Author Topic: Do you really feel safe after you post on the Internet?  (Read 25172 times)

0 Members and 1 Guest are viewing this topic.

Offline Tommy

  • If you dont fill out your Claim properly, the Terrorists Win...
  • Sr. Member
  • *****
  • 8,035
  • Rate Post
  • Posts: 889
  • This Space for Rent - Enquire Within
    • iRock
Re: Do you really feel safe after you post on the Internet?
« Reply #50 on: February 29, 2008, 01:54:18 »
Which would explain the knee jerk reaction Ive seen from several co-workers when they caught wind of a new CANFORGEN comming out regarding facebook. and they removed everything military on it... well... everything that they have control over.....

Personally I am going to read the damned thing first, and go from there.... Im all for OPSEC and PERSEC and all that Jazz... but when the official sites still have Combat Camera, the Maple Leaf news paper etc... and the Army Website puts up most of the specs on the damned vehicles for all to see, then I'll wait, watch and shoot, and exercise a little common sense with it all...

until I need to start getting all super paranoid...... so far so good....
Tommy is retired now so he can say any opinion he darned well pleases so long as it stays within the forum guidelines :D

Offline Yrys

  • α-γνωστικισμός
  • Army.ca Veteran
  • *****
  • 31,350
  • Rate Post
  • Posts: 3,195
  • You can deprive the body but the soul needs choco!
Re: Do you really feel safe after you post on the Internet?
« Reply #51 on: February 29, 2008, 01:56:18 »
until I need to start getting all super paranoid

I'm a civil, so I may be wrong, but when that time come, won't it be already too late ?
Louvre website

"Happiness is beneficial for the body, but it is grief that develops the powers of the mind."  Marcel Proust

Offline sober_ruski

  • Member
  • ****
  • 60
  • Rate Post
  • Posts: 122
Re: Do you really feel safe after you post on the Internet?
« Reply #52 on: February 29, 2008, 17:22:35 »
If you want to know what can be done with data aggregators and your personal data, check this site:

http://www.zoominfo.com/

Well, apparently nothing :D

Offline JesseWZ

  • Directing Staff
  • Sr. Member
  • *
  • 44,755
  • Rate Post
  • Posts: 568
Re: Do you really feel safe after you post on the Internet?
« Reply #53 on: February 29, 2008, 19:32:06 »
I am not on the DIN by virtue of being in ROTP at a Civi university. When this Facebook CANFORGEN comes out, is there a publicly available place to view it?
I will be seen and not heard... I will be seen and not heard... I will be seen and not heard...

Offline Michael O'Leary

  • The moral high ground cannot be dominated by fire alone, it must be occupied to be claimed as held.
  • Army.ca Fixture
  • *****
  • 343,640
  • Rate Post
  • Posts: 9,685
    • The Regimental Rogue
Re: Do you really feel safe after you post on the Internet?
« Reply #54 on: February 29, 2008, 20:06:12 »
I am not on the DIN by virtue of being in ROTP at a Civi university. When this Facebook CANFORGEN comes out, is there a publicly available place to view it?

Someone will probably post it here, likely in this very thread.

Offline Guy Incognito

  • Member
  • ****
  • 20,155
  • Rate Post
  • Posts: 241
Re: Do you really feel safe after you post on the Internet?
« Reply #55 on: March 01, 2008, 13:29:09 »
Recieved via email:

