance around. They are typically designed to take complete control of your operating system kernel, causing it to lie to you about what processes are running, what network connections it is making, system diagnostics, and so on. Luckily, if someone just wants to spy on you, they are much more likely to only install a keylogger rather than a full blown rootkit. However, knowing some basic info about how to detect rootkit installation is helpful for finding keyloggers as well, especially since as keyloggers grow in sophistication, the line between them and complete rootkits will blur. For most users, this section probably covers a threat model they do not need to worry about (although with To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. by RIAA goons, this is rapidly changing). Many users will want to just skip to the section on To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , which describes how to use rootkits to hide various items on your system from a fascist administrator and for plausible deniability ("a hacker did it! Who installs a rootkit on their own machine?"). Still, even in this case a read over this section is recommended, since it will tell you how to undo what you have done.
If someone is out to spy on you, by far the most likely thing they will do is install a keylogger. Some keyloggers can be easy to find, some almost impossible. There are two types of keyloggers, software and hardware. Hardware he main thing to watch for is an To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. coming To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. your keyboard and the back of your computer. However, also be wary of To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . If your physical environment can't be trusted (note that depending on your situation, this may or may not include To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. ), buy a new keyboard and seal it with epoxy, or some tamper evident mechanism. Also periodically check the inside of your computer for dangling pieces of electronics coming between your keyboard port and your motherboard. Normally there should only be wires or nothing at all. People have been prosecuted using keylogged data as evidence. Software
Keyloggers are typically pretty blind. Especially kernel and hardware keyloggers. If you are at a machine you cannot trust and do not feel like making it trustworthy, you do have some options to at least protect your passwords. For example, switching windows mid-password, cutting and pasting characters, and using the mouse to delete sections of text randomly are all effective against hardware and kernel keyloggers, which will only focus on actual keyboard events. Message-hook and other application-level keyloggers can also be fooled in this way, but they can attempt to do things like sort keystrokes by destination window, target only specific apps, take screenshots, and even attempt to capture cut and paste events. In fact, most commercially available software keyloggers have advanced to the point where they are able to track both cut and paste activity and sort keystrokes according to their destination window. You can still attempt to confuse them by entering keys into other fields in the same window, however. Watching Your Back Ok, now that we know how to find and remove keyloggers and rootkits, we're going to talk about how to use them to conceal what you are doing, and to watch for evidence of nosy coworkers. Using To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. with this To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. will hide an OpenVPN installation. copy c:\windows\system32\cmd.exe Desktop\mycmd.exe will give you a command shell on your desktop that is still able to see the Hacker Defender config files. Be aware that antivirus software may detect hacker defender, especially before it has a chance to run. The README advises you insert <, >, ", and & characters randomly into the config file fields to help avoid detection, though obviously this is not fool proof. To conceal the Hacker Defender executable, you may wish to run it through To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , which is an executable encryptor. Even this is probably not foolproof, so use with caution if you are in an environment where the network administrator receives virus information on your PC. FIXME: In a future revision, write up how to turn a webcam (and/or audio mic) into a security camera, to watch over your computer while you are gone in order to catch a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. in the act of installing/retrieving a hardware or software keylogger at your computer. An To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. can be found at engadget. For Linux there is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , and To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . A HOWTO on building a mini computer dedicated just to video surveillance on Linux is available at To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . Windows?? On Windows, it is also possible to install monitoring software such as those To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. to monitor your computer. Promising candidates include To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. and To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . FIXME_WIN32: maybe also write a section on how to elevate privs on your own machine. Can OpenVPN be installed from a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. ? Many people will not have Administrator access on their machines. Test on vmware. You probably can't add yourself to Administrators, since that is a Domain group.. Can you create a RunAs.. shell? Throwaway Computing In certain situations where you have freedom over the computer but do not trust it, you might consider using a bootable