[91814] in North American Network Operators' Group
Re: New Laptop Polices
daemon@ATHENA.MIT.EDU (joe mcguckin)
Sun Aug 13 18:26:15 2006
In-Reply-To: <f13ed07b0608120744n166c2cefr8aa3789367eb8f8b@mail.gmail.com>
From: joe mcguckin <joe@via.net>
Date: Sun, 13 Aug 2006 15:25:45 -0700
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
--Apple-Mail-10--1040397304
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
Why not put critical or proprietary files on a flash key? I carry a
4G flash key on my keyring. Airport security has never given it a second
look. If the laptop ends up in the hands of a sticky-fingered baggage
handler (or the TSA), there's nothing there for them to find.
And, to defeat the nosey customs folk who now want to login and
rummage around your files when you enter the US, create a dummy
account and give them that login when they insist on inspecting your
laptop for "child porn". I've got nothing to hide, but I don't want some
ham handed idiot accidently deleting stuff either...
Joe McGuckin
ViaNet Communications
joe@via.net
650-207-0372 cell
650-213-1302 office
650-969-2124 fax
On Aug 12, 2006, at 7:44 AM, Todd Vierling wrote:
>
> On 8/11/06, Christopher L. Morrow
> <christopher.morrow@verizonbusiness.com> wrote:
>> > It's also a great time to plant some file that POOF the authorities
>> > will decrypt & show it's kiddie porn. {Or just hide same in your
>> > browser cache.} Do YOU know what every frigging file on your
>> > machine is?
>>
>> and here I was thinking: "Quick! buy stock in whole disk encryption
>> software makers!"
>
> Any laptop NOT using full disk encryption from the moment of boot-up
> is begging for trouble. As has been pointed out many times, laptops
> DO get lost, and not just in airline facilities.
>
> This can be accomplished with just about any OS. Some require loading
> an OS kernel first with a custom ramdisk or mini-partition to kick off
> the encrypted disk driver; others can use off the shelf products
> designed expressly for this purpose.
>
> The only thing that bugs most people about full disk encryption is
> that it often doesn't support "hibernation" -- but if the hardware has
> a standby power save mode that is low enough on power consumption (S3
> or similar), that shouldn't be a problem.
>
> --
> -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
--Apple-Mail-10--1040397304
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=ISO-8859-1
<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><BR><DIV> <SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><DIV>Why not put =
critical or proprietary files on a flash key? I carry a 4G flash key on =
my keyring. Airport security has never given it a second</DIV><DIV>look. =
If the laptop ends up in the hands of a sticky-fingered baggage handler =
(or the TSA), there's nothing there for them to find.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>And, to defeat the nosey =
customs folk who now want to login and rummage around your files when =
you enter the US, create a dummy</DIV><DIV>account and give them that =
login when they insist on inspecting your laptop for "child porn". I've =
got nothing to hide, but I don't want some</DIV><DIV>ham handed idiot =
accidently deleting stuff either...</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Joe =
McGuckin</DIV><DIV>ViaNet Communications</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><A =
href=3D"mailto:joe@via.net">joe@via.net</A></DIV><DIV>650-207-0372 =
cell</DIV><DIV>650-213-1302 office</DIV><DIV>650-969-2124 =
fax</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><BR =
class=3D"Apple-interchange-newline"></SPAN></SPAN> =
</DIV><BR><DIV><DIV>On Aug 12, 2006, at 7:44 AM, Todd Vierling =
wrote:</DIV><BR class=3D"Apple-interchange-newline"><BLOCKQUOTE =
type=3D"cite"><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">On 8/11/06, Christopher L. Morrow</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><<A =
href=3D"mailto:christopher.morrow@verizonbusiness.com">christopher.morrow@=
verizonbusiness.com</A>> wrote:</DIV> <BLOCKQUOTE type=3D"cite"><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">> It's also a great time to plant some file that =
POOF the authorities</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">> will decrypt & =
show it's kiddie porn. {Or just hide same in your</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">> browser cache.} Do YOU know what every frigging =
file on your</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">> machine is?</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">and here =
I was thinking: "Quick! buy stock in whole disk encryption</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">software makers!"</DIV> </BLOCKQUOTE><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Any =
laptop NOT using full disk encryption from the moment of =
boot-up</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">is begging for trouble.<SPAN =
class=3D"Apple-converted-space">=A0 </SPAN>As has been pointed out many =
times, laptops</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">DO get lost, and not just in =
airline facilities.</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; =
"><BR></DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">This can be accomplished with =
just about any OS.<SPAN class=3D"Apple-converted-space">=A0 </SPAN>Some =
require loading</DIV><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; ">an OS kernel first with a custom =
ramdisk or mini-partition to kick off</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">the =
encrypted disk driver; others can use off the shelf products</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">designed expressly for this purpose.</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">The only =
thing that bugs most people about full disk encryption is</DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; ">that it often doesn't support "hibernation" -- but =
if the hardware has</DIV><DIV style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; ">a standby power save mode =
that is low enough on power consumption (S3</DIV><DIV style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">or =
similar), that shouldn't be a problem.</DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
min-height: 14px; "><BR></DIV><DIV style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">--<SPAN =
class=3D"Apple-converted-space">=A0</SPAN></DIV><DIV style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">-- Todd =
Vierling <<A href=3D"mailto:tv@duh.org">tv@duh.org</A>> <<A =
href=3D"mailto:tv@pobox.com">tv@pobox.com</A>> <<A =
href=3D"mailto:todd@vierling.name">todd@vierling.name</A>></DIV> =
</BLOCKQUOTE></DIV><BR></BODY></HTML>=
--Apple-Mail-10--1040397304--
