Advertisements

General Musing

blaze your trail

Posts Tagged ‘law

6 Months of Security Links #2011

leave a comment »

I’m a regular curator of daily links, and like to give overviews of my collection of curated links and posts. This is partly as there are some good sources and articles in here and as I am working on a research project which I started based on a number of books I read.

I’m sure you’ll find something interesting in the items below – there are some gems in the list – and I dare to hazard the guess you might learn something you wanted to know. 🙂

Read the rest of this entry »

Advertisements

Written by Daniël W. Crompton (webhat)

July 15, 2011 at 4:10 pm

Posted in tagging

Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Proof of Concept: Data Erasing for your own Protection #police #law #government

with 6 comments

Museum Boerhaave – 1930 Wiess electromagnet

I’ll describe the problem I think that you have: You have data stored on computers which you don’t want the police or the governments to have, something that cryptography can not protect, as XKCD so eloquently puts in the cartoon below. You are not the only one: internet companies; financial institutions; churches; organizations working for freedom; lawyers; criminals and innocent individuals all need to protect themselves.

It’s possible to use something like Darik’s Boot and Nuke (DBAN) which is a self-contained boot disk that securely wipes the hard disks of most computers, however this takes time sometimes a number of hours and requires human interaction. Time that may not be available if the long arm of the law comes down on you like a ton of bricks. And it can even be the case that the power is shut off before the computer is secured, the police do this to keep the data on the computer secured for the investigation. So I thought about what would be needed to magnetically erase the hard disk.

Firstly I read that a hard disk should be degaussed, which is what decreasing or eliminating an unwanted magnetic field is called, with a electromagnet and not with a rare-earth magnet.

Secondly I read that degaussing can cause permanent irreversible damage to hard drives which means they are not reusable. Unlike tapes the mechanism to read the magnetic track is part of the device and is also magnetic. So don’t expect to be able to use the disk after you have tested the electromagnet.[1]

Security

Thirdly the magnetic induction (also referred to as magnetic flux density or saturation flux density) needed to correctly erase some hard disk can be from 6000 – 7000 gauss (0.6 – 0.7 tesla), an NSA approved degausser puts out 22000 gauss (2.2 telsa). From some sources[2] I learned that mostly the core of electromagnets is made from a magnetic material – power ferrite – which has a magnetic flux density of under 4000 gauss, this wouldn’t be enough. A different material would be needed for the core of the electromagnet. I discovered that MPP (molypermalloy powder) material has a magnetic flux density of 7000 gauss, which is what is needed for this PoC. Iron powder and high-flux can yield 10000 and 15000 gauss respectively.

Fourth you need thick copper wire wound round the core, this is called a solenoid. This creates the B-field which is the magnetic field which will erase the hard disk, using a gauss or EMF meter it is possible to measure the magnetic flux density in gauss or telsa produced by your electromagnet and experiment with getting the level to 6000-7000 gauss.

Fifthly you need an Uninterruptible Power Supply (UPS), this will ensure that when the power is switched off that the electromagnet is powered up to erase the hard disk.

Lastly you need to install your electromagnet round your hard disk, hook up the UPS and fill the computer with epoxy so it cannot be taken apart by the police. Let’s just hope you don’t have a brownout. 😉

Sadly this method will not work for solid state disks, although you can possibly attach squibs using a similar setup. That may be something for a future article.

  1. Degaussing : Irreversible damage to some media types
  2. I am creating an electromagnet for my school’s science fair project. Does the shape of the iron core make a difference? […]

Image source: Michiel2005

Written by Daniël W. Crompton (webhat)

January 19, 2011 at 12:43 pm

Words I Wondered About In Law Shows #television

leave a comment »

IANAL – I Am Not A Lawyer – but I like TV law drama, almost as much I like hospital series, as you might know if you read “Words I Wondered About In Medical Shows“, I have to admit I just like TV. (Which is why I currently work for a TV company.) I’ve always wondered what the meaning was of some basic law terms. I wanted to make a list and post it here, but as the law is slightly more complex than medicine the explanation will be slightly longer.

literally means “you have the body“. The translation doesn’t really help, “[h]abeas corpus is a protection against illegal confinement […]” A writ (court order) which is obtained from “[a] judge [who] sets a hearing on whether there is a legal basis for holding the prisoner.” Before I read this I assumes it meant “where is the body.” On TV you often hear the term spoken by the defence when a murder suspect is arrested with out a victim. The corpus in this case is the suspect who is in the care of law enforcement.

is an easy one, it “[…] shows intent to commit that crime.” It leads to the next

, “[…] a general evil and depraved state of mind in which the person is unconcerned for the lives of others.” That sound more like the description of a narcissist that a psych nurse once gave me, although he described somebody who was in a asylum for the criminally insane.

means at “‘at first look’ […] referring to a lawsuit or criminal prosecution in which the evidence before trial is sufficient to prove the case.” Which means a case would be a case that’s could be considered “open and shut.”

I’d never heard of, but according to the dictionary they are “remarks of a judge which are not necessary to reaching a decision, but are made as comments, illustrations or thoughts.” Do you know what it means, if so I’d appreciate an example.

, I didn’t know there was one. Seemingly you can eat to much sugar and go on a murderous rampage.

, a defence used successfully by Johnnie Cochran. “Ladies and gentlemen, this is Chewbacca. Chewbacca is a Wookiee from the planet Kashyyyk. But Chewbacca lives on the planet Endor. Now think about it; that does not make sense!

This post originally appeared here.

Technorati technorati tags: , , , , , ,

Written by Daniël W. Crompton (webhat)

May 26, 2010 at 10:07 am

Tightening your Security Budget #security

leave a comment »

I was reading 6 Tips For Doing More Security With Less and was happily surprised by the following points:

1. Get out of the deployment business.
3. Get more out of your existing security tools and systems

1. Get out of the deployment business.
IT security should definitely be involved in selecting data protection tools, but shouldn’t be dealing with provisioning tools that require heavy customization, Forrester’s Jaquith says. That can drain already-limited resources.

Many companies want provisioning tools with which they can specifically add users and specific edit fields, they want a helpdesk to perform this task so they can have cheap labour without compromising security. This is a short term thinking by Forrester, in my opinion.

3. Get more out of your existing security tools and systems
[…]
Consider reorienting the more labor-intensive tools, such as those for data leakage prevention (DLP), he says. Forrester recommends using DLP products mainly for monitoring activity rather than for blocking the leakage of data. And enlist the help of your business units to get the big picture on where data is flowing in the organization. “If you are looking at DLP to stop a data leak, you’re probably a little too late. You need to understand how users are using the information they have, what they are downloading, [etc.],” he says.

Absolutely, if you are using DLP to prevent data leakage you are doing it wrong. Implementing controls to monitor data leakage and informing your employees is far more effective and less intensive on the budget. The recently passed Nokia Law to allow email snooping may look evil on the surface, but this is also part of DLP. Personally I am against the tactics used by Nokia, but they have a valid reason to monitor their network traffic for data leakage, corporate espionage.

Technorati Technorati Tags: , , , , , , ,

Written by Daniël W. Crompton (webhat)

March 5, 2009 at 7:33 pm

%d bloggers like this: