1
   

Is anyone else encrypting thier hard drives?

 
 
Rockhead
 
  1  
Reply Mon 26 Sep, 2011 09:57 pm
@BillRM,
I still think this is about porn.

whattaya got on your hard drive that you're not supposed to, Bill...?
BillRM
 
  1  
Reply Mon 26 Sep, 2011 10:00 pm
@Rockhead,
I have a nice porn collection however at least in the US it is 100 percent legal so no it not about porn.
0 Replies
 
maxdancona
 
  1  
Reply Mon 26 Sep, 2011 10:03 pm
@BillRM,
Bill,

You are posting an advertisement from a company that sells security products. This is hardly a reliable source. It is a marketing piece from someone that benefits from people being worried.

How about posting legitimate news story. I would be interested to know how quickly this woman got her money back from the bank (and how much money she got for agreeing to be in an advertisement). A quick google search shows a company with that name is still in business.


trying2learn
 
  1  
Reply Mon 26 Sep, 2011 10:09 pm
@BillRM,
You know what? I don't care. Yes, I have been faced with fraud and I filed those papers. I did get my money back, better yet
0 Replies
 
BillRM
 
  1  
Reply Mon 26 Sep, 2011 10:18 pm
@trying2learn,
I also find it amazing that anyone would wish to go through hell with their banks and investment firms in order to try to be make whole after a large loss instead of taking a few simple steps to prevent such a loss in the first place.

But feel free go through life in faith that the current bankings laws will made you completely whole.

Not only is not the bulk of the funds that are either mine or that I am responsible for are not in banks but those funds in total are over the 250,000 limit for the banking insurance laws by a fairly wide margin.

I have no wish to become an expert in the laws concerning Mutual funds management as far as it deal with covering large losses of it customers by fraud.

Truecypt is free and secure program that reduce one risk to near zero.

trying2learn
 
  1  
Reply Mon 26 Sep, 2011 10:28 pm
@BillRM,
I did nothing wrong and wasn't even home when the fraud took place. It was after getting home and reading my mail is when I found out that the bank had wired my money to some company without my consent or knowledge. Btw, the United States Attorney General went after the companies involved.

Actually, for me it wasn't hell because it was such a minor amount of money I found it funny in a way. How sad that 2 major business' were taken down for taking little amounts from all sorts of people. Those companies and knew what they were doing and got what they deserved. I have NO sympathy for them.
BillRM
 
  1  
Reply Mon 26 Sep, 2011 10:29 pm
@maxdancona,
Quote:
You are posting an advertisement from a company that sells security products. This is hardly a reliable source. It is a marketing piece from someone that benefits from people being worried.


The same story was contain in PDF released by the FBI as a public warning and only the lack of ability to cut and paste from the FBI PDF cause me to go to a secondary source for the same story.

However if running a free and reliable program is far too must trouble for you to do to protect your own funds who am I to disagree with you?

For myself and my family I will keep running truecrypt and such programs as sandboxie on all my family computers.
BillRM
 
  1  
Reply Mon 26 Sep, 2011 10:36 pm
@trying2learn,
Quote:
it was such a minor amount of money I found it funny in a way.


Well I am not talking about small amounts of funds and even if I was so incline to be careless with my own funds and just count on the banking/investment laws to made me whole after a loss I am not willing to do so when it come to other family members who had placed that trust and burden on my shoulders to protect and look after their funds.
parados
 
  1  
Reply Tue 27 Sep, 2011 06:58 am
@BillRM,
But Bill.. you are leaving yourself wide open to all the other ways of having your information stolen.

I'll bet you use wifi in public places.
I'll bet you type your password into your computer in public places where anyone with a decent cell phone can steal your password by simply taking a video.
maxdancona
 
  1  
Reply Tue 27 Sep, 2011 07:09 am
@BillRM,
These encrypted drives have a cost. They make your computer run significantly slower since any disk read or write must go through an encryption routine. You also run a higher risk of losing data if there is a crash or you lose your key. And there is some level of expertise you need to have to install and maintain this thing. An average non-technical user isn't going to know how to maintain this.

