chihiru <aScf@wsE34.com> wrote in news:Gv4xj.321131$1x.122958
@fe05.news.easynews.com:
> 
> 
Greetings all...I've been sick for about a week here, and haven't had
> much time to be by myself in order to keep up.
> 
There has been some
> concern expressed regarding the newest security breach for encrypted
> drives...
> 
I really don't see this as a problem.  It's always been
> suspected that this was possible, and inevitable.
> 
There are several
> factors you have to consider before this is taken as a real danger,
> but it should never casually shrugged off...things such as this need
> serious attention and can never be overlooked.
> 
1.  LEA has to
> suspect that you actually have encrypted drives...the first assumption
> is that you'll have some evidence on your hard disk, typically in the
> form of temp files residing in your internet files folder.  Or,
> perhaps in the My Documents folder.  Along with the Recycle Bin, I
> would assume these are the first places they'll look.

This would occur after they have made a copy of your hd, which is
most likely to happen back at the station.  Power will have been off
for some time by the time they do this.
> 
2. If your
> computer is in Stand-by when they come breaking in...you'll need to be
> prepared to be able to cut the power to the system immediately.  Even
> though your encrypted drives were unmounted forcefully...this will
> still give the DDR the time to clear after a few seconds.  This leaves
> them little time to act.  They have to get the case off and spray the
> memory...this takes precious seconds they cannot afford to waste. 
> Making things as difficult as possible to achieve this in a timely
> manner would work better in your favor.  Keep a kill switch within
> easy reach that can be used at a moments notice.

Done.  I wonder if they will approach every computer that way.  I have
a laptop within eyesight of the front door.  There is another computer
with my main computer.  They would likely first approach computers that
are "on" since there would be no way to know how long a computer has
been off.  I could be wrong about this.
> 
3. I've never
> trusted leaving the computer with a locked screensaver...IMO, you
> should never leave the immediate vicinity, regardless.  If you have a
> large upload...you can do so safely as long as the upload is encrypted
> and illegible without the proper tools.  You can make uploads using a
> clean version of Linux (or Windows), with the parts being on a
> removable drive.  If they find it...you couldn't decrypt it anyway
> because the tools needed to do so are on an encrypted drive.

I used to trust screen savers.  I didn't know there way any way to
practically get at the memory without that password.  My eyes have
been opened.

Last night I was downloading a file that was taking hours and hours.
I figured it would be done in about 5-6 hours and went to bed at
about midnight.  I woke up at 2:00 am and shut the computer down
so that I wouldn't miss that potential 6:00 am knock.  I'm now
thoroughly paranoid.
> 
4. If
> you have a memory wipe program, use it regularly.  If you don't have
> one...just make sure the power to your system is off for at least a
> minute before powering back up.

Well, mine is either on or off.  No in between.
> 
5. I don't use a laptop...never
> have, not for this.  I always figured that this might be an issue
> because of the low power consumption they require.  It's well known
> that the cold can cause memory to run sluggish and doesn't clear right
> away...it's been known that hard disks will run better after being
> frozen.  I don't trust laptops.

I had one laptop I was planning to use, but Winostics doesn't allow
connections from typical laptop wireless devices.  I tried running
VMWare after loading truecrypt from a CD, but it wasn't practical
because I lacked enough memory.

Since that time, I've become too paranoid, and I no longer use a
laptop for anything on-topic.


> 

> 6. Use regular maintenance, and
> be habitual...the little things you do can save your ass...regardless
> of how tedious they might be.
> 

> Just my opinion, and my two cents.
> 
Just make sure that you're not careless...and watch everything you
> do.
> 
 ***[2/26/2008 9:59:09 PM] END PGP DECRYPTED MESSAGE *** 
> 

I'm watching what I do so much my eyes are having trouble focusing.

Kish.