Re: A Handy Trick

Discussion in 'Computer Security' started by aracARI, Dec 30, 2008.

  1. aracARI

    aracARI Guest

    On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:

    > The following handy trick is useful for anyone who does not have
    > bombproof continuous control and custody of his computer. It is
    > extremely easy to do and will protect you against all but top-level TLAs.
    > In fact, like any good magician's trick it will be "obvious" - but only
    > after it has been explained :)
    >
    > Many of us have only intermittent control and custody of "our" computer
    > at work or even at home (e.g., we leave for work or school with the
    > computer protected only by the low-grade lock on our front door). The
    > next best thing to preventing unauthorized access to our computer is
    > tamper indication that it has been messed with. Forewarned is forearmed.
    > Here's how to achieve it:
    >
    > Every modern hard drive today supports SMART reporting (maximum disk
    > temperatures, seek errors, etc.). But the most useful parameters are
    > these: start/stop count, drive power cycle count, power-on time count.
    > There are any number of utilities out there which will report this
    > information for your HDs.
    >
    > To protect yourself, record these values just before ending a session,
    > and compare them with the values at the start of your next session (you
    > can automate this with scripts, etc.). If the drive power cycles are up
    > by more than 1, someone has fired up your machine in your absence. If
    > the power-on hours are up by a large amount someone has had an extended
    > session, possibly including making an image of your drive.
    >
    > Note that while all standard forensic acquisition tools (Encase, etc.)
    > try to "preserve state" by not writing to a drive, none can prevent these
    > automatic SMART writes! The SMART info is written to a portion of the
    > disk not accessible to ordinary users - drive-specific manufacturer
    > commands are needed to write it. Only TLAs are likely to be aware of this
    > trick and have the resources to manipulate the SMART data to thwart it.
    > (Incidentally, SMART does have a "disable" command but almost no drives
    > obey it!)
    >
    > It's not a complete or foolproof solution, of course, but it is a handy
    > tool to add to your security/privacy toolbox.


    > Two afterthoughts:


    > While there are many slick GUI-based programs out there for reading SMART
    > values I prefer a rather geeky one which provides the best fine-grained
    > reading and *control* - smartctl. Runs on Mac OS X, Linux, FreeBSD,
    > NetBSD, OpenBSD, Solaris, OS/2, Cygwin, QNX, eComStation or Windows. Free
    > too!


    > http://smartmontools.sourceforge.net/


    > As for most hard drives not responding to the "disable SMART" commands,
    > this is hardly surprising (but very welcome for security/privacy). If it
    > could be turned off easily it could lead to all sorts of warranty headaches
    > for manufacturers (e.g., someone could misrepresent a heeavy-use failure as
    > an "infant death" one, etc.)


    > Regards,


    > PS Smartctl is well worth experimenting with for the
    > diagnostic/predictive/testing aspects of SMART as well as the security use
    > I described earlier.


    Mr. nemo, may I have our resident Freeware Scientist, Head of C.O.K.E,
    William "Bear" Bottoms review this memorandum of yours? He can be a very
    difficult freeware researcher, I must warn, he can swarm you with
    freeware technology phrases such as "I like it but won't try it", "It
    does some good stuff" and "The icons flash purty colors".
    --
    http://tr.im/2a2r
     
    aracARI, Dec 30, 2008
    #1
    1. Advertising

  2. aracARI

    nemo_outis Guest

    aracARI <> wrote in
    news:495a99e7$0$589$4all.se:

    > Mr. nemo, may I have our resident Freeware Scientist, Head of C.O.K.E,
    > William "Bear" Bottoms review this memorandum of yours? He can be a
    > very difficult freeware researcher, I must warn, he can swarm you with
    > freeware technology phrases such as "I like it but won't try it", "It
    > does some good stuff" and "The icons flash purty colors".


    I have more than enough enemies of my own and little incentive to become
    embroiled in others' disputes :)

    Regards,
     
    nemo_outis, Dec 31, 2008
    #2
    1. Advertising

  3. aracARI

    Thip Guest

    "aracARI" <> wrote in message
    news:495a99e7$0$589$4all.se...
    > On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
    >

    I must warn, he can swarm you with
    > freeware technology phrases such as ....."The icons flash purty colors".
    > --
    > http://tr.im/2a2r


    ROFL!!!!
     