CD. The obvious choice is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. or a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . I prefer To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. since it automatically supports my wireless card (unlike Knoppix) and comes with lots of useful security tools right on disc. It is possible to customize Knoppix using a USB key, so a Knoppix CD+tor on your USB key might be helpful if you frequently find yourself in shady labs. The To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. includes Tor, so maybe that will happen someday. For pre-configured, pre-tested Tor environments, you can try out To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , which is an OpenBSD-based boot cd that includes Tor and has everything preconfigured to use it. Alternatively, you can save yourself some effort and To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . Alternatively, you can build a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. for the same purpose if you prefer Windows. While there are To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. of To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , my favorite route is to use To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. (which contains many of those plugins) and then just keep any extra apps I want (such as Tor) on my USB Key. The To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. is excellent for this purpose. Either of these methods provide maximum protection and assurance against software trojans and viruses. In addition, you automatically get protection against cookie logging and browser history data for free. An alternate (and possibly more convenient for home use) method is to use To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. (or To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. ) to create an innocuous looking operating system to interact with the real world. This has the advantage that if you need to use your original setup for something, you can, but for all other communications you have a system that you wouldn't mind being attacked. Furthermore, VMWare has a feature that allows you revert to a known safe snapshot of the OS at any time, which can be useful to ensure you haven't been trojaned or acquired any persistent cookies during your session. The snapshot feature of Xen is still in development, but To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. are possible to get the same effect. Search and Seizure The last and most perilous threat to your privacy is when The Man To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. and To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. (and they will take To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. ). This sucks, and will often leave you without computer equipment for the To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . There are To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. of warrants, but the courts have proved to err on the side of The Man. Of course, it is always advisable to practice good Kung Foo so that he's never able to trace you in the first place, but luck favors the prepared. You never know when To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. decides to turn states evidence, or some enemy of yours To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. it might be funny to see you sweat out an investigation for no reason. As such, lets spend a bit of time discussing how search and seizure functions in the US. Warranted and Warrantless Search There are several methods by which an Agent can obtain the legal right to search and seize your digital goods, most of which are conveniently outlined in the US DOJ To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. ( To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. ). There are a couple instances where they can get away with searching you WITHOUT A WARRANT that you might not have anticipated:
|
|      |
|
06-20-2008, 09:41 AM
| #2 |
| The Big Boss Join Date: Oct 2006 Location: In your head
Posts: 4,237
| Re: Good tips on how to avoid the government spying on your computer Civil Procedure In addition to the above, you need to be at least peripherally aware of the To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. in To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , especially if it is likely that someone may seek to sue you for damages instead of (or in addition to) pressing charges. In civil procedure, if there is reason to believe that you may have evidence supporting the plaintiffs claim, the process of discovery enables them to demand evidence/records from you. If you destroy this evidence, then not only are you potentially liable for criminal charges, but the plaintiff also is allowed to assume that the destroyed records contained the proof they sought. In the case of civil litigation by large corporations against individual people, the police are sometimes called in to immediately seize relevant materials without warning. Isn't that great? Encrypted Filesystems The solution to these perils hinges on cryptography, and each system has its own way of accomplishing this. Depending upon your threat model for The Man, you may want different levels of assuredness that he cannot obtain your data. As described above, your two main classes of threat are civil action, and criminal action. In the case of threat of civil action, it may be desirable to employ some form of steganographic filesystem so that the process of discovery cannot be used to assume you have destroyed incriminating evidence. Your best bet for this is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , which has an appealing hidden volume mode which can provide deniability for civil situations where you are compelled to give up the key during discovery. It exists for Windows and Linux, but