[Novalug] PC Security

Mark Smith mark@winksmith.com
Sun Aug 10 18:55:53 EDT 2014


indeed.  security always starts with physical.  you can take the hardest
encryption in the world and turn it to butter if you have access to
the hardware.

i recall an amusing anecdote now.  a drug kingpin was using hardened
encryption for his disk drive and felt himself safe from law enforcement.
i believe the law installed a key logger on his keyboard wire.  got his
password easy enough.  don't need to beg him for his password.

i recall successful espionage by just employing a camera in a xerox
machine.

the point is, that all it takes is physical access.  any security paradigm
must start with that.

On Sat, Aug 09, 2014 at 07:59:32PM -0400, Roger Broseus via Novalug wrote:
> The topic of security of data on PC's came up today during Simon's interesting presentation. As has been said many times, it was asserted that if one has physical control puff a PC, they "own it." Even data on luks encrypted partitions because security depends on passwords. As Simon illustrated, it's relatively easy to change a pword.
> 
> Fallback position: Truecrypt sensitive folders or even whole partitions. There may be other solutions. (http://tinyurl.com/lgqko34)
> 
> Comments? Alternatives to get around the password vulnerability?
> 
> Please relegate to another thread the E4M dispute between Truecrypt maintainers and SecurStar  (discussed in detail at Wikipedia). Same for robustness of encryption.
> -- 
> Roger Broseus
> www.bronord.com
> **********************************************************************
> The Novalug mailing list is hosted by firemountain.net.
> 
> To unsubscribe or change delivery options:
> http://www.firemountain.net/mailman/listinfo/novalug

-- 
Hei konā mai
Mark Smith
mark@winksmith.com



More information about the Novalug mailing list