CANFORGEN 038/08 SJS 007 122025Z FEB 08
OPERATIONAL SECURITY
UNCLASSIFIED
REF: A-SJ-100-001, NATIONAL DEFENCE SECURITY INSTRUCTIONS (NDSI) -
30 SEP 98
1.THERE IS A HIGH LEVEL OF RISK INHERENT IN SOME OF OUR ONGOING MILITARY OPERATIONS. THE NEED TO SAFEGUARD OUR PLANS VULNERABILITIES AND TO PROTECT OUR INTENT FROM AN ADVERSARY IS A FUNDAMENTAL PART OF HOW WE CONDUCT MILITARY OPERATIONS. TRADITIONAL SECURITY MEASURES SUCH AS: PROTECTING VITAL INTERESTS AGAINST THEFT, DIVERSION AND SABOTAGE, DENYING UNAUTHORIZED PERSONS ACCESS TO VITAL INFORMATION ABOUT OUR OWN CAPABILITIES AND INTENTIONS, AND ASSURING THE LOYALTY AND RELIABILITY OF THOSE PERSONS WHO ARE AUTHORIZED TO HAVE ACCESS TO CLASSIFIED OR OTHERWISE SENSITIVE ASSETS, CONTINUE TO BE AN IMPORTANT ELEMENT OF OUR DAILY ROUTINE ACTIVITIES. WHAT I WOULD LIKE TO STRESS, HOWEVER, IS THE INCREASED PERSONAL AND COLLECTIVE VIGILANCE WE MUST ADOPT AGAINST THE INADVERTENT RELEASE OF INFORMATION, WHICH COULD BE EXPLOITED BY AN ADVERSARY
2.CANADIAN OPERATIONS ARE TAKING PLACE IN A VARIETY OF ENVIRONMENTS IN WHICH INFORMATION CAN BE READILY COLLECTED AND SHARED WORLDWIDE, IN NEAR REAL TIME. THE POTENTIAL SOURCES OF INFORMATION FOR AN ADVERSARY INCLUDE THE FULL RANGE OF OPERATIONAL, LOGISTICAL, ADMINISTRATIVE, FORCE DEVELOPMENT, AND PROCUREMENT DOCUMENTS. THEY ALSO INCLUDE FORMAL OR INFORMAL BRIEFINGS, DND OR CF WEBSITES, AND OFFICIAL OR UNOFFICIAL EMAIL EXCHANGES, CONVERSATIONS, WEB-BLOGS AND PHOTOGRAPHS AS WELL AS MOST ANY OTHER METHOD OF CONVEYING INFORMATION FROM ONE PARTY TO ANOTHER. WE MUST ALL THEREFORE BE MINDFUL OF THE NEED TO PROTECT OPERATIONALLY SENSITIVE INFORMATION, EVEN THOUGH THE INFORMATION MAY APPEAR INSIGNIFICANT ON ITS OWN. THE CAPABILITY OF AN ADVERSARY TO QUICKLY COLLECT AND PIECE TOGETHER INFORMATION CANNOT BE DISMISSED
3.THE NATIONAL DEFENCE SECURITY INSTRUCTIONS (NDSI) AT REF, DEFINE OPERATIONS SECURITY OR OPSEC AS AN OPERATIONAL DISCIPLINE DESIGNED TO DENY ACCESS TO, AND PROTECT OPERATIONALLY SENSITIVE INFORMATION FROM AN ENEMY, ADVERSARY OR ANYONE WHO COULD EXPLOIT THE INFORMATION OR INTENTIONS, CAPABILITIES, LIMITATIONS AND ACTIVITIES OF AN ORGANIZATION. THE BASICS OF OPERATIONS SECURITY (OPSEC) ARE EASILY UNDERSTOOD AND CAN BE EFFECTIVE IN SUPPORTING MISSION SUCCESS WHILE KEEPING PERSONNEL SAFE. SIMPLY PUT, OPSEC IS A WAY OF THINKING THAT REQUIRES US TO BE ATTENTIVE TO INFORMATION THAT IS OPERATIONALLY SENSITIVE OR DESIRABLE TO AN ADVERSARY, AND THEN TO TAKE PROACTIVE STEPS TO SAFEGUARD IT
4.OPERATIONAL SECURITY IS BOTH A PERSONAL AND A COMMAND RESPONSIBILITY. COMMANDERS AT ALL LEVELS SHALL INSTITUTE APPROPRIATE MECHANISMS USING THE OPSEC PROCESS TO IDENTIFY OPERATIONALLY SENSITIVE INFORMATION, AND SHALL ESTABLISH COORDINATED PROACTIVE MEASURES TO SAFEGUARD INFORMATION UNTIL SUCH TIME THAT THE RELEASE OF ANY PARTICULAR INFORMATION WILL NOT GIVE ANY ADVANTAGE TO AN ADVERSARY
5.IN GENERAL, WHEN ASSESSING THE SENSITIVITY OF INFORMATION, ANY INFORMATION DEALING WITH PERSONNEL, EQUIPMENT, INSTALLATION OR OPERATIONS COULD VERY WELL BE SENSITIVE, IF NOT SECRET, AND IF SO MUST BE PROTECTED FROM INAPPROPRIATE, INADVERTENT OR UNAUTHORIZED RELEASE. THIS APPLIES TO BOTH INFORMATION RELATING TO NATIONAL ISSUES AND ACTIVITIES, AS WELL AS ALL INFORMATION PROVIDED TO CANADA IN CONFIDENCE BY OUR ALLIES. SPECIFIC CATEGORIES OF OPSEC ARE OUTLINED AS FOLLOWS:

