Re: A Handy Trick

On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:

> The following handy trick is useful for anyone who does not have
> bombproof continuous control and custody of his computer. It is
> extremely easy to do and will protect you against all but top-level TLAs.
> In fact, like any good magician's trick it will be "obvious" - but only
> after it has been explained
>
> Many of us have only intermittent control and custody of "our" computer
> at work or even at home (e.g., we leave for work or school with the
> computer protected only by the low-grade lock on our front door). The
> next best thing to preventing unauthorized access to our computer is
> tamper indication that it has been messed with. Forewarned is forearmed.
> Here's how to achieve it:
>
> Every modern hard drive today supports SMART reporting (maximum disk
> temperatures, seek errors, etc.). But the most useful parameters are
> these: start/stop count, drive power cycle count, power-on time count.
> There are any number of utilities out there which will report this
> information for your HDs.
>
> To protect yourself, record these values just before ending a session,
> and compare them with the values at the start of your next session (you
> can automate this with scripts, etc.). If the drive power cycles are up
> by more than 1, someone has fired up your machine in your absence. If
> the power-on hours are up by a large amount someone has had an extended
> session, possibly including making an image of your drive.
>
> Note that while all standard forensic acquisition tools (Encase, etc.)
> try to "preserve state" by not writing to a drive, none can prevent these
> automatic SMART writes! The SMART info is written to a portion of the
> disk not accessible to ordinary users - drive-specific manufacturer
> commands are needed to write it. Only TLAs are likely to be aware of this
> trick and have the resources to manipulate the SMART data to thwart it.
> (Incidentally, SMART does have a "disable" command but almost no drives
> obey it!)
>
> It's not a complete or foolproof solution, of course, but it is a handy
> tool to add to your security/privacy toolbox.

> Two afterthoughts:

> While there are many slick GUI-based programs out there for reading SMART
> values I prefer a rather geeky one which provides the best fine-grained
> reading and *control* - smartctl. Runs on Mac OS X, Linux, FreeBSD,
> NetBSD, OpenBSD, Solaris, OS/2, Cygwin, QNX, eComStation or Windows. Free
> too!

> http://smartmontools.sourceforge.net/

> As for most hard drives not responding to the "disable SMART" commands,
> this is hardly surprising (but very welcome for security/privacy). If it
> could be turned off easily it could lead to all sorts of warranty headaches
> for manufacturers (e.g., someone could misrepresent a heeavy-use failure as
> an "infant death" one, etc.)

> Regards,

> PS Smartctl is well worth experimenting with for the
> diagnostic/predictive/testing aspects of SMART as well as the security use
> I described earlier.

Mr. nemo, may I have our resident Freeware Scientist, Head of C.O.K.E,
William "Bear" Bottoms review this memorandum of yours? He can be a very
difficult freeware researcher, I must warn, he can swarm you with
freeware technology phrases such as "I like it but won't try it", "It
does some good stuff" and "The icons flash purty colors".
--
http://tr.im/2a2r

aracARI

aracARI <> wrote in
news:495a99e7$0$589$:

> Mr. nemo, may I have our resident Freeware Scientist, Head of C.O.K.E,
> William "Bear" Bottoms review this memorandum of yours? He can be a
> very difficult freeware researcher, I must warn, he can swarm you with
> freeware technology phrases such as "I like it but won't try it", "It
> does some good stuff" and "The icons flash purty colors".

I have more than enough enemies of my own and little incentive to become
embroiled in others' disputes

Regards,

nemo_outis

"aracARI" <> wrote in message
news:495a99e7$0$589$. ..
> On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
>
I must warn, he can swarm you with
> freeware technology phrases such as ....."The icons flash purty colors".
> --
> http://tr.im/2a2r

ROFL!!!!

Thip

On Wed, 31 Dec 2008 01:28:58 GMT, nemo_outis wrote:

> aracARI <> wrote in
> news:495a99e7$0$589$:
>
>> Mr. nemo, may I have our resident Freeware Scientist, Head of C.O.K.E,
>> William "Bear" Bottoms review this memorandum of yours? He can be a
>> very difficult freeware researcher, I must warn, he can swarm you with
>> freeware technology phrases such as "I like it but won't try it", "It
>> does some good stuff" and "The icons flash purty colors".
>
> I have more than enough enemies of my own and little incentive to become
> embroiled in others' disputes
>
> Regards,

Regards someone else, you runaway chicken, freeware science will have
its day in court with you and believe you me, when Bear Bottoms gets a
hold of your yellow feathered nemass, you will cry out "No more,
C.O.K.E. head, no more!

http://tr.im/2a2r
--
Bear "Cocaine 4 Kids" Bottoms; Google Me!
Freeware Website http://tr.im/1f9t

aracARI

On Tue, 30 Dec 2008 20:46:35 -0500, Thip wrote:

> "aracARI" <> wrote in message
> news:495a99e7$0$589$. ..
>> On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
>>
> I must warn, he can swarm you with
>> freeware technology phrases such as ....."The icons flash purty colors".
>> --
>> http://tr.im/2a2r
>
> ROFL!!!!

I sincerely hope that light bit of laffter disengages your suffering
ever so slightly.
--
http://tr.im/2a2r

aracARI

"aracARI" <> wrote in message
news:495adbd9$0$590$. ..
> On Tue, 30 Dec 2008 20:46:35 -0500, Thip wrote:
>
>> "aracARI" <> wrote in message
>> news:495a99e7$0$589$. ..
>>> On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
>>>
>> I must warn, he can swarm you with
>>> freeware technology phrases such as ....."The icons flash purty colors".
>>> --
>>> http://tr.im/2a2r
>>
>> ROFL!!!!
>
> I sincerely hope that light bit of laffter disengages your suffering
> ever so slightly.

You may rest assured that my suffering was temporarily eliminated entirely.

Thip

On Tue, 30 Dec 2008 17:00:07 -0500, aracARI <>
wrote:

>On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
>
>> The following handy trick is useful for anyone who does not have
>> bombproof continuous control and custody of his computer. It is
>> extremely easy to do and will protect you against all but top-level TLAs.
>> In fact, like any good magician's trick it will be "obvious" - but only
>> after it has been explained
>>
>> Many of us have only intermittent control and custody of "our" computer
>> at work or even at home (e.g., we leave for work or school with the
>> computer protected only by the low-grade lock on our front door). The
>> next best thing to preventing unauthorized access to our computer is
>> tamper indication that it has been messed with. Forewarned is forearmed.
>> Here's how to achieve it:
>>
>> Every modern hard drive today supports SMART reporting (maximum disk
>> temperatures, seek errors, etc.). But the most useful parameters are
>> these: start/stop count, drive power cycle count, power-on time count.
>> There are any number of utilities out there which will report this
>> information for your HDs.
>>
>> To protect yourself, record these values just before ending a session,
>> and compare them with the values at the start of your next session (you
>> can automate this with scripts, etc.). If the drive power cycles are up
>> by more than 1, someone has fired up your machine in your absence. If
>> the power-on hours are up by a large amount someone has had an extended
>> session, possibly including making an image of your drive.
>>
>> Note that while all standard forensic acquisition tools (Encase, etc.)
>> try to "preserve state" by not writing to a drive, none can prevent these
>> automatic SMART writes! The SMART info is written to a portion of the
>> disk not accessible to ordinary users - drive-specific manufacturer
>> commands are needed to write it. Only TLAs are likely to be aware of this
>> trick and have the resources to manipulate the SMART data to thwart it.
>> (Incidentally, SMART does have a "disable" command but almost no drives
>> obey it!)
>>
>> It's not a complete or foolproof solution, of course, but it is a handy
>> tool to add to your security/privacy toolbox.

I reckon that won't mean much after the thief has removed my PC from
my house.

Father Guido

On Tue, 30 Dec 2008 23:59:36 -0700, Father Guido wrote:

> On Tue, 30 Dec 2008 17:00:07 -0500, aracARI <>
> wrote:
>
>>On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
>>
>>> The following handy trick is useful for anyone who does not have
>>> bombproof continuous control and custody of his computer. It is
>>> extremely easy to do and will protect you against all but top-level TLAs.
>>> In fact, like any good magician's trick it will be "obvious" - but only
>>> after it has been explained
>>>
>>> Many of us have only intermittent control and custody of "our" computer
>>> at work or even at home (e.g., we leave for work or school with the
>>> computer protected only by the low-grade lock on our front door). The
>>> next best thing to preventing unauthorized access to our computer is
>>> tamper indication that it has been messed with. Forewarned is forearmed.
>>> Here's how to achieve it:
>>>
>>> Every modern hard drive today supports SMART reporting (maximum disk
>>> temperatures, seek errors, etc.). But the most useful parameters are
>>> these: start/stop count, drive power cycle count, power-on time count.
>>> There are any number of utilities out there which will report this
>>> information for your HDs.
>>>
>>> To protect yourself, record these values just before ending a session,
>>> and compare them with the values at the start of your next session (you
>>> can automate this with scripts, etc.). If the drive power cycles are up
>>> by more than 1, someone has fired up your machine in your absence. If
>>> the power-on hours are up by a large amount someone has had an extended
>>> session, possibly including making an image of your drive.
>>>
>>> Note that while all standard forensic acquisition tools (Encase, etc.)
>>> try to "preserve state" by not writing to a drive, none can prevent these
>>> automatic SMART writes! The SMART info is written to a portion of the
>>> disk not accessible to ordinary users - drive-specific manufacturer
>>> commands are needed to write it. Only TLAs are likely to be aware of this
>>> trick and have the resources to manipulate the SMART data to thwart it.
>>> (Incidentally, SMART does have a "disable" command but almost no drives
>>> obey it!)
>>>
>>> It's not a complete or foolproof solution, of course, but it is a handy
>>> tool to add to your security/privacy toolbox.
>
> I reckon that won't mean much after the thief has removed my PC from
> my house.

You need to rethink that statement.
--
Meet Ari! http://tr.im/1fa3
"To get concrete results, you have to be confrontational".

Ari®

Father Guido <> wrote in
news::

> I reckon that won't mean much after the thief has removed my PC from
> my house.

And the trick also won't cure your haemorrhoids.

Regards,

nemo_outis

On Wed, 31 Dec 2008 17:28:29 GMT, nemo_outis wrote:

> Father Guido <> wrote in
> news::
>
>> I reckon that won't mean much after the thief has removed my PC from
>> my house.
>
> And the trick also won't cure your haemorrhoids.
>
> Regards,

Treat the man of cloth with the respect he deserves, nemo.

For Christ's sake.
--
Meet Ari! http://tr.im/1fa3
"To get concrete results, you have to be confrontational".

Ari®