CKA Forums
Login 
canadian forums
bottom
 
 
Canadian Forums

Author Topic Options
Offline
CKA Uber
CKA Uber
 Vancouver Canucks
User avatar
Profile
Posts: 29360
PostPosted: Thu May 14, 2020 9:30 am
 


Title: Limits on FBI access to search histories fails by one Senate vote
Category: Uncle Sam
Posted By: DrCaleb
Date: 2020-05-14 09:28:57


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 37270
PostPosted: Thu May 14, 2020 9:30 am
 


And the US just got a little less free.


Offline
CKA Uber
CKA Uber
 Montreal Canadiens
User avatar
Profile
Posts: 30804
PostPosted: Thu May 14, 2020 9:49 am
 


DrCaleb wrote:
And the US just got a little less free.

Give them more guns and they won't even realize it. :wink:


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 65472
PostPosted: Thu May 14, 2020 10:04 am
 


DrCaleb wrote:
And the US just got a little less free.


It did. And some of us are using non-US encryption these days. So fuck the FBI.


Offline
CKA Uber
CKA Uber
 Vancouver Canucks
User avatar
Profile
Posts: 24471
PostPosted: Thu May 14, 2020 10:30 am
 


BartSimpson wrote:
DrCaleb wrote:
And the US just got a little less free.


It did. And some of us are using non-US encryption these days. So fuck the FBI.

Sadly wouldn't help. Your browser history is stored on your system if you use encryption, incognito mode, or delete search history. It's recoverable, I learned how to do it in forensic training.

Only way to stop it from being discovered is to forensically wipe a drive. Part of why when anyone on my team goes to the U.S. (especially to hacking conferences) they use a forensically wiped machine with a bone stock image of whatever OS, set up what they need in the U.S., and then wipe and re-image before coming back over the border.

Now looks like we might to run with flash drives that will wipe drives on boot.


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 37270
PostPosted: Thu May 14, 2020 10:36 am
 


Tricks wrote:
BartSimpson wrote:
DrCaleb wrote:
And the US just got a little less free.


It did. And some of us are using non-US encryption these days. So fuck the FBI.

Sadly wouldn't help. Your browser history is stored on your system if you use encryption, incognito mode, or delete search history. It's recoverable, I learned how to do it in forensic training.


Laptops at my work are encrypted from boot up. No password, no boot.

Still recoverable?

Tricks wrote:
Only way to stop it from being discovered is to forensically wipe a drive. Part of why when anyone on my team goes to the U.S. (especially to hacking conferences) they use a forensically wiped machine with a bone stock image of whatever OS, set up what they need in the U.S., and then wipe and re-image before coming back over the border.

Now looks like we might to run with flash drives that will wipe drives on boot.


I would never take an electronic device to the US. Even though it's been found to be illegal to copy devices, I'd bet they do it anyhow.

https://www.npr.org/2019/05/02/71933735 ... ic-devices


Offline
CKA Uber
CKA Uber
 Vancouver Canucks
User avatar
Profile
Posts: 24471
PostPosted: Thu May 14, 2020 10:41 am
 


DrCaleb wrote:

Laptops at my work are encrypted from boot up. No password, no boot.

Still recoverable?
At the border, yeah. They can force you to input your password and unlock it or deny you entrance into the country.

Quote:
I would never take an electronic device to the US. Even though it's been found to be illegal to copy devices, I'd bet they do it anyhow.

https://www.npr.org/2019/05/02/71933735 ... ic-devices

We don't really have a choice when travelling to a hacking conference. It's kind of necessary to have a system there.


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 37270
PostPosted: Thu May 14, 2020 10:49 am
 


Tricks wrote:
DrCaleb wrote:

Laptops at my work are encrypted from boot up. No password, no boot.

Still recoverable?
At the border, yeah. They can force you to input your password and unlock it or deny you entrance into the country.


Which is why I'd never take a device there.

I'd also put my cache on a ramdrive or in /proc somewhere. Right now using a read-only virtual image is my go-to.

If you haven't tried Oracle Virtualbox, I recommend it. (even though its from Oracle)

Tricks wrote:
Quote:
I would never take an electronic device to the US. Even though it's been found to be illegal to copy devices, I'd bet they do it anyhow.

https://www.npr.org/2019/05/02/71933735 ... ic-devices

We don't really have a choice when travelling to a hacking conference. It's kind of necessary to have a system there.


I've often wondered if you could courier it to your hotel, or use Dropbox for the data that isn't standard image.


Offline
CKA Uber
CKA Uber
 Vancouver Canucks
User avatar
Profile
Posts: 24471
PostPosted: Thu May 14, 2020 10:58 am
 


DrCaleb wrote:

Which is why I'd never take a device there.

I'd also put my cache on a ramdrive or in /proc somewhere. Right now using a read-only virtual image is my go-to.

