|
Securing Mac OS X
A very nice initiative, Daniel.
I’ll look over it and hopefully learn something new :)
|
Well i’m hoping people will start securing their laptops. You’d be amazed how easy it was to gain access to pro laptops without them knowing. Most sporting events will see journalists using their laptops to supply their stories, but how many know that they are also supplying the info to anyone with a slight inclination at stealing that story?
|
|
|
Little Snitch is a great program, in fact it’s a damn useful program to work out when an application is being bad, especially with modern malware and viruses.
|
It would be really wise to those working in sensitive locations where they want to keep their work hidden by officials, plus the ever present possibility of your drive being cloned for inspection by the TSA (or any security agency really), or if you are in a situation where you have to divulge your login information to your laptop, you can still have your files tucked away in a hidden encrypted volume.
http://www.truecrypt.org/ along with a few other techniques in stenography will keep your files safe 98% of the time.
|
Patrick you raise a good point, especially with the way the US is going with regards to seizing laptops at the border. Rather than keep anything on the laptop, I’d keep it on an encrypted thumbdrive. The TSA chimp will rather take something large, over a small key drive, which can be hidden in many places.
|
I’ll agree with you on the thumbdrive or USB harddrive, much safer than keeping it on a laptop.
Though, I’m sure that if they do a full, intensive search with an xray, they will find the hidden USB keys (and then you have some explaining to do). The TSA is not just going to look at laptops, they can seize iPods, phones, compact discs, CF cards and pretty much anything that can hold data if they think it is necessary. The ultimate would be to work with the laptop as a thin client, and do all your work connected to a secure VPN server back home. That can be impractical if you are working with a lot of images and data.
If you have no choice, but to bring the files back with you physically. I’d put the files on a thumbdrive (or portable Hard Drives) in triplicate and mail them separately to a few safe locations. Then do a secure delete/wipe of the files off the laptop.
After that, you would do pretty well if you were intensively screened by any security agency.
This is, of course, if you have to time to prepare your laptop for inspection. I’d still use a truecrypt volume just in case you get one of those unexpected visits.
|
thanx daniel. lots of useful info in that whitepaper!
little snitch is king of stopping programs of “calling home” all the time.
and truecrypt…paranoid? yeah… useful? yeah…
regarding the tsa/customs in the us… the safer way of bringing any obscure material into the us if that is the concern. dont bring anything on any datastorage device at all. keep it online.. open up a few gmails and keep it all there… plenty of space… but as you say patrick.. with some gigs of raws that would obviously be rather impossible…
for the complete paranoia solution. make an encrypted folder or disk image with truecrypt, and upload this to gmail, or your own ftp for that sake… that should keep it safe…
or if you have an encrypted volume on you laptop, you can create another encrypted volume inside that one..and then inside that one..
that should take them some time to crack into :P
|
Thanks a lot for sharing this document, Daniel, and the link, Patrick. I’ll look at them both closely.
I’ve been thinking about laptop seizures myself, as I cross the border by land fairly frequently. What right do they have to copy any photograph that I may have on my hard drive. Is that not considered a copyright violation? Aren’t those images my property? So, now if I don’t want to be subjected to legalized theft by my own fucking government, I have to leave my laptop behind in a potentially risky situation or purge it of any information I don’t want copied, which may even be impossible to do.
But then again, Homeland Sicherkeit might be able to go into the publishing business and lower the tax burden on all of us by stealing our images, orphaning them, then selling them for big bucks.
It just never ends, does it?
|
It’s a shame that the border crossings we really have to worry about are the ones into the United States. Imagine the outcry by American business travelers if other countries started doing this as aggressively.
Anyway, I’ve been working on something that will let people cross borders with completely clean laptops and disk drives.
Also, I’ll be offering an encrypted proxy, for secure web browsing.
When it’s further along, I’ll announce here.
If you have a really pressing need for something like this, PM me and I can help you get started before the beta.
|
Jim, that sounds like a pretty interesting project, i for one would be interested in seeing if it could be bypassed (from a hackers point of view)
|
Hi Daniel. Basically I’ll be packaging up a lot of tried and true open source technologies to tighten up security for those who may lose their laptops either to thieves or DHS. GPG, SSH, SCP, tunneling, proxies and VPNs, along with DOD-grade file deletion and encryption key management, all geared towards journalists and photo journalists.
One technology I’m also looking at is software that will completely erase everything on a laptop, for real emergencies.
I’ll be setting up a network of proxy servers, too, accessible over SSH tunnels, using public keys, so that browsing is uninhibited by government firewalls. I did this manually from China a few years ago and it worked very well in getting past the “Great Firewall.”
My goal is to offer this as a service to journalists, through press clubs and organizations such as the CPJ and RSF.
Right now, I’ll be looking to set up the server end of things on a couple of boxes I control on fast connections in Tokyo, but later through more servers. For now, it requires a bit of tech-savvy, but I hope to have it to the point where anyone can download a bit of software and be sure that their data is safe.
|
Sounds excellent. Please put me on your contact/mailing list as I’d love to here how you and the project progresses.
|
Jim,
Sounds like a bloody good project. I was always amazed when people said they couldn’t get passed various government firewalls. The china one was piss easy, if you knew what you were doing.
My one issue is with Marius’s comment is that Google is a right cock when it comes to privacy, as with most “cloud” based solutions. To be honest, I store nothing important on any cloud server, especially if it is hosted in the US. Time and time again these companies have been approached by the stasi and willingly handed over access to accounts, WITHOUT a warrant in most cases.
I think a service like your one, Jim, would be welcomed.
|
|
Get notified when someone replies to this thread:
|
 via RSS
Recommended
|
 via email
You can unsubscribe later.
|
|
|
|
