|
Can someone just remove my hard disk and copy the contents?
Hello,
Suppose I leave my laptop at work for the weekend, couldn't someone unscrew the hard-disk panel, remove the hard-disk, plug into it some gizmo and copy all my data? If so, would that leave a physical trace like a broken seal or something, or perhaps a system log entry where the date and time would be written? |
Re: Can someone just remove my hard disk and copy the contents?
myahact@yahoo.ca wrote in news:1137869689.171283.136540
@o13g2000cwo.googlegroups.com: > Hello, > > Suppose I leave my laptop at work for the weekend, couldn't someone > unscrew the hard-disk panel, remove the hard-disk, plug into it some > gizmo and copy all my data? Yes (for most brands - a few have encryption interlocks tied to the BIOS) > If so, would that leave a physical trace > like a broken seal or something, or perhaps a system log entry where > the date and time would be written? Probably not. Regards, PS Although it's far better practice to take the damned thing with you (physical security through continuous control and custody is the bedrock) you could use numbered tamper-indicating seals yourself to make it more difficult to open the case undetected. Be aware thouigh that this will not stop the truly skilled or determined. The group at LANL has done extensive studies on such matters and almost all seals can be defeated fairly easily - even expensive sophisticated ones. PPS Any laptop **should** use full OTFE HD encryption if it contains anything beyond the most unimportant and trivial. |
Re: Can someone just remove my hard disk and copy the contents?
nemo_outis wrote:
> > myahact@yahoo.ca wrote in news:1137869689.171283.136540 > @o13g2000cwo.googlegroups.com: > > > Hello, > > > > Suppose I leave my laptop at work for the weekend, couldn't someone > > unscrew the hard-disk panel, remove the hard-disk, plug into it some > > gizmo and copy all my data? > > Yes (for most brands - a few have encryption interlocks tied to the BIOS) > > > If so, would that leave a physical trace > > like a broken seal or something, or perhaps a system log entry where > > the date and time would be written? > > Probably not. > > Regards, > > PS Although it's far better practice to take the damned thing with you > (physical security through continuous control and custody is the bedrock) > you could use numbered tamper-indicating seals yourself to make it more > difficult to open the case undetected. > > Be aware thouigh that this will not stop the truly skilled or determined. > The group at LANL has done extensive studies on such matters and almost all > seals can be defeated fairly easily - even expensive sophisticated ones. > > PPS Any laptop **should** use full OTFE HD encryption if it contains > anything beyond the most unimportant and trivial. When you say , "... almost all seals can be defeated fairly easily," are you referring to hard drive passwords? If so, care to share some references? Thanks! Notan |
Re: Can someone just remove my hard disk and copy the contents?
>> PS Although it's far better practice to take the damned thing with
>> you (physical security through continuous control and custody is the >> bedrock) you could use numbered tamper-indicating seals yourself to >> make it more difficult to open the case undetected. >> >> Be aware thouigh that this will not stop the truly skilled or >> determined. The group at LANL has done extensive studies on such >> matters and almost all seals can be defeated fairly easily - even >> expensive sophisticated ones. >> >> PPS Any laptop **should** use full OTFE HD encryption if it >> contains anything beyond the most unimportant and trivial. > > When you say , "... almost all seals can be defeated fairly easily," > are you referring to hard drive passwords? > > If so, care to share some references? > > Thanks! > > Notan > Nope, I'm talking about physical seals and such (e.g., stick-on numbered seals that self-destruct, reveal the word "tamper," etc. when someone attempts to remove and replace them.) LANL does research and publishes a journal on such matters (they got their start doing high-end assessment on secure shipping of nuclear materials). Ross Anderson references ther work in Security Engineering. Unfortunately, many online articles are no longer available for download but they will send you them on CD. http://pearl1.lanl.gov/seals/downloadable_papers.htm Regards, |
Re: Can someone just remove my hard disk and copy the contents?
myahact wrote:
> Hello, > > Suppose I leave my laptop at work for the weekend, couldn't someone > unscrew the hard-disk panel, remove the hard-disk, plug into it some gizmo > and copy all my data? If so, would that leave a physical trace like a > broken seal or something, or perhaps a system log entry where the date and > time would be written? Yes, not if there were no seals to break (their usually aren't), and no. Your best bet for detecting a compromise like the would be physical evidence though... fingerprints, small scratches where tools leave their marks, etc. Unless something very strange happens, there will be no "electrical" evidence. No changes in any of your data. |
Re: Can someone just remove my hard disk and copy the contents?