since it is the only non-broken implementation of an encrypted filesystem for Windows, the writeup for it is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . If you decide to use TrueCrypt for Linux, you should be aware that there are secondary logs (ie bash history on Linux) that can be used to demonstrate that files exist if they are not carefully purged. In a criminal situation the rules are a bit different. In the US, you may have To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. in claiming that your encryption key is protected by your To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. right to not incriminate/testify against yourself. However, be aware that if you are subpoenaed to testify against another individual, you can be ordered to give up their key, unless they are To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . In the event that you are ordered to testify against someone else, you can request To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. from the prosecution to protect you from any incriminating evidence found as a result of the key disclosure. Your ability to assert your 5th amendment right (and thus be eligible for immunity) ultimately rests with the decision of the judge. If he thinks your 5th amendment right does not apply to the key due to the lack of real threat of incrimination or some other twisted legal logic and you still refuse to surrender it, you can be sentenced to To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. for contempt of court. Note that you can still be charged with contempt for refusing to obey even if you believe a higher court would rule in your favor. However, refusing to comply would get you a good deal of (most likely positive) press attention. Nobody likes to see people imprisoned for refusing to testify against themselves, even if some legal loophole would allow it. There has been To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. in the UK to attempt to enable Part III of the To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. to give the government the power to demand your keys even in the cases where it may incriminate you. This is particularly short sighted for a number of reasons, the most obvious being: the ramifications of the damage of trust in SSL certificates and banking communications; the inability to discern what is encrypted data and what is simply random application data; the inability to discover or prove with any certainty exactly how many passwords there are; the unspecified language as to whether key files count as password, and what happens if they are lost or destroyed; and the inability to prove that the subject hasn't legitimately forgotten the password (which, with the infrequent use patterns of filesystem passwords, is entirely possible and even common among users). The rest of the world should thank the UK if decides to take it upon itself to prove the stupidity of this action for us. I have no doubt that this measure cannot survive in any country with a legitimate constitution or other declaration of human rights, for good reason. Get ready, hilarity is about to ensue. So enough of that. Lets discuss filesystem cryptography on each of the 3 major platforms, as well how to erase data securely as you move it from non-encrypted storage to encrypted storage. As usual, *BSD users are left to To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . If anyone would like to submit a quick and dirty BSD writeup for this HOWTO, don't hesitate. Under all of the following systems, you will need to make one or more passwords for each encrypted volume. You should avoid writing these passwords down at all costs, but note that filesystem passwords are particularly easy to forget, since they are used infrequently. As mentioned above, this fact makes mandatory key disclosure particularly short sighted. It is very possible to forget filesystem keys and risk complete data loss. For this reason, you should mentally rehearse your passwords every day for several weeks after you create them to make sure you do not forget them. I consider myself fairly mentally competent, but I have still lost more than one encrypted volume after creating it because the password was used once for creation and then forgotten. Linux There are two main cryptographic filesystem solutions for Linux: To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. and To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . TrueCrypt setup is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , and arguably it has some more appealing features than dm-crypt, but since it is not included in any major distributions, typically you will have to recompile your kernel to support it. Setting up dm-crypt is relatively easy to do (at least for a simple To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. ), and their wiki has several good HOWTOs. Unfortunately, setting it up right can be extremely hard and involved. Please read this guide carefully, as there are many subtleties than can catch you off-guard. To protect against the legal snafus mentioned above, I prefer a bit different approach than that given on the Wiki for actual device creation. I prefer to use To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. G to encrypt the filesystem key, and have the passphrase I type into the keyboard be the password to the To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. G key. This enables you to change the password without having to rebuild the filesystem. It also enables you to carry the key with you on a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. to ensure its safety and also to prevent anyone from mounting the fs even if they know the password. In emergency situations, the USB key can be destroyed, and the data can never be recovered. In this way, you can be in full compliance with a court order