5.A. PERSONNEL RESPONSIBLE FOR PREPARING INFORMATION FOR RELEASE TO THE PUBLIC MUST ENSURE THAT OPERATIONALLY SENSITIVE INFORMATION IS PROTECTED FROM INADVERTENT RELEASE. THOSE PERSONNEL RESPONSIBLE FOR RESPONDING TO REQUESTS UNDER THE ACCESS TO INFORMATION ACT MUST BE FAMILIAR WITH THE ACT, AS WELL AS WITH THE PROCEDURES THAT HAVE BEEN PUT IN PLACE TO REVIEW OPERATIONALLY SENSITIVE MATERIAL BY THE INFORMATION SUPPORT TEAM ESTABLISHED FOR THAT PURPOSE WITHIN THE STRATEGIC JOINT STAFF

5.B. THE USE OF THE INTERNET CAN BE AN INVALUABLE TOOL FOR MANY THINGS, NOT THE LEAST OF WHICH IS TO STAY IN CONTACT WITH THOSE AT HOME WHILE PERSONNEL ARE DEPLOYED. IT IS IMPORTANT TO BE AWARE THAT THE INTERNET IS NOT SECURE. ALL TRAFFIC CAN BE MONITORED, AND MUCH OF IT IS OPEN TO INADVERTENT EXPLOITATION. ONLY UNCLASSIFIED/NON-SENSITIVE INFORMATION IS TO BE SENT ON THE INTERNET/DWAN OR STORED ON UNCLASSIFIED COMPUTERS. SENSITIVE INFORMATION MUST NOT BE PASSED ON, OR STORED ON COMPUTERS CONNECTED TO, THE INTERNET

5.C. IF NOT PROPERLY MANAGED WEBSITES, FORMAL OR INFORMAL, AND UNIT, FORMATION, OR OTHER NEWSLETTERS AND SIMILAR PUBLICATIONS CAN BE A MAJOR SOURCE OF INFORMATION FOR THE ENEMY. DND AND CF WEB SITES AND NEWSLETTERS MUST NOT DISCLOSE SENSITIVE INFORMATION, SUCH AS THE SPECIFIC CAPABILITIES OF OUR WEAPON SYSTEMS, THE DETAILS OF OUR OPERATING PROCEDURES OR OUR ORDER OF BATTLE, AND VERY IMPORTANTLY INFORMATION THAT CAN LEAD TO THE ENEMY BEING ABLE TO IDENTIFY AND THEREFORE TARGET INDIVIDUALS OR ORGANIZATIONS COOPERATING WITH THE CANADIAN FORCES OR ITS ALLIES IN AN OPERATIONAL AREA

5.D. PHOTOGRAPHS AND VIDEOS (E.G. YOU TUBE, ETC.) POSTED TO THE WEB IN ANY CAPACITY, INCLUDING DND/CF WEBSITES, SOCIAL NETWORK SITES, PERSONAL BLOGS, OR E-MAIL OR OTHER WEB-BASED CORRESPONDENCE (SUCH AS CHAT) MUST BE CAREFULLY CONSIDERED BEFOREHAND TO ENSURE THAT THEY DO NOT CONTAIN ANY INFORMATION THAT CAN BE OF USE TO THE ENEMY

5.E. SENSITIVE INFORMATION, WHETHER CLASSIFIED OR UNCLASSIFIED, SUCH AS OUR TACTICS, TECHNIQUES, AND PROCEDURES, OR OUR OPERATIONAL, ADMINISTRATIVE, AND LOGISTIC PLANS (INCLUDING OUR MOVEMENT PLANS), SHOULD NEVER BE DISCLOSED IN ANY UNCLASSIFIED WEB-BASED FORUM, PASSED BY INSECURE E-MAIL OR TELEPHONE, NOR DISCUSSED IN ANY MANNER WITH PERSONS WHO DO NOT HAVE A NEED TO KNOW

