.

Recommend FDE Software?

<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Mon Apr 22, 2013 1:06 pm

Recommend FDE Software?

I am getting a new MacBook and would like to start using FDE.

Which software-based FDE packages are the best?

Any that I should stay away from?

Even though I will be on a Mac, I am leaning towards using a non-Mac solution since I have some bad things about Apple's File Vault...

I suppose ease-of-installation and use are important for someone like me, too.


Tom
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Mon Apr 22, 2013 6:44 pm

Re: Recommend FDE Software?

The more I read, the more PARANOID I am becoming.

Don't know which direction to go, or who to trust?!

People say TrueCrypt is insecure.

Have read some very scary things about Apple's FileVault 2.

Going to Sophos, CheckPoint, and Symantec makes me nervous how they want to sign me up before I can even get a contact # or price...

God, I feel safer with plain text...


Tom
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Apr 23, 2013 4:51 am

Re: Recommend FDE Software?

I personally use TrueCrypt, but I believe they only offer FDE of the system drive for Windows.

I'm assuming a lot of the attacks you're concerned about are things like this: http://nakedsecurity.sophos.com/2012/02 ... on-broken/

If someone's able to get a memory dump of your running memory, it's not surprising that they're able to extract the encryption keys. Someone correct me if I'm wrong, but I think the window for these attacks is fairly small. This is because it's necessary for the passphrase/encryption key to be in memory, so if your laptop battery dies, the keys aren't going to automatically be in memory upon reboot. I think you're starting to see why we pack up our laptop and take it with us when using the restroom at a coffeeshop, etc.

If you're that concerned about it, epoxy your firewire port. Again, the random guy who steals your system to pawn/eBay probably isn't going to have the knowledge or skills to pull something like that off. You just want the barrier to be high enough that it's more convenient to format and reinstall.
The day you stop learning is the day you start becoming obsolete.
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Tue Apr 23, 2013 5:27 am

Re: Recommend FDE Software?

Like they always say - the more you know, the more paranoid you become...

Someone correct me if I'm wrong, but I think the window for these attacks is fairly small.


It depends on what you define as small. I've heard of a cold boot http://en.wikipedia.org/wiki/Cold_boot_attackattack  performed on live systems (super cool the RAM, then rip it out of the system, and transplant it into a live system) which lasts for long enough to scan for the encryption keys. Once you've got the keys, you can perform offline decryption of the HDD, or (depending on the encryption software) jsut re-type the password into the compromised machine.

Tom, like we've all been saying for a while now, it all depends on who your threat actors are. In your case, the threat actor is mostly Joe Blogs from the street, so as long as you have some kind of FDE you're probably safe.
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Tue Apr 23, 2013 4:05 pm

Re: Recommend FDE Software?

ajohnson wrote:I personally use TrueCrypt, but I believe they only offer FDE of the system drive for Windows.


I've read some pretty crazy things about TrueCrypt from "It has backdoors built in it for Law Enforcement" to "You can't do FDE on a Mac on it" to "The creators are nefarious because they don't release code and won't give out their address"

Like most people, when I see "red flags" it just turns me off, whether they are true or now.


I'm assuming a lot of the attacks you're concerned about are things like this: http://nakedsecurity.sophos.com/2012/02 ... on-broken/


No, I don't see that as a flaw - just a reality of live machines.

I was referring to this...

FileVault 2’s Apple ID Backdoor
http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-backdoor/

The gist of the article is that FileVault2 automatically checks the option to use your Apple ID as another way to log in, and there is no easy way to uncheck that without encrypting and then decrypting your HDD.

Just seems hokey.


If someone's able to get a memory dump of your running memory, it's not surprising that they're able to extract the encryption keys. Someone correct me if I'm wrong, but I think the window for these attacks is fairly small. This is because it's necessary for the passphrase/encryption key to be in memory, so if your laptop battery dies, the keys aren't going to automatically be in memory upon reboot. I think you're starting to see why we pack up our laptop and take it with us when using the restroom at a coffeeshop, etc.


Yes, you have a case!!


If you're that concerned about it, epoxy your firewire port. Again, the random guy who steals your system to pawn/eBay probably isn't going to have the knowledge or skills to pull something like that off. You just want the barrier to be high enough that it's more convenient to format and reinstall.


I had the same idea, although you'd hate to mess up a pretty new MacBook?!


Tom
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Tue Apr 23, 2013 4:18 pm

Re: Recommend FDE Software?

UKSecurityGuy wrote:Like they always say - the more you know, the more paranoid you become...


That describes me!!!


Someone correct me if I'm wrong, but I think the window for these attacks is fairly small.