requiring the password for the filesystem and still not reveal your data. Note that if you destroy a key after a court demands to see it (or simply refuse to give up the password) you can be held in contempt of court and sentenced to jail time (in the US, this is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , however). However, if the key/data is a substantial portion of the prosecution's case, and the sentence you are facing is more than 6 months (or if you are a hardcore civil libertarian type), you may want to tell them to fuck off anyway. Probably would get you a good deal of (most likely positive) press attention. Nobody likes to see people imprisoned for refusing to testify against themselves, even if some legal loophole would allow it. Note Since The Man will usually attempt to take all of your electronic gear right away, you will have to find some mechanism to either store the key some place safe or have an instantaneous mechanism to destroy it as soon as you hear the knock. Be advised that if your key media fails, you will lose all your data. Floppies are a no-no, but can be used to provide plausible deniability. Here are the steps to generate such a key that can be destroyed on a moment's notice: [root@machine ~/dir]# dd if=/dev/random bs=4k count=1 | gpg -a --cipher-algo AES256 -c - > /mnt/usb/keys/fs.gpg[root@machine ~/dir]# gpg -q -o - /mnt/usb/keys/fs.gpg | cryptsetup -v -c aes create cryptfs /dev/hdxN[root@machine ~/dir]# mkfs.ext3 /dev/mapper/cryptfs[root@machine ~/dir]# mount /dev/mapper/cryptfs /crypto So basically what this does is get some random data for the fs key material, and use gpg and AES256 to symmetrically encrypt (-c) it with your passphrase. The next command then decrypts your key file and uses the key material to initialize the dmcrypt driver using /dev/hdxN, where x is one of a-d, and N is the partition number. Note you can also use files instead of partitions, but it is not recommended, especially if that file resides on a journaled filesystem. After that, the /dev/mapper/cryptfs block device will appear, and you can format it for whatever FS you like, and then mount it. For added safety, I prefer to move /var, /tmp, and /home to /crypto and create symlinks back to /, so that .bash_history and system logs aren't available to someone who might want to prove you have certain files or access times. You should run telinit 1 before doing this, to ensure that no daemons are running and actively using those directories when you move them. [root@machine ~/dir]# telinit 1 [or reboot into single user mode] [root@machine ~/dir]# [killall rpc.idmapd] [root@machine ~/dir]# [umount /var/lib/nfs/rpc_pipefs] [root@machine ~/dir]# mv /var /tmp /home /crypto [root@machine ~/dir]# ln -s /crypto/* / [root@machine ~/dir]# [vim /etc/selinux/config] [root@machine ~/dir]# telinit 3 [or reboot] On Fedora Core 4 systems, you'll need to killall rpc.idmapd and possibly umount /var/lib/nfs/rpc_pipefs before the mv, or just reboot into To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . In addition, this whole setup is likely to cause SELinux conflicts, so you should probably set SELINUX=permissive or SELINUX=disabled in /etc/selinux/config (or add selinux=0 to the kernel boot parameters in /etc/grub.conf). Once this is complete, you'll want to make sure that your crypto fs is mounted before anything tries to use /var. The way I prefer is to create a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. to gpg that has the right options to enable it to work from /etc/rc.d/rc.sysinit. For Fedora Core users, you can typically just call that script right after the rest of the local filesystems are mounted. Search the rc.sysinit file for "mount -a -t" or "Mounting local filesystems". You should end up somewhere near a bunch of mount -f lines and an SELINUX relabeling call. Stick a call to /path/to/mount-crypto right before the SELINUX stuff. If you prefer to run your system in runlevel 5 (with graphical login), you will need to edit /etc/grub.conf and remove the rhgb option from the kernel config line in order to be able to enter your FS password. Note that you will probably want to have a boot disk handy or be ready to do To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. from the boot command line in case something goes wrong. Alternatively, if you don't wish to be prompted for a password at bootup because the machine is a remote server, you can use chkconfig or edit /etc/rc.d/rcN.d (where N is your runlevel -- type runlvl as root if unsure) to remove syslog, sendmail, crond, atd, and any other daemon that shows up in an lsof -n | grep var and lsof -n | grep tmp. In summary: [root@machine ~/dir]# runlvl [root@machine ~/dir]# lsof -n | grep var [root@machine ~/dir]# chkconfig --level 3 syslog off [root@machine ~/dir]# chkconfig --level 3 sendmail off [root@machine ~/dir]# chkconfig --level 3 crond off [root@machine ~/dir]# ... Unfortunately, there are likely to be a crapload of daemons you're going to have to do this for, especially if you run Fedora Core 4. Once you finish this, you'll want to make a script that mounts and then starts all the needed daemons. As a starting point, you can have a look at my To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. and To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . Note that if your system is running remotely, it may not be too happy about brining sshd up for you after the unmount or upon bootup, unless you mkdir -p /crypto/var/empty/sshd/, and mkdir -p /crypto/var/lock/subsys in the unmounted dm-crypt directory. It should go without saying, but if you go through all this trouble to encrypt your harddisk, you shouldn't leave backups lying around on unencrypted media. If you have to transfer a backup to unencrypted media, tar it up, and then use gpg --cipher-algo AES256 -c to encrypt it. To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. G