K.S. Bhaskar on 20 May 2009 12:49:08 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] kon-boot: there goes the neighborhood

On Wed, May 20, 2009 at 3:32 PM, Greg Helledy <gregsonh@gra-inc.com> wrote:

[KSB] <...snip...>

>> If you don't have physical security, you don't have security.
>> Paul
> I don't see why this is such a big deal from the security perspective.
> I can already use any Live CD to copy anything I like from (or anything
> I like onto) a system I have access to.  I suppose the difference would
> be that this gets around the protection of encrypted partitions.

[KSB] That's why if you lose a laptop, and then find it later, you
shouldn't boot the on-disk OS, even if you have encrypted partitions.
Boot with a known-good live CD, recover the data from the encrypted
partitions, and then install a new OS.

I suppose if I were really paranoid, I'd put the drive on another
laptop and recover it there, in case the recovered laptop has a BIOS
virus or a manipulated disk controller.  If I were really, really,
paranoid, even with the drive on another laptop, I suppose I could be
concerned that they might have used dd to replicate the contents to
another drive with doctored drive electronics.  But then, I don't work
for the No Such Agency.

-- Bhaskar ("they're out to make me look paranoid")
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug