My OperaDay of the Distros - Compile From Source's Turn
Saturday, December 13, 2008 9:46:38 AM
Tech News -
1) Well, after a rousing spat with Arch in the Virtual Machines to get the encrypted lvm containing my /home and swap partitons, I've decided that having JUST these two partitions encrypted is a PITA, I can't find anyone who has successfully set it up. Not a single post ANYWHERE. Everything I've read makes it seem virtually impossible, and from my experience it is.
2) The thing about #1, is that I don't feel I NEED to have the whole system encrypted, just having my /home and swap should be secure enough, since that is where all the information about myself is stored. Encrypting the full system affects system performance when running games and other apps in general.
3) Well, as much as I'm honestly terrified of it, I'm ready to install Lunar Linux. I hope my experience in Arch and previous experience with Gentoo will assist me with it.
4) Speaking of Gentoo, a reader recently messaged me asking why I'm not including it in the day of the distros. Well, I'd like to say it's mainly because Gentoo has a lot of fame and popularity, a lot of users are out there using it, and it's all over the media and forums as it is. I started out wanting to do the Day of the Distros to try out some less common ones, and to test one in Beta.
5) I have actually decided to continue extending the Day of the Distros, so I can test out a few more, Gentoo will be included, a final list will be posted as well as the results, so look there for a more in depth comparisson of distros.
6) I've recently been consulting with another computer geek friend of mine, and he seems interested in learning linux from a network security aspect. I feel as though I may start writing some guides on this subject very shortly.
7) I haven't actually posted a new guide in a few days, I'll probably write a short guide about Arch, possibly for Lunar as well. For the time being, I need to save my Arch install disk, and test out Lunar Linux on my box, so look back for a post on that within the next day or so.
8) In my searches for how to get the LVM encrypted I stumbled upon this site:
http://citp.princeton.edu/memory/
which is really informative about breaking drive encryption. I was really surprised by the results, and I myself may end up testing that out as well. For laptop users, this word of warning, even having drive encryption won't save you with what these guys have found (Thank goodness for dell hard drive passwords).
9) Speaking of Dell Hard Drive passwords, (no not a BIOS password, not a password for drive encryption, and not a Login password, a true Disk Password) it seems as though they are impossible to remove, and on some laptops, even removing the disk, and replacing it with one not protected, will ADD the password to the disk. Pretty scary stuff. I'm wondering though, if Dell, or someone somewhere has a reset tool. I'm sure one has to exist. Dell can't jus let the forgetful go without a hard drive. If it's out there, I'm wondering also if it's on the net. I mean, everything ends up in cyberspace, even tools to program your cell phone, to clone it, everything. All those tools are manufacturer tools, or are the tools of retailers, so if something like that existed for Dell's Hard Drive passwords, could even having those passwords set be virtually useless?
10) Answering the question in #9, I don't feel any password is useless. I mean, that's why I have my drive password, plus disk encryption, plus the login password. That's three layers of security. If someone manages to steal my laptop, and get past all three of those, then they deserve to have any information they want off of here (which wouldn't be much considering how often I wipe the drives ;p).
11) Speaking of wiping the drives, I'd like to touch on the subject of securely erasing files. Please, under no circumstances EVER use a piece of software called "Evidence Eraser" or "Windows Washer" both of these have been known to actually log every event the perform, keeping tabs of what you're erasing. In the case of Evidence Eraser, I've read that they don't even delete the files for you, it just makes it appear that way. Linux users, using a journaled filesystem virtually defeats having a file "securely" wiped, the best thing I can advise us to do, is backup our files that we need, boot a livecd, and use /dev/urandom 7 times to securely wipe the disk. 7 is a standard, I know people who use 25-100 I feel safe at 45. You can write a simple bash script, or find one online to do this for you even.
12) Now to touch a little more on secure file deltion, sorry this is getting so out of hand and turning into a ramble, but I keep thinking of new topics as I go, and I don't want to post a thousand Blogs about different topics, especially such short ones, but I will post more in depth Blogs about each one of these, I promise. Back to the subject, this link:
http://isandtcolloq.gsfc.nasa.gov/fall2008/presentations/pederson.pdf : pdf file
outlines details of how information was recovered from a hard drive on board the space shuttle after it crashed.
Another good link about security of information and wiping drives:
http://ultraparanoid.wordpress.com/2007/09/12/securely-erase-hard-drives/
Yet another good Link:
http://www.fsckin.com/2008/01/09/using-shred-to-wipe-hard-drives-dod-uses-it-you-should-too/
In this one, if you search for "off-track" you'll see why more is always better for secure data removal.
13) I think I'm going to write a good, general security guide for data on laptops, but that's to come in the future. It will probably include, like the last link in #12, a guide for how to encrypt your drive using pgp.
