Do you really feel safe after you post on the Internet?

[Rodahn]

To see your web address, just go to

www.whatismyip.com/

 

[garb811]

Just don't think that encryption is a panacea.

Sure, if you're to the point that you have material on your HD which is valuable enough and have attracted the attention of someone with the technical and physical capabilities for them to pull an attack like this off.  This is one of those "security holes" that looks scary in the lab but which is almost impossible to pull off IRL; doing something in the controlled environment of a lab does not mean it is anything beyond a theoretical threat.  Plus, the simple step of properly powering down the computer makes this impossible to pull off.

For 99.9% of us, this is a non-issue and we should be worrying more about having our laptop stolen for pawning rather than staying awake at night worrying someone is going to throw it into a vat of liquid nitrogen to try to strip the key out of volatile memory.

EDIT TO ADD:  And, a much more credible threat to this problem is to install a keystroke logger.  Walk by the target computer while it is on, pop a prepared flashdrive into a USB port and it's probably done as the vast, vast majority of computers do not have their USB ports blocked.  No need for anything fancy, the KISS principle works in espionage just like the military.

 

[Franko]

Something from the CF on this, shared in accordance with the "fair dealing" provisions, Section 29, of the Copyright Act.

Military warns soldiers not to post info on Facebook
CBC.ca, 25 Feb 08, 20:10 PM MT
Article link

The Defence Department is advising Canadian soldiers not to post personal photos and information on social networking websites like Facebook, citing security concerns.

<snip>

But Sunil Ram, a professor of military history and land warfare at American Military University, questioned the military's warnings about posting information online.

"What we're really talking about is censorship more than anything else," he said on Monday. "This is the military's attempt to control the imagery of what is actually happening on the ground."

Come on Ram, use that noodle of yours for one second will you?

There have been pictures in the past that were very much OPSEC concerns and violations, Lord only knows what will pop up in the future.

From one good picture you can gather all kinds of information, all it takes is one moment of poor judgment on a soldier's part and it's out there for ANYONE to see.

But you only see a conspiracy.        :

Regards

 

[Eye In The Sky]

Even if it is powered off there are still ways for hackers to access data.

Would you mind telling how a hacker gets data from a powered-down system?  (assuming you mean remotely, that is, as opposed to slaving your HDD to their machine). 

 

[NL_engineer]

Would you mind telling how a hacker gets data from a powered-down system?  (assuming you mean remotely, that is, as opposed to slaving your HDD to their machine). 

I meant physicaly, (thats the only way I can see it being done) but I will have to ask a friend now, as you got me wondering if remotely is still possible after the system is shut down.

 

[hauger]

Would you mind telling how a hacker gets data from a powered-down system?  (assuming you mean remotely, that is, as opposed to slaving your HDD to their machine). 

I'm not entirely sure of the mechanics, but the gist of it works like this.  Someone steals a laptop with an encrypted HDD on it.  The encryption key is stored in DRAM, so, the evil hacker monkey who's out to get you plugs a bootable USB key it which has a naughty little piece of software on it that, upon booting, dumps the contents of the DRAM onto the key.  Now all our anti-hero has to do is grab the key from the USB key (following all the keys?) and they've cracked your HDD encryption.

Way # 2 is to, very shortly after the laptop's powered down, freeze the DRAM with a re fridgerant that keeps the DRAM info from fading away.  Then, with the encryption key happily frozen on the DRAM, they remove the ram, check the key, then get down to the business of looking at all your vacation photos you'd so diligently encrypted.

Search for it on google, it was big nerd-news last week.

 

[Eye In The Sky]

NL_engineer

Don't waste your time or emabrass yourself...its not (remotely).   ;D

 

[Eye In The Sky]

Hauger,

Key word in my post was remotely 

 

[garb811]

It is also possible to power on a system remotely if it's Network Interface Card is "Wake on LAN".  Look at the your NIC when you have powered down your computer, if it is still lit-up, you have a WOL enabled card and theoretcially someone could power on your computer remotely.  If they knew your schedule they could power up your machine, log on via a trojan, do what ever they wanted and power down afterwards and you'd never be the wiser.

Wake on LAN mini Howto

Hauger:  That's the attack described in the article Yrys posted.

 

[Mike Baker]

Here is a pretty good video, espically about Facebook, on Cyberstalking.