5.F. DOCUMENTATION MUST BE PROTECTED. IF YOU DO NOT WORK IN A CLASSIFIED AREA, YOUR SPACE MUST BE SECURED IF YOU ARE GOING TO BE ABSENT FOR MORE THAN A SHORT PERIOD OF TIME. CO-WORKERS IN ADJOINING CUBICLES SHOULD BE MADE AWARE OF YOUR ABSENCE AND LOCATION IF YOU WILL BE AWAY FROM YOUR DESK FOR SHORT-PERIODS OF TIME

5.G. CLASSIFIED OR SENSITIVE MATERIAL IS TO BE DISPOSED OF BY APPROVED METHODS. BLUE RECYCLING WASTEBASKETS ARE TO BE REMOVED OR MADE DIFFICULT TO ACCESS WHEREVER THERE IS A CHANCE UNCLASSIFIED INFORMATION CAN BECOME CROSS-CONTAMINATED WITH SENSITIVE OR CLASSIFIED MATERIAL - PARTICULARLY AROUND PRINTERS OR COPYING MACHINES

5.H. INFORMATION THAT FALLS INTO THE ABOVE BROAD CATEGORIES MUST NOT BE DISCUSSED IN PUBLIC PLACES, AND ONLY WITH A PERSON WHO HAS THE NEED TO KNOW. EVEN WITHIN DND BUILDINGS, CLASSIFIED OR SENSITIVE CONVERSATIONS MUST TAKE PLACE ONLY IN APPROPRIATELY CLEARED LOCATIONS
6.FINALLY, WE MUST ALSO REMEMBER THAT WHEN WE RETURN FROM DEPLOYED OPERATIONS, THE MISSION MAY HAVE ENDED FOR US, BUT IS LIKELY ON-GOING FOR SOMEONE ELSE. THEREFORE, WE MUST NOT LET OUR GUARD DOWN, BUT CONTINUE TO MANAGE AND CONTROL CLASSIFIED, SENSITIVE OR VALUABLE INFORMATION AND ASSETS DILIGENTLY TO PROTECT BOTH THE INTEGRITY OF THE ON-GOING MISSION AND THE LIVES OF CANADIAN AND ALLIED SOLDIERS, SAILORS, AND AIR PERSONNEL INVOLVED
7.THE ABOVE LIST IS NOT EXHAUSTIVE, AND EACH MEMBER MUST MAKE IT HIS OR HER PERSONAL RESPONSIBILITY TO ENSURE SENSITIVE INFORMATION IS NOT COMPROMISED. IF IN DOUBT, TREAT IT AS CLASSIFIED. THE CANADIAN FORCES ARE ENGAGED IN COMBAT OPERATIONS AND THE SAFETY AND WELFARE OF OUR PEOPLE ARE AT STAKE THINK OPSEC. WE MUST ALL DO OUR PART

Offline Yrys

  • α-γνωστικισμός
  • Army.ca Veteran
  • *****
  • 31,350
  • Rate Post
  • Posts: 3,195
  • You can deprive the body but the soul needs choco!
Re: Do you really feel safe after you post on the Internet?
« Reply #56 on: March 01, 2008, 13:35:00 »
Civilian question :

Recieved via email:

30 SEP 98

Does that mean they released that memo in 98 and are replublising it now ?
Louvre website

"Happiness is beneficial for the body, but it is grief that develops the powers of the mind."  Marcel Proust

Offline Teddy Ruxpin

  • Army.ca Veteran
  • *****
  • 3,380
  • Rate Post
  • Posts: 2,064
  • Grumpy Bear
Re: Do you really feel safe after you post on the Internet?
« Reply #57 on: March 01, 2008, 13:36:19 »
30 Sep 98 is when the reference came out.

Aside from the CANFORGEN noted above (which is hardly new information - similar warnings have come out from time to time), there is no "Facebook" message and nothing published that pertains to Facebook.  

And before someone posts an e-mail that states the opposite, I have one coined word to offer: "DINspam".   ;)
A man may fight for many things. His country, his friends, his principles, the glistening tear on the cheek of a golden child. But personally, I'd mud-wrestle my own mother for a ton of cash, an amusing clock and a sack of French porn.

Dulce bellum inexpertis.

Offline Yrys

  • α-γνωστικισμός
  • Army.ca Veteran
  • *****
  • 31,350
  • Rate Post
  • Posts: 3,195
  • You can deprive the body but the soul needs choco!
Re: Do you really feel safe after you post on the Internet?
« Reply #58 on: March 10, 2008, 23:29:18 »
And, you should really, really be considering moving to an encryption system for your email.  Like anything else on the web it is liable to interception without too much difficulty and it also leaves electronic tracks on any server it passes through.  There are very good, high quality products out there that you can use (some of which are free) to help safeguard your privacy.  Check out Hushmail, Pretty Good Privacy or gnuPG/GPG4win.  Hushmail has the added benefit that most other Webmail accounts lack of not sending your IP address in the header of the email.

Just don't think that encryption is a panacea.

Memory trick breaks PC encryption

Quote
Encrypted information held on a laptop is more vulnerable than previously thought, US research has shown.

Scientists have shown that it is possible to recover the key that unscrambles data from a PC's memory. It was previously thought that data
held in so-called "volatile memory" was only retained for a few seconds after the machine was switched off. But the team found that data
including encryption keys could be held and retrieved for up to several minutes."It was widely believed that when you cut the power to the
computer that the information in the volatile memory would disappear, and what we found was that was not the case," Professor Edward
Felten of the University of Princeton told BBC World Service's Digital Planet programme.

Volatile memory is typically used in random access memory (RAM), which is used as temporary storage for programs and data when the
computer is switched on.

Deep sleep

Disc encryption is the main method by which companies and governments protect sensitive information. "The key to making it work is to
keep the encryption key secret," explained Professor Felten. Encryption has recently become a hot topic after a number of laptops containing
 personal records were lost or stolen. "What we have found was that the encryption keys needed to access these encrypted files were available
in the memory of laptops," he said. "The information was available for seconds or minutes."

In theory, this is enough time for a hacker or attacker to retrieve the key from the memory chips. "The real worry is that someone will get hold
 of your laptop either while it is turned on or while it is in sleeping or hibernation mode," said Professor Felten. In these modes the laptop is not
 running, but information is still stored in RAM to allow it to "wake up" quickly. "The person will get the laptop, cut the power and then re-attach
the power, and by doing that will get access to the contents of memory - including the critical encryption keys."

Cool running

Switching the machine off and on is critical to any attack. "When it comes out of sleep mode the operating system is there and it is trying to
protect this data," explained Professor Felten. But a full power-down followed by a swift re-start removes this protection. "By cutting the power
and then bringing it back, the adversary can get rid of the operating system and get access directly to the memory." Professor Felten and his team
found that cooling the laptop enhanced the retention of data in memory chips.

"The information stays in the memory for much longer - 10 minutes or more," he said.

For example, where information stays in a computer for around 15 seconds under normal conditions, a laptop cooled to about -50C will keep
information in its memory for 10 minutes or more. Professor Felten said that the best way to protect a computer was to shut it down fully several
minutes before going into any situation in which the machine's physical security could be compromised. "Simply locking your screen or switching
to 'suspend' or 'hibernate' mode will not provide adequate protection," he added. "It does cast some doubt on the value of encryption. I think that
over time the encryption products will adapt to this and they will find new ways of protecting information."

link
Louvre website

"Happiness is beneficial for the body, but it is grief that develops the powers of the mind."  Marcel Proust

Offline NL_engineer

  • CHIMO
  • Army.ca Veteran
  • *****
  • 8,545
  • Rate Post
  • Posts: 1,098
Re: Do you really feel safe after you post on the Internet?
« Reply #59 on: March 11, 2008, 12:03:08 »
Looks like a self destruct device is in order, at least that way the the information can't fall into the wrong hands, and the would be hacker gets what he deserves  ;D

Even if it is powered off there are still ways for hackers to access data.

Note to any Taliban and AQ personnel on the Form:  ALL SUICIDE VESTS AND EXPLOSIVE DEVICES MUST BE TESTED TO INSURE THEY WORK BEFORE GOING AFTER A TARGET.

This is a measure to save any embarrassment that may occur when your explosive device, does not function as it is intended to.

It has come to my attention that these measures are not being followed, so for all Taliban; please refer to the above.

Thank you for your cooperation

Offline Rodahn

  • Veni, Vidi, Volo in Domum Redire!
  • Full Member
  • *****
  • 1,380
  • Rate Post
  • Posts: 477
  • Ego ita confusus!!!
Re: Do you really feel safe after you post on the Internet?
« Reply #60 on: March 11, 2008, 12:36:08 »
To see your web address, just go to

www.whatismyip.com/
Nihil declaro!

Me transmitte sursum, Caledoni!

Noli nothis permittere te terere!

Online garb811

  • MP/MPO Question Answerer
  • Directing Staff
  • Army.ca Veteran
  • *
  • 92,335
  • Rate Post
  • Posts: 1,682
Re: Do you really feel safe after you post on the Internet?
« Reply #61 on: March 11, 2008, 14:25:11 »
Just don't think that encryption is a panacea.

Sure, if you're to the point that you have material on your HD which is valuable enough and have attracted the attention of someone with the technical and physical capabilities for them to pull an attack like this off.  This is one of those "security holes" that looks scary in the lab but which is almost impossible to pull off IRL; doing something in the controlled environment of a lab does not mean it is anything beyond a theoretical threat.  Plus, the simple step of properly powering down the computer makes this impossible to pull off.

For 99.9% of us, this is a non-issue and we should be worrying more about having our laptop stolen for pawning rather than staying awake at night worrying someone is going to throw it into a vat of liquid nitrogen to try to strip the key out of volatile memory.

EDIT TO ADD:  And, a much more credible threat to this problem is to install a keystroke logger.  Walk by the target computer while it is on, pop a prepared flashdrive into a USB port and it's probably done as the vast, vast majority of computers do not have their USB ports blocked.  No need for anything fancy, the KISS principle works in espionage just like the military.
« Last Edit: March 11, 2008, 14:37:36 by garb811 »

Offline Nerf herder

  • Directing Staff
  • Army.ca Fixture
  • *
  • 24,986
  • Rate Post
  • Posts: 8,055
  • The usual suspect.
Re: Do you really feel safe after you post on the Internet?
« Reply #62 on: March 11, 2008, 14:26:30 »
Something from the CF on this, shared in accordance with the "fair dealing" provisions, Section 29, of the Copyright Act.

Military warns soldiers not to post info on Facebook
CBC.ca, 25 Feb 08, 20:10 PM MT
Article link

The Defence Department is advising Canadian soldiers not to post personal photos and information on social networking websites like Facebook, citing security concerns.

<snip>

But Sunil Ram, a professor of military history and land warfare at American Military University, questioned the military's warnings about posting information online.

"What we're really talking about is censorship more than anything else," he said on Monday. "This is the military's attempt to control the imagery of what is actually happening on the ground."



Come on Ram, use that noodle of yours for one second will you?

There have been pictures in the past that were very much OPSEC concerns and violations, Lord only knows what will pop up in the future.

From one good picture you can gather all kinds of information, all it takes is one moment of poor judgment on a soldier's part and it's out there for ANYONE to see.

But you only see a conspiracy.        ::)

Regards
Those who beat their swords into plowshares usually end up plowing for those who kept their swords.--Ben Franklin

"Going to war without France is like going deer hunting without your accordion."
    -Norman Schwartzkopf

Offline Eye In The Sky

  • Army.ca Fixture
  • *****
  • 228,270
  • Rate Post
  • Posts: 9,015
    • VP INTERNATIONAL
Re: Do you really feel safe after you post on the Internet?
« Reply #63 on: March 11, 2008, 14:36:23 »
Even if it is powered off there are still ways for hackers to access data.

Would you mind telling how a hacker gets data from a powered-down system?  (assuming you mean remotely, that is, as opposed to slaving your HDD to their machine). 
"What a f$$kin' week!" - me, every Monday at about 1130hrs.