As always guys and ladies
Happy Hacking
~ PiklesOnFire
1) Well, after a rousing spat with Arch in the Virtual Machines to get the encrypted lvm containing my /home and swap partitons, I've decided that having JUST these two partitions encrypted is a PITA, I can't find anyone who has successfully set it up. Not a single post ANYWHERE. Everything I've read makes it seem virtually impossible, and from my experience it is.
2) The thing about #1, is that I don't feel I NEED to have the whole system encrypted, just having my /home and swap should be secure enough, since that is where all the information about myself is stored. Encrypting the full system affects system performance when running games and other apps in general.
3) Well, as much as I'm honestly terrified of it, I'm ready to install Lunar Linux. I hope my experience in Arch and previous experience with Gentoo will assist me with it.
4) Speaking of Gentoo, a reader recently messaged me asking why I'm not including it in the day of the distros. Well, I'd like to say it's mainly because Gentoo has a lot of fame and popularity, a lot of users are out there using it, and it's all over the media and forums as it is. I started out wanting to do the Day of the Distros to try out some less common ones, and to test one in Beta.
5) I have actually decided to continue extending the Day of the Distros, so I can test out a few more, Gentoo will be included, a final list will be posted as well as the results, so look there for a more in depth comparisson of distros.
6) I've recently been consulting with another computer geek friend of mine, and he seems interested in learning linux from a network security aspect. I feel as though I may start writing some guides on this subject very shortly.
7) I haven't actually posted a new guide in a few days, I'll probably write a short guide about Arch, possibly for Lunar as well. For the time being, I need to save my Arch install disk, and test out Lunar Linux on my box, so look back for a post on that within the next day or so.
8) In my searches for how to get the LVM encrypted I stumbled upon this site:
http://citp.princeton.edu/memory/
which is really informative about breaking drive encryption. I was really surprised by the results, and I myself may end up testing that out as well. For laptop users, this word of warning, even having drive encryption won't save you with what these guys have found (Thank goodness for dell hard drive passwords).
9) Speaking of Dell Hard Drive passwords, (no not a BIOS password, not a password for drive encryption, and not a Login password, a true Disk Password) it seems as though they are impossible to remove, and on some laptops, even removing the disk, and replacing it with one not protected, will ADD the password to the disk. Pretty scary stuff. I'm wondering though, if Dell, or someone somewhere has a reset tool. I'm sure one has to exist. Dell can't jus let the forgetful go without a hard drive. If it's out there, I'm wondering also if it's on the net. I mean, everything ends up in cyberspace, even tools to program your cell phone, to clone it, everything. All those tools are manufacturer tools, or are the tools of retailers, so if something like that existed for Dell's Hard Drive passwords, could even having those passwords set be virtually useless?
10) Answering the question in #9, I don't feel any password is useless. I mean, that's why I have my drive password, plus disk encryption, plus the login password. That's three layers of security. If someone manages to steal my laptop, and get past all three of those, then they deserve to have any information they want off of here (which wouldn't be much considering how often I wipe the drives ;p).
11) Speaking of wiping the drives, I'd like to touch on the subject of securely erasing files. Please, under no circumstances EVER use a piece of software called "Evidence Eraser" or "Windows Washer" both of these have been known to actually log every event the perform, keeping tabs of what you're erasing. In the case of Evidence Eraser, I've read that they don't even delete the files for you, it just makes it appear that way. Linux users, using a journaled filesystem virtually defeats having a file "securely" wiped, the best thing I can advise us to do, is backup our files that we need, boot a livecd, and use /dev/urandom 7 times to securely wipe the disk. 7 is a standard, I know people who use 25-100 I feel safe at 45. You can write a simple bash script, or find one online to do this for you even.
12) Now to touch a little more on secure file deltion, sorry this is getting so out of hand and turning into a ramble, but I keep thinking of new topics as I go, and I don't want to post a thousand Blogs about different topics, especially such short ones, but I will post more in depth Blogs about each one of these, I promise. Back to the subject, this link:
http://isandtcolloq.gsfc.nasa.gov/fall2008/presentations/pederson.pdf : pdf file
outlines details of how information was recovered from a hard drive on board the space shuttle after it crashed.
Another good link about security of information and wiping drives:
http://ultraparanoid.wordpress.com/2007/09/12/securely-erase-hard-drives/
Yet another good Link:
http://www.fsckin.com/2008/01/09/using-shred-to-wipe-hard-drives-dod-uses-it-you-should-too/
In this one, if you search for "off-track" you'll see why more is always better for secure data removal.
13) I think I'm going to write a good, general security guide for data on laptops, but that's to come in the future. It will probably include, like the last link in #12, a guide for how to encrypt your drive using pgp.
As always guys and ladies
Happy Hacking
~ PiklesOnFire