does compression before encryption. Last, but not least, you should also consider encrypting your swap so that pieces of programs you run aren't recoverable after shutdown. I prefer to use the lazy route and just To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. on the encrypted filesystem. Note An alternate procedure to protect /var and /tmp is to encrypt your entire root filesystem and place the decryption scripts on an initial ramdisk. I have not done this, because it means that you cannot reboot your servers remotely, but it requires a hell of a lot less hacking with initscripts and SELinux permissions. As you saw above, this process can get pretty involved. The Gentoo Wiki has a page on To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. for Gentoo, and Linux Journal has an article on setting up an To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . This To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. describes the same process for Ubuntu. Mac OS In MacOS you have two options. If you trust Apple (and your sysadmin, where applicable), and really believe there is no master password set, you can use the built-in To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. feature to encrypt your entire home directory with 128 bit AES, or you can attempt to To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . Given the amount of work involved in doing it yourself, I would suggest trusting Apple and going the FileVault route. Windows In Windows, everything is easy. Unfortunately, everything also sucks. For some reason, Windows implements encryption at the filesystem layer, and you can enable it by right clicking on a file/folder and going to Properties->Advanced. Unfortunately, all of the file names in an encrypted directory are still viewable without the key. Worse still, the Administrator account has access to all these files through a special recovery key, and there seems to be no option to disable this. If you do choose to run Windows on your desktop, an alternative you might consider is building a Linux fileserver that houses all your sensitive documents on an encrypted Samba share, but be aware that Samba does not encrypt traffic. You can set up an To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. between your Linux and Windows machine, however, if there is danger of someone monitoring your network. TrueCrypt Another alternative is to use To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , which actually provides the benefits of both crypto and steganography in that it has an emergency password that you can use if ordered to reveal your filesystem password under threat of force. TrueCrypt is a very nice piece of software, and more than makes up for the pile of suck that is NTFS encryption, and now also has a Linux version. Creation of hidden volumes is pretty straight forward. There is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , but really you only need to be aware of a couple of things. First, it is best to create the hidden and the outer volumes at the same time, using the "hidden volume" radio button. The outer volume is created first, and is populated (by you) with non-sensitive files and encrypted with the emergency password. Note that if you place more data on the outer volume later, you must remember to specify your hidden volume password as well, so TrueCrypt is able to find areas unused by the hidden volume to store the new data. Once the volumes are created, you can mount the same volume file/partition with either password to test it out. Additionally, TrueCrypt has recently added support for keyfiles. The support for this feature is particularly excellent. You can combine an arbitrary number of keyfiles along with a password to yield the actual key to the filesystem. This allows you to create a collection of both fake and real keyfiles such that your adversary has to know To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. are actually required (assuming they can even find any of them), in addition to knowing your password. It can be seen from To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. (or by visualizing keyfile "fake/real" as a binary string), that for N keyfiles, the total number of combinations of keyfiles is 2N. Thus you can easily provide for a large number of possible combinations of both keyboard and mouse input (which is particularly comforting if keyloggers are a possibility). Couple this with hidden volume support and clever concealment of encrypted volume files amongst other large and unintelligible program data files, and you have yourself a pretty secure and undetectable encrypted setup. Just remember to frequently mentally rehearse all of your passwords (instead of writing them down), as mentioned above. Filesystem passwords are used much less often than login passwords. It is easy to forget them. The only real drawback is that TrueCrypt cannot encrypt the Windows Swap file. This means that it is possible for programs to write pieces of their memory to disk unencrypted. This obviously can leak sensitive information. However, the swap file can be disabled in Windows XP by navigating through Start->Properties->Advanced tab->Performance section->Settings->Advanced tab->Virtual Memory section->Change->No Paging File->Set->OK. On Linux, however, a TrueCrypt volume can of course contain a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. as discussed above. SeizeD For the extra paranoid, you can write a quick perl script to monitor network connectivity, and immediately unmount and remove the crypto device as soon as pings fail (or execute any other arbitrary command). I've done this already for you. My first cut was a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. that pinged a series of hosts and executed your To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. script