The EADD Windows Technical Gibberings Thread

[Ceres]

If you're really paranoid. Just run from a liveCD. No need for a HDD and as soon as you hit the power button everything is gone.

nope.

 

[DSP-2230]

nope.

What's left in residual memory can be wiped with a power off/on.

 

[Marmalade]

I would make backups of your router settings so you can check them for anything odd aswell, before resetting the firmware and reconfiguring it.

Do you use wifi on your lappy or are you directly connected via a cable?

If you use a router B&W, I would change the password (ie your network key) as a precautionary measure, even before you decide to reformat. Alot of people's router passwords are just left as the default one they come with like 'home network' or whatever, and it's easy for anyone to find out what the default pw is for whatever router it is you're using

 

[Ceres]

What's left in residual memory can be wiped with a power off/on.

nope.

it's quite unsafe to believe you have security, when you don't.

 

[Ben So Furry]

Someone showed me how easy it is to break into my wifi network once, using his laptop within five minutes without any passwords or any clues (I had my SSID hidden) he had root access of my router, apparently some routers use a linux os called tiny box (I think) which can be accessed using telnet (again from memory) but the point is he had complete and full control of the router from a level that the browser user interface wouldn't touch or be aware of. I wished he had waited to show me that when I wasn't on pv because it sent my paranoia into overdrive.

 

[Ceres]

hahahah. pv is great for computer paranoia.

busybox is what runs on a lot of routers, or other custom linux based firmware, some manufacturers release the source, others don't, but the firmware can be reverse engineered.

most of them are really easy to break into, and a piece of cake if you have access to the local network.

 

[DSP-2230]

nope.

it's quite unsafe to believe you have security, when you don't.

Present your findings.

 

[Ceres]

^ Data Remanence

 

[DSP-2230]

^ Data Remanence

implies you have a hard drive or a medium to store data.

 

[Ben So Furry]

hahahah. pv is great for computer paranoia.

busybox is what runs on a lot of routers, or other custom linux based firmware, some manufacturers release the source, others don't, but the firmware can be reverse engineered.

most of them are really easy to break into, and a piece of cake if you have access to the local network.

busybox that was it, it was a Netgear DG384G at the time and as I'm sure you are aware along with BT's Homehub V.1 was really easy to hack into in that way so I was told.

 

[adam west]

does anyone know if these need allowing in windows firewall:

core networking
netwrok discovery
windows communication foundation

pretty sure i need to allow the second one. i might just disable one at a time and trial and error to see if i get any probs

 

[DSP-2230]

yes
no (wifi enabled?)
yes (if wifi is enabled)

 

[Ceres]

implies you have a hard drive or a medium to store data.

http://en.wikipedia.org/wiki/Data_remanence#Data_in_RAM

most people want storage with their computer anyway, and data persists in ways beyond your control if you doing anything involving the internet. Also, how do you know your livecd is safe?

it's easy to be complacent.

 

[adam west]

yes
no (wifi enabled?)
yes (if wifi is enabled)

thx

 

[Ceres]

Humans are incapable of securely storing high-quality
cryptographic keys, and they have unacceptable speed and accuracy
when performing cryptographic operations. (They are also large,
expensive to maintain, difficult to manage, and they pollute the
environment. It is astonishing that these devices continue to be
manufactured and deployed. But they are sufficiently pervasive that
we must design our protocols around their limitations.)
— Kaufmann, Perlman and Speciner

haha.

 

[doorknob]

nope.

it's quite unsafe to believe you have security, when you don't.

not this again, it's virtually gone after a few seconds, unless you have some pretty serious equipment to store the memory at more than -100 degrees it still ain't lasting more than a few hours.

Data remanence has also been observed in dynamic random-access memory (DRAM). Modern DRAM chips have a built-in self-refresh module, as they not only require a power supply to retain data, but must also be periodically refreshed to prevent their data contents from fading away from the capacitors in their integrated circuits. A study found data remanence in DRAM with data retention of seconds to minutes at room temperature and "a full week without refresh when cooled with liquid nitrogen."[9] The study authors were able to use a cold boot attack to recover cryptographic keys for several popular full disk encryption systems, including Microsoft BitLocker, Apple FileVault, dm-crypt for Linux, and TrueCrypt.[9](p12) Despite some memory degradation, they were able to take advantage of redundancy in the way keys are stored after they have been expanded for efficient use, such as in key scheduling. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not in physical control of the owner. In some cases, such as certain modes of the software program BitLocker, the authors recommend that a boot password or a key on a removable USB device be used.[9](p12) TRESOR is a kernel patch for Linux specifically intended to prevent cold boot attacks on RAM by ensuring encryption keys are neither user accessible nor stored in RAM.

ok fair enough up to a week in liquid nitrogen, just make sure to turn your pc off? and i doubt anyone short of government would/could go to these lengths

oh you posted that

it's easy to be complacent.

true.

regarding data storage on magnetic media, a simple 0 wipe is enough to render any attempt to recover the data useless by normal people, ie you, me, the police (disable HPA if ultra paranoid). perhaps a research lab/government agencies could recover more but i servery doubt it. (a completely 0'd drive would get rid of the boot sector partion virus people were on about above too)

flash media, is slightly trickier due to wear leveling, encryption is your friend. but that won't help you in the future if computers become so fast current encryption algorithms become obsolete.