If you haven't tried Oracle Virtualbox, I recommend it. (even though its from Oracle)
ramdrive might help, putting it anywhere on long term storage won't. Because OS's are stupid, they don't properly over write deleted data, they just delete the links to it. So the hex values can be recovered an dumped back into full functional files. Read only image could work, but again, while doing stuff like CTF events, we're having to often install/grab software on the fly.

Quote:
I've often wondered if you could courier it to your hotel, or use Dropbox for the data that isn't standard image.

I'd just have a vpn credential to a home server to grab software needed. Veracrypt a flash drive with a duress partition if forced to unlock it. Might be able to do that with a full system drive, I've never tried to run a full system veracrypt with a normal and duress partition, both running an OS. Might give that a shot now.


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 37270
PostPosted: Thu May 14, 2020 11:10 am
 


Tricks wrote:
Because OS's are stupid, they don't properly over write deleted data, they just delete the links to it. So the hex values can be recovered an dumped back into full functional files. Read only image could work, but again, while doing stuff like CTF events, we're having to often install/grab software on the fly.


OS's always have done that. I remember writing ROM BIOS routines to find the 'deleted' file chains and restore them, back in the 80s. Trivial code. Much faster to delete the FAT entry and let it get overwritten naturally rather than scrub it.

Tricks wrote:
Quote:
I've often wondered if you could courier it to your hotel, or use Dropbox for the data that isn't standard image.

I'd just have a vpn credential to a home server to grab software needed. Veracrypt a flash drive with a duress partition if forced to unlock it. Might be able to do that with a full system drive, I've never tried to run a full system veracrypt with a normal and duress partition, both running an OS. Might give that a shot now.


8)

I always have some sort of VPN back into my NAS at least, for when there is something I need when I'm not at home. It's saved me hours of time more than once.

That's also why I suggest a virtual image. Easy to store in free cloud storage (IBM offers the largest, 20GB IIRC) and you can use freely downloadable software to run the image from a standard build machine.


Offline
CKA Uber
CKA Uber
User avatar
Profile
Posts: 16885
PostPosted: Thu May 14, 2020 12:07 pm
 


Now I’ll just wait for the Gadsden Flag, gun waving crowd to go protest this...


Offline
CKA Uber
CKA Uber
 Vancouver Canucks
User avatar
Profile
Posts: 24471
PostPosted: Thu May 14, 2020 1:29 pm
 


DrCaleb wrote:
OS's always have done that. I remember writing ROM BIOS routines to find the 'deleted' file chains and restore them, back in the 80s. Trivial code. Much faster to delete the FAT entry and let it get overwritten naturally rather than scrub it.
Right, the problem is with older drives, they were small, and it would get re-written relatively easily. For your average user, they may never write 1 tb worth of data to their drive, and the system won't re-write over deleted content until it reaches the end of the drive. Makes forensics easy.


Quote:
8)

I always have some sort of VPN back into my NAS at least, for when there is something I need when I'm not at home. It's saved me hours of time more than once.

That's also why I suggest a virtual image. Easy to store in free cloud storage (IBM offers the largest, 20GB IIRC) and you can use freely downloadable software to run the image from a standard build machine.

Except now you're trusting IBM. I'd rather just build one. :lol:


Offline
Forum Elite
Forum Elite
 Montreal Canadiens
User avatar
Profile
Posts: 1176
PostPosted: Fri May 15, 2020 9:38 am
 


Oh thank you Bernie Sanders for defending the 4th Amendment privacy rights BY VOTING.....

oh wait.




Controlled Opposition, paid in full.


No refunds, bitches. :twisted: :twisted:


Offline
CKA Uber
CKA Uber
 Vancouver Canucks
User avatar
Profile
Posts: 24471
PostPosted: Fri May 15, 2020 10:06 am
 


Martin15 wrote:
Oh thank you Bernie Sanders for defending the 4th Amendment privacy rights BY VOTING.....

oh wait.




Controlled Opposition, paid in full.


No refunds, bitches. :twisted: :twisted:

Ah yes, the majority of Republicans voted the wrong way, but it's Bernie's fault. One guy should be the one who is responsible for this failing, and not all the pieces of garbage who voted to not ban this.


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks
User avatar
Profile
Posts: 16353
PostPosted: Fri May 15, 2020 1:23 pm
 


Martin15 wrote:
Oh thank you Bernie Sanders for defending the 4th Amendment privacy rights BY VOTING.....

oh wait.




Controlled Opposition, paid in full.


No refunds, bitches. :twisted: :twisted:



He was afk but has some 'splaining to do:



Kyle makes a great point thou. The vote is called in advance and even if the 4 who didn't vote did there was a 100% chance that enough of people who did vote against would have flipped creating the same result. It's creepy, it's crazy and it is exactly the reason why so many people have unplugged from the whole process.


Post new topic  Reply to topic  [ 15 posts ] 



Who is online

Users browsing this forum: No registered users and 13 guests




 
     
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © Canadaka.net. Powered by © phpBB.