    Thip, Dec 31, 2008
    #3
  4. aracARI

    aracARI Guest

    On Wed, 31 Dec 2008 01:28:58 GMT, nemo_outis wrote:

    > aracARI <> wrote in
    > news:495a99e7$0$589$4all.se:
    >
    >> Mr. nemo, may I have our resident Freeware Scientist, Head of C.O.K.E,
    >> William "Bear" Bottoms review this memorandum of yours? He can be a
    >> very difficult freeware researcher, I must warn, he can swarm you with
    >> freeware technology phrases such as "I like it but won't try it", "It
    >> does some good stuff" and "The icons flash purty colors".

    >
    > I have more than enough enemies of my own and little incentive to become
    > embroiled in others' disputes :)
    >
    > Regards,


    Regards someone else, you runaway chicken, freeware science will have
    its day in court with you and believe you me, when Bear Bottoms gets a
    hold of your yellow feathered nemass, you will cry out "No more,
    C.O.K.E. head, no more!

    http://tr.im/2a2r
    --
    Bear "Cocaine 4 Kids" Bottoms; Google Me!
    Freeware Website http://tr.im/1f9t
     
    aracARI, Dec 31, 2008
    #4
  5. aracARI

    aracARI Guest

    On Tue, 30 Dec 2008 20:46:35 -0500, Thip wrote:

    > "aracARI" <> wrote in message
    > news:495a99e7$0$589$4all.se...
    >> On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
    >>

    > I must warn, he can swarm you with
    >> freeware technology phrases such as ....."The icons flash purty colors".
    >> --
    >> http://tr.im/2a2r

    >
    > ROFL!!!!


    I sincerely hope that light bit of laffter disengages your suffering
    ever so slightly.
    --
    http://tr.im/2a2r
     
    aracARI, Dec 31, 2008
    #5
  6. aracARI

    Thip Guest

    "aracARI" <> wrote in message
    news:495adbd9$0$590$4all.se...
    > On Tue, 30 Dec 2008 20:46:35 -0500, Thip wrote:
    >
    >> "aracARI" <> wrote in message
    >> news:495a99e7$0$589$4all.se...
    >>> On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
    >>>

    >> I must warn, he can swarm you with
    >>> freeware technology phrases such as ....."The icons flash purty colors".
    >>> --
    >>> http://tr.im/2a2r

    >>
    >> ROFL!!!!

    >
    > I sincerely hope that light bit of laffter disengages your suffering
    > ever so slightly.


    You may rest assured that my suffering was temporarily eliminated entirely.
     
    Thip, Dec 31, 2008
    #6
  7. aracARI

    Father Guido Guest

    On Tue, 30 Dec 2008 17:00:07 -0500, aracARI <>
    wrote:

    >On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
    >
    >> The following handy trick is useful for anyone who does not have
    >> bombproof continuous control and custody of his computer. It is
    >> extremely easy to do and will protect you against all but top-level TLAs.
    >> In fact, like any good magician's trick it will be "obvious" - but only
    >> after it has been explained :)
    >>
    >> Many of us have only intermittent control and custody of "our" computer
    >> at work or even at home (e.g., we leave for work or school with the
    >> computer protected only by the low-grade lock on our front door). The
    >> next best thing to preventing unauthorized access to our computer is
    >> tamper indication that it has been messed with. Forewarned is forearmed.
    >> Here's how to achieve it:
    >>
    >> Every modern hard drive today supports SMART reporting (maximum disk
    >> temperatures, seek errors, etc.). But the most useful parameters are
    >> these: start/stop count, drive power cycle count, power-on time count.
    >> There are any number of utilities out there which will report this
    >> information for your HDs.
    >>
    >> To protect yourself, record these values just before ending a session,
    >> and compare them with the values at the start of your next session (you
    >> can automate this with scripts, etc.). If the drive power cycles are up
    >> by more than 1, someone has fired up your machine in your absence. If
    >> the power-on hours are up by a large amount someone has had an extended
    >> session, possibly including making an image of your drive.
    >>
    >> Note that while all standard forensic acquisition tools (Encase, etc.)
    >> try to "preserve state" by not writing to a drive, none can prevent these
    >> automatic SMART writes! The SMART info is written to a portion of the
    >> disk not accessible to ordinary users - drive-specific manufacturer
    >> commands are needed to write it. Only TLAs are likely to be aware of this
    >> trick and have the resources to manipulate the SMART data to thwart it.
    >> (Incidentally, SMART does have a "disable" command but almost no drives
    >> obey it!)
    >>
    >> It's not a complete or foolproof solution, of course, but it is a handy
    >> tool to add to your security/privacy toolbox.