from To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . This script gave The Man one second to move your machine to a network that would also respond to all those pings while he transported it. This is problematic in that The Man could simply throw in a hub with a bunch of machines that would also respond to those IPs and turn it on as soon as they disconnected your box from the network (assuming they figured out what to do about power). So after thinking about it for a bit, I decided I didn't even want to make it that easy for that bastard. So I wrote a pair of scripts you can run on various machines on your LAN (or across the Internet) to ensure network connectivity. The way this works is there is a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. and a To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . The client script is the one you run on your secure machine, and the server script you run on any host on the Internet. The scripts are written in standard perl, and depends upon the Unix utility md5sum, which is available on Linux, Mac OS, and To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . You should be able to replace md5sum with any command line hashing program, such as To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. if you do not want to install all of cygwin. When you start the pair (start the server first), they ask you for a password to be used for that session. The client script then periodically (every 0.25 seconds by default) sends the MD5 (or SHA1) hash of a random number (from /dev/urandom) to the server script, and the server script appends this random number to your password. It then hashes this combined value, and sends the result back to the client. The client compares this value to one it generates locally via the same manner. If they match, the process is repeated with a new random hash, if they do not match, a script you specify (such as To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. to unmount your drives) is run. The script is also run after a timeout period (1 second) or if the TCP connection otherwise dies. This is a common cryptographically secure authentication technique that is used to prove two people know a password without revealing it to a third party (The Man). Note that there is nothing stopping you from running multiple copies of this program on a given machine to connect to multiple servers with different passwords, in case there is concern a password could be recovered by attacking a particular server. It won't hurt your volume to attempt to unmount it twice. Secure Deletion Oftentimes you will have old or temporary copies of data left on your hard disk after you finish making your encrypted filesystem. Sometimes applications will save data to unencrypted locations by default before you realize what they are doing. In these cases you need to have a mechanism to wipe traces of this data clean. Simply deleting files is not enough, since deletion only removes files from the directory listing and does nothing to actually remove their contents until they are overwritten by some new file. Whenever the topic of secure deletion comes up, an argument will inevitably be raised as to how many times a file must be overwritten and what must it be overwritten with in order for it to be truly gone. The tinfoil hat crowd will tell you all sorts of horror stories about this or that government agency that has the power to read through N+X layers of random overwritten data, where N was the number you asserted was secure and X is some arbitrary additional amount they made up to make you feel bad. My personal opinion is that somewhere between 2 and 5 really is all you need. As drives become larger, the cost factor involving finding data below an arbitrary number of writes over the span of the entire disk grows tremendously. And then who's to say that the data wasn't there from a previous owner, possibly even someone who returned a drive back to the manufacturer because of some defect that was corrected and the drive resold. The other factor is that if secure deletion takes forever, you will find yourself doing it less and less, and postponing it more and more because it will interfere with your real work. This is obviously much worse than minimally wiping something quickly right away and getting it over with. Linux On Linux, the relevant utility is called wipe. There are two versions of this utility. The more popular one is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , and the other is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. . For most uses, I would just accept the defaults. To wipe a file, wipe filename should be fine. wipe -r directory will get an entire directory recursively. To wipe all free space on a drive, wipe -a some_file should do the trick. Mac OS On Mac OS, secure file deletion is built right in to the trash bin. You need to ensure that you To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. this process, however, or you may loose access to any FileVault volumes you may have. Keep the power plugged in. It is also possible to erase free space on your Mac if you emptied the trash bin without using the secure file deletion option. For instructions on how to do this, go to Applications/Utilities and select Disk Utility and search the help for information on erasing free space. FIXME: Better description. Can it do free space? Windows On Windows, far and away the best option is To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. , since it adds right-click context menus to wipe a file or directory, and allows you to schedule tasks to wipe all free space as well. Very nice piece of software. |
|
| |
|
08-31-2008, 09:31 AM
| #5 | |
| Moderator  |  Re: Good tips on how to avoid the government spying on your computer Quote:
| |
| |
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