It is a balance between cost and benefits. If you want to use this for yourself and your family then fine.

But there is very little risk of losing money for an average person. Sure it is a pain to lose your laptop, but it is also a pain to lose your wallet and we don't install locks in our wallets.

I might encrypt specific files I don't want anyone to see. Some of my financial documents happen to be encrypted. But I am happy doing this on a file by file basis.

To me, encrypting the drives on my personal computers isn't worth the trouble.
BillRM
 
  1  
Reply Tue 27 Sep, 2011 07:36 am
@maxdancona,
Sorry but once more you are wrong as the slow down if any is far too small to take notice of with any near current computer in accessing the drives under WDE.

Truecrypt and I am assuming others such softwares now take full advantage of mult cores CPUs and some brands of CPUs now even come with hardware support on the chip itself to do AES encrypting.

Hard drives are not fast when compare to the speed that modern CPUs can encrypted on the fly the information the drive is giving to the computer.

Not only does bench marks support this but my own running of many computers under Truecrypt for many years support this also.

But once more feel free not to encrypted your drives or leave you front door unlock for that matter as I myself would far prefer to leave my front door unlocked then my computers unlocked.

parados
 
  1  
Reply Tue 27 Sep, 2011 07:46 am
@BillRM,
But my front door IS locked Bill. My computer is just as safe as the rest of my house.

I don't feel the need to paint my house camouflage so people can't see it to break into it. But then I'm not as paranoid as you are.
trying2learn
 
  1  
Reply Tue 27 Sep, 2011 08:20 am
@BillRM,
BillRM wrote:
Well I am not talking about small amounts of funds and even if I was so incline to be careless with my own funds and just count on the banking/investment laws to made me whole after a loss I am not willing to do so when it come to other family members who had placed that trust and burden on my shoulders to protect and look after their funds.
I don't feel I am careless with my funds. When I leave town, I disable all my accounts by putting in the incorrect password so it shuts the accounts down. I have instructed my credit card companies not to allow a charge more than a certain $ without speaking to me and I have instructed my banks never to wire over a certain $ amount without speaking to me.

I do shut my computer down when I leave the house and there is a master password that has to be entered to boot it up.

I take my laptop when I am out of town. Then again there is nothing on it of any importance.
BillRM
 
  1  
Reply Tue 27 Sep, 2011 08:29 am
@parados,
I however feel the strong strong need to have my netbook protected when it going on the belt at the TSA check point and I am going through the metal detector.

Shame on me for not wishing to risk having to try to lock up all my accounts before getting on the plane or even needing to cancel my trip in order to be able to do so.
0 Replies
 
BillRM
 
  1  
Reply Tue 27 Sep, 2011 08:35 am
@parados,
Oh as far as your home being safe I would not trust the locks on the doors or even my Sear safe to protect information that could cause great harm to myself and my family members if there is a break in when I am away that I am not aware of in time to take needed steps.

I however do trust my desktop computer to protect that information but please please feel free not to take the steps that would grant you that level of security.
BillRM
 
  1  
Reply Tue 27 Sep, 2011 08:49 am
@trying2learn,
Quote:
When I leave town, I disable all my accounts by putting in the incorrect password so it shuts the accounts down. I have instructed my credit card companies not to allow a charge more than a certain $ without speaking to me and I have instructed my banks never to wire over a certain $ amount without speaking to me


All those steps are surely easier then running an install program and allowing the program to take a few hours to encrypted you computer drives and by doing so keeping your passwords beyond the reach of anyone.

It would had been must easier to lock my accounts in the manner you had done when I took a vacation to Cancun instead of just keeping the same oversight on the accounts from Cancun as I normally do at home.
0 Replies
 
BillRM
 
  1  
Reply Tue 27 Sep, 2011 08:55 am
@trying2learn,
Quote:
there is a master password that has to be entered to boot it up
.

