Nobody can secure a computer



?

10_24_abdullah_imam-1.jpg
 
Regardless of the rest of it....everyone should install TrueCrypt on their system(s). It creates a very secure encrypted volume on a hard drive which is then mounted like a network drive.

I store all my financial and sensitive stuff in there. When I power down or reboot the drive mounting is disconnected and will not auto-reconnect - you have to enter the password to mount it.

And the password is 21+ characters.
 
Get a flash drive to hold your "sensitive" data - unplug it when you're not using. If you're really scarrred unplug the computer from the network when not it use.

For all financial stuff I run a temporary session of Ubuntu, do my shit, then shut it down.
 
You could easily mimimize risks by like others have said, using encrypted volumes in addition to running virtual machines and probably multiple partitions with different OS installs. A pain in the ass but all for the better.
 
anyone with physical access can get your data no matter what precautions you take if they really want it. Did you know you can take the RAM out of a computer after abruptly killing it's power, if you flash freeze it somehow, you can recover the password used to log into the account, etc etc etc
 
The stuff the article is talking about is real, but it's not even that new, and it's very limited in scope.

Data leakage via the cache: yes, it's true that another app on the same machine can carry out a timing attack to painstakingly gather data, bit-by-bit, from the cache. It takes a huge number of CPU cycles but on a modern CPU that's still very little time. But it has to be running on your machine to do this. So net result: if you have malware on your PC, it can steal your data even if you encrypt it.

This said, the attack is cryptographically challenging, and nobody encrypts stuff, so a malware author actually carrying this attack is like a burglar breaking into your house by digging a tunnel into your basement -- sure, it can be done, but it's easier to just break a window. Saying that cache timing attacks make "all your security worthless" is like saying that bulletproof vests are worthless because they won't protect you from a nuclear missile.

There's a simple rule: if someone else can run arbitrary code on your computer, it's not your computer. Don't run shit you shouldn't, and if you're going to run something shady, do it in a VM. (Yes, VM jailbreak attacks exist, but they're also challenging and malware doesn't bother because malware's primary target -- i.e. idiots who install Anna Kournikova screensavers they got in spam email -- doesn't use VMs.)

Crypto systems like TrueCrypt, BitLocker, etc. are valuable for protecting your data from physical theft. They keep people out of your data even if they steal your laptop or hard drive. They will not, however, protect you from malware installed on your PC.
 
  • Like
Reactions: conv3rsion
zorba said:
The stuff the article is talking about is real, but it's not even that new, and it's very limited in scope.

Data leakage via the cache: yes, it's true that another app on the same machine can carry out a timing attack to painstakingly gather data, bit-by-bit, from the cache. It takes a huge number of CPU cycles but on a modern CPU that's still very little time. But it has to be running on your machine to do this. So net result: if you have malware on your PC, it can steal your data even if you encrypt it.

This said, the attack is cryptographically challenging, and nobody encrypts stuff, so a malware author actually carrying this attack is like a burglar breaking into your house by digging a tunnel into your basement -- sure, it can be done, but it's easier to just break a window. Saying that cache timing attacks make "all your security worthless" is like saying that bulletproof vests are worthless because they won't protect you from a nuclear missile.

There's a simple rule: if someone else can run arbitrary code on your computer, it's not your computer. Don't run shit you shouldn't, and if you're going to run something shady, do it in a VM. (Yes, VM jailbreak attacks exist, but they're also challenging and malware doesn't bother because malware's primary target -- i.e. idiots who install Anna Kournikova screensavers they got in spam email -- doesn't use VMs.)

Crypto systems like TrueCrypt, BitLocker, etc. are valuable for protecting your data from physical theft. They keep people out of your data even if they steal your laptop or hard drive. They will not, however, protect you from malware installed on your PC.
Click to expand...

+rep solid
 
Is that really possible? Newbie here. I mean, how does it happen and what does he mean when he said our PC's are not secured no matter what we do? Did he mean virus and all that stuff? Thanks guys for sharing your views.

_______________
vent server info
yahoo web host
 
Great advice. How do you minimize the risk of someone running codes on your comp? I run McAffee scans and don't download and install shit...can you suggest other best practices?

zorba said:
The stuff the article is talking about is real, but it's not even that new, and it's very limited in scope.

Data leakage via the cache: yes, it's true that another app on the same machine can carry out a timing attack to painstakingly gather data, bit-by-bit, from the cache. It takes a huge number of CPU cycles but on a modern CPU that's still very little time. But it has to be running on your machine to do this. So net result: if you have malware on your PC, it can steal your data even if you encrypt it.

This said, the attack is cryptographically challenging, and nobody encrypts stuff, so a malware author actually carrying this attack is like a burglar breaking into your house by digging a tunnel into your basement -- sure, it can be done, but it's easier to just break a window. Saying that cache timing attacks make "all your security worthless" is like saying that bulletproof vests are worthless because they won't protect you from a nuclear missile.

There's a simple rule: if someone else can run arbitrary code on your computer, it's not your computer. Don't run shit you shouldn't, and if you're going to run something shady, do it in a VM. (Yes, VM jailbreak attacks exist, but they're also challenging and malware doesn't bother because malware's primary target -- i.e. idiots who install Anna Kournikova screensavers they got in spam email -- doesn't use VMs.)

Crypto systems like TrueCrypt, BitLocker, etc. are valuable for protecting your data from physical theft. They keep people out of your data even if they steal your laptop or hard drive. They will not, however, protect you from malware installed on your PC.
Click to expand...
 
Is that really possible? Newbie here. I mean, how does it happen and what does he mean when he said our PC's are not secured no matter what we do? Did he mean virus and all that stuff? Thanks guys for sharing your views.
Click to expand...
It's true that your PC is not secure against a concentrated attack. For any operating system, a skilled hacker will have a variety of unpatched, unreleased exploits to use against you, and a bunch of nicely stealthed payloads as well that antiviruses can't pick up. However, 99.9% of you guys out there don't have to worry about these attacks. Instead, you are more likely to get fucked by "casual malware", that is, malware that target the casual, stupid user who doesn't even know what malware is. Keep an up to date antivirus on your machine, and run shady shit in a VM/sandbox, and you will be fine.
 
You must log in or register to reply here.
Top Bottom
Back