[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Disk wiping -- An alternate approach?

This topic has pretty much run its course.  You shared what you thought was an 
interesting idea, and most of the responses have been along the lines of 
"interesting, but it does nothing to support your goal."  You are free to hold 
onto your ideas, but there is no reason to continue to try to make others agree 
with you.  I run into this all the time - one should just speak one's mind and 
move on.  You've spoken your mind, now move on ;)

Your pretense of "without much analysis to where it came from" is incorrect.  
People are not (typically) arrested and jailed for garbage on their drives; if 
they are, there is probably some ulterior motive on the part of LE.  If you 
look at the cases where people are serving time, particularly in child 
pornography cases, the prosecution has a volume of evidence against the 
accused, and it is typically accompanied by other physical evidence (photos, 
toys, magazines, etc).  Having crap on your drive does not give you plausible 
deniability.  Period.  Wipe zeros and be done.  

T. Biehn's recommendation to TC's hidden drive feature is spot on. It is a very 
functional feature, and I use it all the time, particularly when travelling to 
other countries.  In some countries (like the UK) if you DON'T give up your 
keys, you will be arrested on that basis alone.  With a hidden volume within an 
encrypted volume, you can give up your phrase to the one volume and it is 
impossible to know of the existence of the other.   Trying to position TC as 
being weak in some way via your "very hard to brute force with off the shelf 
tools" is silly - as if it's NOT very hard with "super secret gov brute force 
tools."  A properly created TC drive would take a billion years (with today's 
tech) to brute force (or whatever the actual time is). 

The fact that you've been on FD talking about how you want to attempt to create 
an environment of plausible deniability has done far worse to weaken your 
position than anything else you could have done.  When you cry "it wasn't me, 
it was the one armed man!" while on the stand, the prosecutor will simply hand 
over all these publically available emails where you've gone on about how you 
are explicitly trying to cover illegal activity with Wiki-blithe and the next 
thing you know you'll be singing "doot doot doot, lookin' out my back door" in 
prison.  

t

> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-
> disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Bipin Gautam
> Sent: Wednesday, January 27, 2010 8:19 AM
> To: T Biehn
> Cc: McGhee, Eddie; full-disclosure
> Subject: Re: [Full-disclosure] Disk wiping -- An alternate approach?
> 
> Really? How much do you know of computer forensics? Care to Double
> clicked a few forensic tools first............
> 
> I bring up this issue here because as you can see the laws are
> different in different country and at places just "possession" of a
> questionable content is a crime, without much analysis from where did
> it come from. Such a logic doesnt hold much water from a technical
> prospective, that is what i was trying to discuss. (but you were so
> much concerned about my english lol )
> 
> We were talking on a NEW topic, But if truecrypt is all you know, then
> download truecrypt and add a "custom cascade of ciphers" to your
> truecrypt source code... so that your truecrypt hidden volume will be
> very hard to bruteforced with off the self tools (which is what most
> forensic examiners do, they are tool dependent).....
> 
> (i  wish to make fun of you, but maybe another email! ;)
> 
> 
> -bipin
> 
> 
> On 1/27/10, T Biehn <tbiehn@xxxxxxxxx> wrote:
> > You made the argument against youself; apparently you didn't
> comprehend the
> > points made in 90% of the on-topic responces to this thread.
> >
> > On Jan 27, 2010 9:34 AM, "Bipin Gautam" <bipin.gautam@xxxxxxxxx>
> wrote:
> >
> > McGhee & T Biehn !
> >
> > Thankyou for putting up your "best" argument.... sadly that is the
> > BEST technical thing you happen to pick............. in this topic to
> > comment about........
> >
> > -bipin
> >
> > On 1/27/10, McGhee, Eddie <Eddie.McGhee@xxxxxxx> wrote: > and also
> lol @
> > maybe USELESS, try making ...
> >
> >> <bipin.gautam@xxxxxxxxx<mailto:bipin.gautam@xxxxxxxxx>> wrote: > >
> Enough
> > noise, Lets wrap up: > >...
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/