Local Encryption ... Why Not?
-
@BRRABill said:
All the more reason not to have backdoors!
Ding Ding Ding ding ding!
This is what the experts are trying to get the people on capital hill to understand.
and this latest craz - We gotta get our smartest people to find a solution to this problem. But the reality is, there is no solution. Well - actually that's not true.. the solution turns us to the movies with the CIA breaking into secure places and installing taps on devices upstream of the encryption.
-
@Dashrender said:
Just look at Juniper in the news last week!
Someone put a backdoor in their system - sure it took Juniper 7 years to find it, but that doesn't mean other hackers didn't find it earlier and exploit it.
Good timing on that one And Juniper is a huge enterprise name, not like most that get caught doing this.
-
@scottalanmiller said:
@Dashrender said:
Just look at Juniper in the news last week!
Someone put a backdoor in their system - sure it took Juniper 7 years to find it, but that doesn't mean other hackers didn't find it earlier and exploit it.
Good timing on that one And Juniper is a huge enterprise name, not like most that get caught doing this.
Who had the open port earlier this year? and when they released a patch, they didn't close it, instead they just required a knock first to open it.
There are tons of these back doors discovered by security researchers who responsibly report them every month. I can only imagine all the back doors that are discovered by hackers and kept secret. Hell Stuxnet had at least 3 Zero day exploits in it. And that other security company that was hacked and their 4+ GB of data published on the internet - I don't remember how many Flash exploits, etc they were holding onto for their 'customers'.
-
I can't remember who it was earlier this year.
-
There are so many exploits like this kept secret by black hats and/or governments (assuming you don't consider the two one and the same.) Tons of it is kept private for personal use, tons is shared, tons is sold. The info is out there and anyone who has it and doesn't expose it isn't a good guy. Simply by receiving information that someone has been exploited and keeping that secret from them makes you (you typically being a government) one of the bad guys.
-
@scottalanmiller said:
There are so many exploits like this kept secret by black hats and/or governments (assuming you don't consider the two one and the same.) Tons of it is kept private for personal use, tons is shared, tons is sold. The info is out there and anyone who has it and doesn't expose it isn't a good guy. Simply by receiving information that someone has been exploited and keeping that secret from them makes you (you typically being a government) one of the bad guys.
This, a thousand times, this!
-
More than two years since our last update on this one!
-
Still think FDE is a good way to go to protect against the non "deep state" hackers.
-
@brrabill said in Local Encryption ... Why Not?:
Still think FDE is a good way to go to protect against the non "deep state" hackers.
FDE does nothing against hacking, though, but is effective against people who walk off with your desktops. But hackers would never even know FDE was there, it's bypassed once the machine is powered on.
-
Right, I mean when the careless CEO leaves his laptop in an airport and you're just trying to protect the goods from a 14 year old kid with a Windows 10 ISO.
-
@scottalanmiller said in Local Encryption ... Why Not?:
@brrabill said in Local Encryption ... Why Not?:
Still think FDE is a good way to go to protect against the non "deep state" hackers.
FDE does nothing against hacking, though, but is effective against people who walk off with your desktops. But hackers would never even know FDE was there, it's bypassed once the machine is powered on.
Unless you use LUKS with passwords or something like a Yubikey.
-
@stacksofplates said in Local Encryption ... Why Not?:
@scottalanmiller said in Local Encryption ... Why Not?:
@brrabill said in Local Encryption ... Why Not?:
Still think FDE is a good way to go to protect against the non "deep state" hackers.
FDE does nothing against hacking, though, but is effective against people who walk off with your desktops. But hackers would never even know FDE was there, it's bypassed once the machine is powered on.
Unless you use LUKS with passwords or something like a Yubikey.
This is a gripe I've had with Bitlocker. Ya it's encrypted so someone can't just take a drive, but if they take the whole system it's unencrypted with the push of a button. I'm willing to bet you could get a shim between the drive and the SATA port to read data flowing. Of course this is completely out of realm of normal people, but it's still the point.
-
@stacksofplates said in Local Encryption ... Why Not?:
This is a gripe I've had with Bitlocker. Ya it's encrypted so someone can't just take a drive, but if they take the whole system it's unencrypted with the push of a button.
How? I'm not familiar with Bitlocker although it is installed on my laptop.
-
Just been re-reading some of this,
I need to "reinstall" my computer, might do it this afternoon. (need to install another SSD coz i can )
Might give Scott's idea of nothing stored on the local machine a go have everything On-Line, maybe not even use Outlook . Most of the files i need/use are either in SharePoint or my OneDrive (or should be going forward)
-
@stacksofplates said in Local Encryption ... Why Not?:
@stacksofplates said in Local Encryption ... Why Not?:
@scottalanmiller said in Local Encryption ... Why Not?:
@brrabill said in Local Encryption ... Why Not?:
Still think FDE is a good way to go to protect against the non "deep state" hackers.
FDE does nothing against hacking, though, but is effective against people who walk off with your desktops. But hackers would never even know FDE was there, it's bypassed once the machine is powered on.
Unless you use LUKS with passwords or something like a Yubikey.
This is a gripe I've had with Bitlocker. Ya it's encrypted so someone can't just take a drive, but if they take the whole system it's unencrypted with the push of a button.
It depends on if you are using a passphrase on the disk or if your computer has a TPM module. If it's TPM, then you're right. If you have a passphrase, then you're in a little better shape.
-
Simple answer to the concern about the system being unencrypted is to not use something based on hardware then. Use VeraCrypt if you need "more".
-
@dafyre said in Local Encryption ... Why Not?:
@stacksofplates said in Local Encryption ... Why Not?:
@stacksofplates said in Local Encryption ... Why Not?:
@scottalanmiller said in Local Encryption ... Why Not?:
@brrabill said in Local Encryption ... Why Not?:
Still think FDE is a good way to go to protect against the non "deep state" hackers.
FDE does nothing against hacking, though, but is effective against people who walk off with your desktops. But hackers would never even know FDE was there, it's bypassed once the machine is powered on.
Unless you use LUKS with passwords or something like a Yubikey.
This is a gripe I've had with Bitlocker. Ya it's encrypted so someone can't just take a drive, but if they take the whole system it's unencrypted with the push of a button.
It depends on if you are using a passphrase on the disk or if your computer has a TPM module. If it's TPM, then you're right. If you have a passphrase, then you're in a little better shape.
Right. I'm referring to TPM.
-
@carnival-boy said in Local Encryption ... Why Not?:
@stacksofplates said in Local Encryption ... Why Not?:
This is a gripe I've had with Bitlocker. Ya it's encrypted so someone can't just take a drive, but if they take the whole system it's unencrypted with the push of a button.
How? I'm not familiar with Bitlocker although it is installed on my laptop.
If it's using TPM to unlock, all you have to do is turn it on.
-
@hobbit666 said in Local Encryption ... Why Not?:
Just been re-reading some of this,
I need to "reinstall" my computer, might do it this afternoon. (need to install another SSD coz i can )
Might give Scott's idea of nothing stored on the local machine a go have everything On-Line, maybe not even use Outlook . Most of the files i need/use are either in SharePoint or my OneDrive (or should be going forward)
All of my dotfiles are in version control. Every time I open a new terminal it checks for changes. So really the only thing that's local for me is the applications that are installed (and keys).
-
@stacksofplates said in Local Encryption ... Why Not?:
If it's using TPM to unlock, all you have to do is turn it on.
Sure, but Bitlocker with TPM allows you to setup a pre-boot pin, so all good.