    I reckon that won't mean much after the thief has removed my PC from
    my house.
     
    Father Guido, Dec 31, 2008
    #7
  8. aracARI

    Ari® Guest

    On Tue, 30 Dec 2008 23:59:36 -0700, Father Guido wrote:

    > On Tue, 30 Dec 2008 17:00:07 -0500, aracARI <>
    > wrote:
    >
    >>On Mon, 29 Dec 2008 19:49:14 GMT, nemo_outis wrote:
    >>
    >>> The following handy trick is useful for anyone who does not have
    >>> bombproof continuous control and custody of his computer. It is
    >>> extremely easy to do and will protect you against all but top-level TLAs.
    >>> In fact, like any good magician's trick it will be "obvious" - but only
    >>> after it has been explained :)
    >>>
    >>> Many of us have only intermittent control and custody of "our" computer
    >>> at work or even at home (e.g., we leave for work or school with the
    >>> computer protected only by the low-grade lock on our front door). The
    >>> next best thing to preventing unauthorized access to our computer is
    >>> tamper indication that it has been messed with. Forewarned is forearmed.
    >>> Here's how to achieve it:
    >>>
    >>> Every modern hard drive today supports SMART reporting (maximum disk
    >>> temperatures, seek errors, etc.). But the most useful parameters are
    >>> these: start/stop count, drive power cycle count, power-on time count.
    >>> There are any number of utilities out there which will report this
    >>> information for your HDs.
    >>>
    >>> To protect yourself, record these values just before ending a session,
    >>> and compare them with the values at the start of your next session (you
    >>> can automate this with scripts, etc.). If the drive power cycles are up
    >>> by more than 1, someone has fired up your machine in your absence. If
    >>> the power-on hours are up by a large amount someone has had an extended
    >>> session, possibly including making an image of your drive.
    >>>
    >>> Note that while all standard forensic acquisition tools (Encase, etc.)
    >>> try to "preserve state" by not writing to a drive, none can prevent these
    >>> automatic SMART writes! The SMART info is written to a portion of the
    >>> disk not accessible to ordinary users - drive-specific manufacturer
    >>> commands are needed to write it. Only TLAs are likely to be aware of this
    >>> trick and have the resources to manipulate the SMART data to thwart it.
    >>> (Incidentally, SMART does have a "disable" command but almost no drives
    >>> obey it!)
    >>>
    >>> It's not a complete or foolproof solution, of course, but it is a handy
    >>> tool to add to your security/privacy toolbox.

    >
    > I reckon that won't mean much after the thief has removed my PC from
    > my house.


    You need to rethink that statement.
    --
    Meet Ari! http://tr.im/1fa3
    "To get concrete results, you have to be confrontational".
     
    Ari®, Dec 31, 2008
    #8
  9. aracARI

    nemo_outis Guest

    Father Guido <> wrote in
    news::

    > I reckon that won't mean much after the thief has removed my PC from
    > my house.


    And the trick also won't cure your haemorrhoids.

    Regards,
     
    nemo_outis, Dec 31, 2008
    #9
  10. aracARI

    Ari® Guest

    On Wed, 31 Dec 2008 17:28:29 GMT, nemo_outis wrote:

    > Father Guido <> wrote in
    > news::
    >
    >> I reckon that won't mean much after the thief has removed my PC from
    >> my house.

    >
    > And the trick also won't cure your haemorrhoids.
    >
    > Regards,


    Treat the man of cloth with the respect he deserves, nemo.

    For Christ's sake.
    --
    Meet Ari! http://tr.im/1fa3
    "To get concrete results, you have to be confrontational".
     
    Ari®, Dec 31, 2008
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Molecule

    W32.HLLP.Handy

    Molecule, Oct 16, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    554
    °Mike°
    Oct 16, 2003
  2. jeff
    Replies:
    4
    Views:
    1,293
  3. ~ Darrell ~

    Lost! handy webpage

    ~ Darrell ~, Apr 10, 2004, in forum: Digital Photography
    Replies:
    2
    Views:
    337
    ~ Darrell ~
    Apr 11, 2004
  4. nemo_outis

    A Handy Trick

    nemo_outis, Dec 29, 2008, in forum: Computer Security
    Replies:
    0
    Views:
    471
    nemo_outis
    Dec 29, 2008
  5. nemo_outis

    Re: A Handy Trick

    nemo_outis, Dec 30, 2008, in forum: Computer Security
    Replies:
    0
    Views:
    493
    nemo_outis
    Dec 30, 2008
Loading...

Share This Page