Remote Destruction of Data

Discussion in 'Macintosh' started by kcnychief, Feb 24, 2006.

  1. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    I never have and probably never will use a MAC, but you HAVE to admire the coolness to this article :)

    http://www.macgeekery.com/gspot/2006-02/remote_destruction_of_data
     
  2. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    You don't really need a Mac to do this, Derek. :)

    All it's doing is checking a webserver for the presence of a file, and if the file exists, it erases all the private data on the machine, and once that's done, pops up a warning message informing the user that the laptop is stolen. You can just as easily create a batch file in Windows or a shell script in Linux to do the same thing and run it as a scheduled/cron task.

    Besides, there's a big caveat - the machine has to be connected to the internet for this to do anything. If it never gets connected, it'll never check for the presence of the file, and the person who has your laptop will have access to all the "sensitive" information that the script was supposed to delete.
     
  3. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    There is a radical alternative. You can password protect the computer and files with a strong password.

    If someone goes to the trouble of reinstalling windows to create a new account the original encryption key will be destroyed and the files are "forever" inaccessible, even if the original owner gets it back. Not quite doing a DOD 10 pass secure erase but close enough. Unless you are NSA and have the supercomputers handy to brute force the original encryption key.

    Note, a remote erase has to run 10 times to make the data truly inaccessible. So remote erase is not entirely secure either.

    PS Here's paranoia for you. Since enough compute cycles can break any encryption key how about this. Someone hacks into Folding at Home or Seti and uses them to distribute a brute forcer. You would never know that those millions of computers were being used in parallel to illegally break passwords during their idle time.
     
    Last edited: Feb 24, 2006
  4. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Still a neat trick though ;)
     
  5. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    If I was that concerned about anyone getting data off my PC I'd write an application and register it to start at power up. The app would run a Norton Secure erase if it wasn't reset within 10 minutes of boot.

    Set it up so it reads the auto start up list, renames it's executable to something on the list and modifies itself to launch the application it is hiding under or just have it make up random file names for itself to hide from data theives until it can activate.

    i.e. Infect your own computer with a data erasing virus you control. You could use that rootkit Sony distributed to everyone for free to develop the virus.
     
  6. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Best way to do it is just to have a bomb in the case, with a detonator that will work within 10,000 miles :cool:
     
  7. mfarley

    mfarley OSNN Senior Addict Folding Team

    Messages:
    268
    Location:
    San Francisco Bay Area
    Never say never, you might get a mini for your birthday or holiday just become a mac addict! :)

    I run a Windows XP site and half the time I post to it or check up on it I do so on my iBook. Irony. :)
     
  8. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    That's not irony, that's blaspehmy :p

    I have to go to MAC training in a few weeks. I am going to be doing a lot of work for the .COM section, and all of Disney/ESPN websites are designed on the MAC platform. :(
     
  9. mfarley

    mfarley OSNN Senior Addict Folding Team

    Messages:
    268
    Location:
    San Francisco Bay Area
    Far from blasphemy. ;)

    High end production video/graphics done professionally are more often done (yes I'm going to get a lot of flack for this but it's true) on a G5. Sorry, the way of the world. I'd love a G5 with a 30" cinema display to do
    video editing on. It's painful running Final Cut express on my iBook but it's still better than anything I can find on the PC.

    But at the end of the day, I'm a PC guy.
     
  10. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    It's Mac not MAC.

    BTW, there is in Mac OS X the feature encrypt a users home dir, what that means is that the entire home directory where all files are stored is encrypted using high end NSA approved encryption.

    It will not allow access to any and all files unless the user logs on, and there are over a set amount of bad logins it will erase the users data.

    The protection is called FileVault. And unless someone knows your password or the master password, there is no way to unlock the data at all. It is supposedly secure enough that it can be used to carry around Level 3 data, anything above that it is still not good enough.

    I would use it, but the fact remains that it requires a lot of CPU time decrypting things on the fly, as well as re-encrypting them.
     
  11. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
  12. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    You know, at work we are evaulating a program called Lost Data Destruction from Beachhead Solutions. It sets up EFS on an XP laptop (or desktop) and the software has the basic "check-in" function where it checks in to validate that it is still valid. You can mark the laptop as "stolen" so when it checks in, it will automatically start deleting not just the EFS encrypted data but all of the data on the drive.

    It goes even further that if the client hasn't checked in to the server after a configurable amoutn of time (say, if the client hasn't connected to the internet) the client will just automatically start deleting data.

    It's not perfect because it's an XP kernel shim from what I gather (ie: booting off a Knoppix CD will not trigger the client timer) but it is better than most other solutions out there..
     
  13. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    Yes I have, however to me giving a user a local account is not something I would suggest doing unless one trusts them in the first place. I do hope however that Apple get's on the balls and starts updating all of it's binaries that get used on the command line, as several of them are outdated and could potentially be used. Porting them from FreeBSD, NetBSD or OpenBSD should be relatively simple.