[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)
Steve Weis
steveweis at gmail.com
Mon Oct 6 18:04:24 PDT 2014
To start with, the fake sparesebundle metadata and band modification
times (i.e. the metadata's metadata) are distinguishable from a real
sparsebundle's. Espionage's attempt to manipulate the metadata
actually seems to be giving away which ones are fake.
Take a look at each sparesbundle's "bands" directory modification time
as well as the distribution of individual bands' modification times:
.../com.taoeffect.Espionage3/Data $ ls -R -l
In my case, I was immediately able to spot the real
{UUID}.sparsebundle directory among many fake ones.
On Mon, Oct 6, 2014 at 1:52 PM, Greg <greg at kinostudios.com> wrote:
> Dear Steve,
>
> Espionage manipulates the filesystem metadata for sparsebundles, so it's
> unclear to me whether you actually were able to distinguish them or not, but
> if you were, please send an email to contact at taoeffect.com with your results
> and we'll fix it!
More information about the liberationtech
mailing list