ANYWAY - given your utmost skepticism (which I admire), what's to say that liquid nitrogen thing wasn't completely fabricated for one reason or another? not that i think it is, but you never know) have you ever ran any tests?

 

[Ceres]

it isn't a fabrication. It's also not the only bit of research done into persistence effects, which have been investigated for decades, so there are many more attacks than the one described above.

Gutmann notes that data written to RAM for extended periods may become “burned in,” allowing it to be easily recovered later. We describe a different effect: data written even momentarily to RAM persists for a non-trivial period of time. We exclusively rely on the latter effect to recover data. This allows us to recover keys even if, following Gutmann’s advice, those keys are stored only briefly at any single location within RAM.

you don't need to be a government to do it...

We found that information in most computers’ RAMs will persist from several seconds to a minute even at room temperature. We also found a cheap and widely available product — “canned air” spray dusters — can be used to produce temperatures cold enough to make RAM contents last for a long time even when the memory chips are physically removed from the computer. The other components of our attack are easy to automate and require nothing more unusual than a laptop and an Ethernet cable, or a USB Flash drive. With only these supplies, someone could carry out our attacks against a target computer in a matter of minutes.

that paper is also specifically talking about encrypted data so it doesn't help much to encrypt your stored data.

thats just one aspect of the whole picture of 'security' for the simple situation of using a livecd, the point really is that most people aren't aware of every single possibilty to consider and just make assumptions based on spurious info, and it can be doing people a disservice to suggest that if they a get a livecd and turn their pc off afterwards then they are safe.

re: zeroing harddrives, it's not that simple either

A compromise of sensitive data may occur if media is released when an addressable segment of a storage device (such as unusable or "bad" tracks in a disk drive or inter-record gaps in tapes) is not receptive to an overwrite. As an example, a disk platter may develop unusable tracks or sectors; however, sensitive data may have been previously recorded in these areas. It may be difficult to overwrite these unusable tracks. Before sensitive information is written to a disk, all unusable tracks, sectors, or blocks should be identified (mapped). During the life cycle of a disk, additional unusable areas may be identified. If this occurs and these tracks cannot be overwritten, then sensitive information may remain on these tracks. In this case, overwriting is not an acceptable purging method and the media should be degaussed or destroyed.

 

[knock]

Don't mean to be the bearer of bad news but a virus contained in the bios or boot sector of a separate partition would not be removed after a format: article

BIOSes can be replaced and boot sectors can be overwritten. None of this is impossible to deal with if you, or a friend, knows what they are doing.

KNOWLEDGE IS POWER!


By the way, this isn't just theoretical, I do it all the fucking time.

 

[watsons torment]

got plenty of practice in doing both things back in 1998 thanks to the Chernobyl virus :D...

http://en.wikipedia.org/wiki/CIH_(computer_virus)

 

[doorknob]

it isn't a fabrication. It's also not the only bit of research done into persistence effects, which have been investigated for decades, so there are many more attacks than the one described above.



you don't need to be a government to do it...



that paper is also specifically talking about encrypted data so it doesn't help much to encrypt your stored data.

thats just one aspect of the whole picture of 'security' for the simple situation of using a livecd, the point really is that most people aren't aware of every single possibilty to consider and just make assumptions based on spurious info, and it can be doing people a disservice to suggest that if they a get a livecd and turn their pc off afterwards then they are safe.

re: zeroing harddrives, it's not that simple either

Aye, i accept bad sectors are a weak point, but realistically what are you going to get? i think you'd have to be very lucky to ever gain anything useful from it, few file headers maybe? guess you've heard of the great 0 challenge... nobody won. Say there was still sensitive info left on the platter thad was deemed unusable from the drive, how would this be recovered? my old harddrive was fucked, full of bad sectors. overwrote it with 0's and a hex editor showed 0 all the way through. is the hex editor just ignoring the bad sectors? neither encase nor FTK could get fuck all from the drive image.

I was under the impression that live cd's built specifically for security, such as tails, completely overwrite the memory on shutdown. How are encryption keys 'burned in'? surely overwriting them when you shut down solves this? If they're burned in permanently over time, would regularly changing your key help?

hmm, gonna have an experiment with this regarding data in bad sectors! http://www.cgsecurity.org/wiki/TestDisk

Cheers for the info anyway mate