A bios password in worthless as they would not even need to defeat it all they would need to do is hook the hard drive up to another computer.

It is a shame that most desktops does not support locking up the hard drive itself as that is most harder to deal with.

0 Replies
 
parados
 
  1  
Reply Tue 27 Sep, 2011 10:07 am
@BillRM,
That's where you and I differ. I don't put any financial info on my laptop.

You have a laptop that someone can break the password on and have instant access to your financial info.
I have a laptop that has no financial info at all on it.

I think my laptop is less of a risk than yours. Let me rephrase that. I KNOW my laptop is less of a risk than yours.
My laptop is running linux. I don't save any passwords on my laptop. I don't write those passwords down. If I need a password I don't have memorized I can simply access my home computer via VPN to access my encrypted file that contains my passwords. I don't save that password on my laptop.

And your password CAN be broken and a lot quicker than you seem to think. If stolen in sleep mode, your passwords are in memory. If you booted down within the last 2 minutes, your passwords are in memory.
Quote:
In February 2008, a team
led by Ed Felten of Princeton University discovered that DRAM is not as volatile as commonly
expected. Felten’s team studied the lifetime of data in DRAM, and demonstrated that, “[c]ontrary
to popular assumption, DRAMs used in most modern computers retain their contents for seconds
to minutes after power is lost, even at room temperature and even if removed from a motherboard.”
Felten’s team leveraged this discovery to retrive encryption keys from memory. In their paper, they
commented that “[r]esidual data can be recovered using simple, nondestructive techniques that
require only momentary physical access to the machine.”1


BillRM
 
  1  
Reply Tue 27 Sep, 2011 10:36 am
@parados,
The chance that anyone could break AES other then perhaps NSA is near zero.

If is can be broken a lot of large companies and government agencies are in a world of hurt as it is the current gold standard.

Now as far as brute forcing my pass-phase good luck as a brute force attack would take 1.44 hundred trillion trillion centuries guessing at an attack speed of 100 trillions guesses a second.

Now also you should know better as far as getting my keys from memory as I do not used sleep mode and I do not shut the computer down within seconds of it parting company with it.

Oh evil maid attacks are made harder by setting the AT disk lock also.

Thinking of adding hardware such as a keylogger to my netbook? I happen to know it weight to 1/100 of an ounce.

Yes this in all more for amusement then to deal with a CIA level of attack as my worse risk model is having someone with good computer skills stealing my computer and wishing to do a search of my computer hard drive with standard forensics tools looking for information they could used to access my accounts.
0 Replies
 
BillRM
 
  1  
Reply Tue 27 Sep, 2011 10:54 am
@parados,
http://www.net-security.org/secworld.php?id=9506

FBI fails to decrypt suspect's hard drives - after 12 months of tryingPosted on 30 June 2010. After 12 months of failed attempts to crack the encryption that protects information held on 5 hard drives that belong to a Brazilian banker suspected of money laundering, the FBI has returned the drives to the experts of the Brazilian National Institute of Criminology (INC).

The contents of the drives - protected by a combined use of TrueCrypt (free open-source full-disk encryption software) and an unnamed algorithm though to be base on the 256-bit AES standard - are still a mystery. Both the INC and the FBI tried for months to break the encryption by using various dictionary-based brute-force attacks, since there is no law in Brazil that could be used to compel the suspect banker or the TrueCrypt Foundation to give up the access codes to the discs.According to The Register, this unusual case illustrates beautifully "how care in choosing secure (hard-to-guess) passwords and applying encryption techniques to avoid leaving file fragments that could aid code breakers are more important in maintaining security than the algorithm a code maker chooses."

The discs have been returned to the Brazilian federal authorities in April. Maybe the INC will have better luck this time around, since the first commercially available software to break TrueCrypt hard drive encryption without applying a time-consuming brute-force attack has been released at the end of March?

Comment the truecrpyt people do not have a back door so it is not within their power of grant access to the banker hard drives. Stupid reporters...
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
Copyright © 2021 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 09/23/2021 at 01:12:35