[liberationtech] Travel with notebook habit
Steve Weis
steveweis at gmail.com
Thu Dec 27 17:12:23 PST 2012
I recommend using full disk encryption and fully powering down at minimum.
You should set a BIOS password, disable booting from network or removable
media, and enable IOMMU.
I would also use a verifiable boot sequence, but that's not easy to
generalize.
Keep in mind there are still many attack vectors if someone gets physical
access to your machine. Someone can always force you to log in as well.
It is safer to have nothing incriminating in your possession at all. If
connectivity allowed, I'd run a remote VM and use the laptop as a dumb,
stateless terminal.
(Disclaimer: I'm working on a commercial solution to the physical attack
problem.)
On Dec 27, 2012 1:59 PM, "Jerzy Łogiewa" <jerzyma at interia.eu> wrote:
> I am just reading this,
> http://www.schneier.com/blog/archives/2012/12/breaking_hard-d.html
>
> Can we start some discussion about good notebook travel habit? I have read
> Jacob Appelbaum say he does not travel with _ANY_ drive in notebook, and
> this seem to be extreme.
>
> Without removing drive, what is the best habit for FDE for prevent attacks
> as Schneier describe? Full power-down? No hibernate file? Any other things?
>
> --
> Jerzy Łogiewa -- jerzyma at interia.eu
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121227/194b5128/attachment.html>
More information about the liberationtech
mailing list