Offline NL_engineer

  • CHIMO
  • Army.ca Veteran
  • *****
  • 8,545
  • Rate Post
  • Posts: 1,098
Re: Do you really feel safe after you post on the Internet?
« Reply #64 on: March 11, 2008, 14:57:33 »
Would you mind telling how a hacker gets data from a powered-down system?  (assuming you mean remotely, that is, as opposed to slaving your HDD to their machine). 


I meant physicaly, (thats the only way I can see it being done) but I will have to ask a friend now, as you got me wondering if remotely is still possible after the system is shut down.
Note to any Taliban and AQ personnel on the Form:  ALL SUICIDE VESTS AND EXPLOSIVE DEVICES MUST BE TESTED TO INSURE THEY WORK BEFORE GOING AFTER A TARGET.

This is a measure to save any embarrassment that may occur when your explosive device, does not function as it is intended to.

It has come to my attention that these measures are not being followed, so for all Taliban; please refer to the above.

Thank you for your cooperation

Offline hauger

  • Member
  • ****
  • 1,380
  • Rate Post
  • Posts: 114
Re: Do you really feel safe after you post on the Internet?
« Reply #65 on: March 11, 2008, 15:03:30 »
Would you mind telling how a hacker gets data from a powered-down system?  (assuming you mean remotely, that is, as opposed to slaving your HDD to their machine). 

I'm not entirely sure of the mechanics, but the gist of it works like this.  Someone steals a laptop with an encrypted HDD on it.  The encryption key is stored in DRAM, so, the evil hacker monkey who's out to get you plugs a bootable USB key it which has a naughty little piece of software on it that, upon booting, dumps the contents of the DRAM onto the key.  Now all our anti-hero has to do is grab the key from the USB key (following all the keys?) and they've cracked your HDD encryption.

Way # 2 is to, very shortly after the laptop's powered down, freeze the DRAM with a re fridgerant that keeps the DRAM info from fading away.  Then, with the encryption key happily frozen on the DRAM, they remove the ram, check the key, then get down to the business of looking at all your vacation photos you'd so diligently encrypted.

Search for it on google, it was big nerd-news last week.

Offline Eye In The Sky

  • Army.ca Fixture
  • *****
  • 228,270
  • Rate Post
  • Posts: 9,015
    • VP INTERNATIONAL
Re: Do you really feel safe after you post on the Internet?
« Reply #66 on: March 11, 2008, 15:03:55 »
NL_engineer

Don't waste your time or emabrass yourself...its not (remotely).   ;D
"What a f$$kin' week!" - me, every Monday at about 1130hrs.

Offline Eye In The Sky

  • Army.ca Fixture
  • *****
  • 228,270
  • Rate Post
  • Posts: 9,015
    • VP INTERNATIONAL
Re: Do you really feel safe after you post on the Internet?
« Reply #67 on: March 11, 2008, 15:07:30 »
Hauger,

Key word in my post was remotely  ;)
"What a f$$kin' week!" - me, every Monday at about 1130hrs.

Online garb811

  • MP/MPO Question Answerer
  • Directing Staff
  • Army.ca Veteran
  • *
  • 92,335
  • Rate Post
  • Posts: 1,682
Re: Do you really feel safe after you post on the Internet?
« Reply #68 on: March 11, 2008, 15:08:29 »
It is also possible to power on a system remotely if it's Network Interface Card is "Wake on LAN".  Look at the your NIC when you have powered down your computer, if it is still lit-up, you have a WOL enabled card and theoretcially someone could power on your computer remotely.  If they knew your schedule they could power up your machine, log on via a trojan, do what ever they wanted and power down afterwards and you'd never be the wiser.

Wake on LAN mini Howto

Hauger:  That's the attack described in the article Yrys posted.

Offline Mr.Newf

  • King of the Granite Planet
  • Army.ca Veteran
  • *****
  • 12,335
  • Rate Post
  • Posts: 2,681
  • Fuc*in Eh!
Re: Do you really feel safe after you post on the Internet?
« Reply #69 on: March 26, 2008, 18:32:09 »
Here is a pretty good video, espically about Facebook, on Cyberstalking.
I am the one and only