It depends on what you define as small. I've heard of a cold boot http://en.wikipedia.org/wiki/Cold_boot_attackattack  performed on live systems (super cool the RAM, then rip it out of the system, and transplant it into a live system) which lasts for long enough to scan for the encryption keys. Once you've got the keys, you can perform offline decryption of the HDD, or (depending on the encryption software) jsut re-type the password into the compromised machine.[/quote]

There was something in the news - can't find it - about this a few weeks ago.


Tom, like we've all been saying for a while now, it all depends on who your threat actors are. In your case, the threat actor is mostly Joe Blogs from the street, so as long as you have some kind of FDE you're probably safe.


Well, any FDE is better than none, but I guess what has me worried is having a "false sense of security" about my security and privacy.

As discussed in another thread, a lot of people assume if they use something like HideMyAss that they are "anonymous", when it reality one hacker is doing jail time because HideMyAss ratted him out?!

Well, I have come across a few sources online this weekend that talk hidden "backdoors" in FDE software, and that the Feds coerce manufacturers of FDE to write "backdoors" to allow them access.  (Sounds like a Dick Cheney kind of plot...)

How in the hell can I trust TrueCrypt or Apple's FileVault2 and not worry that if someone really wanted to get access (e.g. Law Enforcement or The Feds) that I wouldn't be a dead duck like that HideMyAss privacy breach???  >:(

That "conspiracy" combined with the link I provided above where FileVault2 was f***ing with you during install and stayed checked as "Use my AppleID for password recovery" bugs me to no end...

Can any FDE be trusted?


Tom
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Apr 23, 2013 6:20 pm

Re: Recommend FDE Software?

I don't understand the TrueCrypt rumors. The source is available right here: http://www.truecrypt.org/downloads2

And again, what's the feasibility of a cold-boot attack? Look at the details of that attack; you can't just stick a laptop in a freezer. If someone with those kinds of resources are after your data, they'll probably sooner resort to a rubber hose attack.
Last edited by dynamik on Tue Apr 23, 2013 6:23 pm, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Tue Apr 23, 2013 10:09 pm

Re: Recommend FDE Software?

ajohnson wrote:I don't understand the TrueCrypt rumors. The source is available right here: http://www.truecrypt.org/downloads2


I didn't take notes on everything I read from this weekend, but as a whole, everyone's comments from across the Internet left me feeling not so confident with TrueCrypt - especially for Mac.


And again, what's the feasibility of a cold-boot attack? Look at the details of that attack; you can't just stick a laptop in a freezer. If someone with those kinds of resources are after your data, they'll probably sooner resort to a rubber hose attack.


I agree.

My biggest fear are undocumented "Back Doors" that would let in Law Enforcement, or in my case, Apple...

I am also increasingly worried about trusting an FDE solution when in fact I am ignorant on the real issues and it turns out that whatever I chose has gaping holes in it.

It is analogous to people who blindly trusted HideMyAss and then ended up in jail.  (Not that I am feeling sorry for hackers, but you see what I mean...)

I find it funny that every day I learn more about security, the more INsecure I feel.

You would think that after learning about Mobile Hotspots, Personal VPN's and FDE, that I would be feeling much safer.

But with every turn, I see how complicated these things really are, and all of the places where "one slip" could really screw you and your data up!!!  :-\

I have the Hotspot and Personal VPN issue taken care of, and if I can just find a bullet-proof choice for FDE, then I think I am much better off than I was before.

But I don't want to blindly adopt something because some punk in an Apple store says, "Trust me, this can never fail" when it turns out that he doesn't know what in the hell he is talking about, and me and my data end up on the 6 O'clock news?!

Since I will be buying a new MacBook, should I just use the native FileVault 2, or should I venture off and try something like Symantec's PGP?? 

(FileVault 2 would likely be less system intensive, but I don't know if it is more secure...)


Tom
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Wed Apr 24, 2013 2:00 pm

Re: Recommend FDE Software?

ajohnson wrote:... they'll probably sooner resort to a rubber hose attack.


Reading that reminded me of this: http://xkcd.com/538/
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Wed Apr 24, 2013 2:54 pm

Re: Recommend FDE Software?

m0wgli wrote:
ajohnson wrote:... they'll probably sooner resort to a rubber hose attack.


Reading that reminded me of this: http://xkcd.com/538/


Ha ha  (Yeah, I've seen that one before.)


Tom
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Apr 24, 2013 3:15 pm

Re: Recommend FDE Software?

m0wgli wrote:
ajohnson wrote:... they'll probably sooner resort to a rubber hose attack.


Reading that reminded me of this: http://xkcd.com/538/


LOL!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software