On 21 Jan 2006 20:24:31 GMT, "nemo_outis" <abc@xyz.com> wrote:
>> When you say , "... almost all seals can be defeated fairly easily," When I was in the freight business we had a shipment of watches that changed into sand in transit, the security seals were intact. -- Jim Watt http://www.gibnet.com |
Re: Can someone just remove my hard disk and copy the contents?
The shipment was probably sand to start off with....
V "Jim Watt" <jimwatt@aol.no_way> wrote in message news:vkb5t1ll7rmmes1s9isp7lhv61c2dqoj5i@4ax.com... > On 21 Jan 2006 20:24:31 GMT, "nemo_outis" <abc@xyz.com> wrote: > > >> When you say , "... almost all seals can be defeated fairly easily," > > When I was in the freight business we had a shipment of watches > that changed into sand in transit, the security seals were intact. > -- > Jim Watt > http://www.gibnet.com |
Re: Can someone just remove my hard disk and copy the contents?
On Sun, 22 Jan 2006 08:36:50 -0500, "V.B." <a@b.c> wrote:
>The shipment was probably sand to start off with.... No, someone removed the contents and replaced them with sand and the seals seemed intact. As the goods were checked by weighing the sand was necessary to hide the substitution. The police caught the people involved when they started selling the watches. -- Jim Watt http://www.gibnet.com |
Re: Can someone just remove my hard disk and copy the contents?
Yes, someone could get into your laptop that way and steal your
data. Like the other replies said, a few brands have locks or ways to try and prevent that but most of them can be broken. The best way to prevent this is to put your laptop in a physically secure location. Aside from that, if you are really paranoid or need ultra-security, there are programs and products that will encrypt the whole drive contents for you, such as TrueCrypt, PGP whole-disk, and loop-aes (linux only). To be honest, these programs are usually more trouble than they are worth ($$$, time, risk of data loss) but if you need the data ultra-secure, they will do that. ~David~ myahact@yahoo.ca wrote: > Hello, > > Suppose I leave my laptop at work for the weekend, couldn't someone > unscrew the hard-disk panel, remove the hard-disk, plug into it some > gizmo and copy all my data? If so, would that leave a physical trace > like a broken seal or something, or perhaps a system log entry where > the date and time would be written? > |
Re: Can someone just remove my hard disk and copy the contents?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 ~David~ <shadoweyez@gmail.com> wrote in news:FzOAf.1754$2O6.472@newssvr12.news.prodigy.com : > Aside from that, if you are really paranoid or need > ultra-security, there are programs and products that will > encrypt the whole drive contents for you, such as > TrueCrypt, PGP whole-disk, and loop-aes (linux only). TrueCrypt can't encrypt whole drive. It can encrypt partitions but not the system partition. There is also DriveCrypt Plus Pack, a really good program for whole drive encryption. Many Linux/UNIX distributions have their own crypto drivers for whole disk encryption. >To be honest, these programs are usually more trouble > than they are worth ($$$, time, risk of data loss) but if > you need the data ultra-secure, they will do that. Trouble? DriveCrypt Plus Pack is really easy to use. You need just enter the password/USB key when computer boots and that's all. Installation is also easy. TrueCrypt can't encrypt your system partition, but it can encrypt other partitions and/or make encrypted files that can be mounted like partitions. They are very stable, user-friendly and don't cause any problems. TrueCrypt is free. Risk of data loss always exists, you should *always* have backups. > myahact@yahoo.ca wrote: >> Hello, >> >> Suppose I leave my laptop at work for the weekend, >> couldn't someone unscrew the hard-disk panel, remove the >> hard-disk, plug into it some gizmo and copy all my data? >> If so, would that leave a physical trace like a broken >> seal or something, or perhaps a system log entry where >> the date and time would be written? Why do you want to leave your laptop at work? There are some simpler ways to get to your data other than unscrewing the HDD. Besides somebody could install a bug/keylogger/malicious software on your laptop. If you don't have to-don't leave it. If you must-leave it in a safe place if you have some important data on it. cypher -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQ9TtvSPnLg7nPH4AEQJRKACfSDhSGYNbP8YDHPzVOS7fLB EDTasAnR7A f9sN0YHfjAwbIusg3yMkQTNv =vZM4 -----END PGP SIGNATURE----- |
| All times are GMT. The time now is 03:38 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.