[Newsbot]

Title: Limits on FBI access to search histories fails by one Senate vote
Category: Uncle Sam
Posted By: DrCaleb
Date: 2020-05-14 09:28:57

[DrCaleb]

And the US just got a little less free.

[raydan]

DrCaleb DrCaleb:

And the US just got a little less free.

Give them more guns and they won't even realize it.

[BartSimpson]

DrCaleb DrCaleb:

And the US just got a little less free.

It did. And some of us are using non-US encryption these days. So fuck the FBI.

[Tricks]

BartSimpson BartSimpson:

DrCaleb DrCaleb:

And the US just got a little less free.

It did. And some of us are using non-US encryption these days. So fuck the FBI.

Sadly wouldn't help. Your browser history is stored on your system if you use encryption, incognito mode, or delete search history. It's recoverable, I learned how to do it in forensic training.

Only way to stop it from being discovered is to forensically wipe a drive. Part of why when anyone on my team goes to the U.S. (especially to hacking conferences) they use a forensically wiped machine with a bone stock image of whatever OS, set up what they need in the U.S., and then wipe and re-image before coming back over the border.

Now looks like we might to run with flash drives that will wipe drives on boot.

[DrCaleb]

Tricks Tricks:

BartSimpson BartSimpson:

DrCaleb DrCaleb:

And the US just got a little less free.

It did. And some of us are using non-US encryption these days. So fuck the FBI.

Sadly wouldn't help. Your browser history is stored on your system if you use encryption, incognito mode, or delete search history. It's recoverable, I learned how to do it in forensic training.

Laptops at my work are encrypted from boot up. No password, no boot.

Still recoverable?

Tricks Tricks:

Only way to stop it from being discovered is to forensically wipe a drive. Part of why when anyone on my team goes to the U.S. (especially to hacking conferences) they use a forensically wiped machine with a bone stock image of whatever OS, set up what they need in the U.S., and then wipe and re-image before coming back over the border.

Now looks like we might to run with flash drives that will wipe drives on boot.

I would never take an electronic device to the US. Even though it's been found to be illegal to copy devices, I'd bet they do it anyhow.

https://www.npr.org/2019/05/02/71933735 ... ic-devices

[Tricks]

DrCaleb DrCaleb:

Laptops at my work are encrypted from boot up. No password, no boot.

Still recoverable?

At the border, yeah. They can force you to input your password and unlock it or deny you entrance into the country.

$1:

I would never take an electronic device to the US. Even though it's been found to be illegal to copy devices, I'd bet they do it anyhow.

https://www.npr.org/2019/05/02/71933735 ... ic-devices

We don't really have a choice when travelling to a hacking conference. It's kind of necessary to have a system there.

[DrCaleb]

Tricks Tricks:

DrCaleb DrCaleb:

Laptops at my work are encrypted from boot up. No password, no boot.

Still recoverable?

At the border, yeah. They can force you to input your password and unlock it or deny you entrance into the country.

Which is why I'd never take a device there.

I'd also put my cache on a ramdrive or in /proc somewhere. Right now using a read-only virtual image is my go-to.

If you haven't tried Oracle Virtualbox, I recommend it. (even though its from Oracle)

Tricks Tricks:

$1:

I would never take an electronic device to the US. Even though it's been found to be illegal to copy devices, I'd bet they do it anyhow.

https://www.npr.org/2019/05/02/71933735 ... ic-devices

We don't really have a choice when travelling to a hacking conference. It's kind of necessary to have a system there.

I've often wondered if you could courier it to your hotel, or use Dropbox for the data that isn't standard image.

[Tricks]

DrCaleb DrCaleb:

Which is why I'd never take a device there.

I'd also put my cache on a ramdrive or in /proc somewhere. Right now using a read-only virtual image is my go-to.

If you haven't tried Oracle Virtualbox, I recommend it. (even though its from Oracle)

ramdrive might help, putting it anywhere on long term storage won't. Because OS's are stupid, they don't properly over write deleted data, they just delete the links to it. So the hex values can be recovered an dumped back into full functional files. Read only image could work, but again, while doing stuff like CTF events, we're having to often install/grab software on the fly.

$1:

I've often wondered if you could courier it to your hotel, or use Dropbox for the data that isn't standard image.

I'd just have a vpn credential to a home server to grab software needed. Veracrypt a flash drive with a duress partition if forced to unlock it. Might be able to do that with a full system drive, I've never tried to run a full system veracrypt with a normal and duress partition, both running an OS. Might give that a shot now.

[DrCaleb]

Tricks Tricks:

Because OS's are stupid, they don't properly over write deleted data, they just delete the links to it. So the hex values can be recovered an dumped back into full functional files. Read only image could work, but again, while doing stuff like CTF events, we're having to often install/grab software on the fly.

OS's always have done that. I remember writing ROM BIOS routines to find the 'deleted' file chains and restore them, back in the 80s. Trivial code. Much faster to delete the FAT entry and let it get overwritten naturally rather than scrub it.

Tricks Tricks:

$1:

I've often wondered if you could courier it to your hotel, or use Dropbox for the data that isn't standard image.

I'd just have a vpn credential to a home server to grab software needed. Veracrypt a flash drive with a duress partition if forced to unlock it. Might be able to do that with a full system drive, I've never tried to run a full system veracrypt with a normal and duress partition, both running an OS. Might give that a shot now.

I always have some sort of VPN back into my NAS at least, for when there is something I need when I'm not at home. It's saved me hours of time more than once.

That's also why I suggest a virtual image. Easy to store in free cloud storage (IBM offers the largest, 20GB IIRC) and you can use freely downloadable software to run the image from a standard build machine.

[xerxes]

Now I’ll just wait for the Gadsden Flag, gun waving crowd to go protest this...

[Tricks]

DrCaleb DrCaleb:

OS's always have done that. I remember writing ROM BIOS routines to find the 'deleted' file chains and restore them, back in the 80s. Trivial code. Much faster to delete the FAT entry and let it get overwritten naturally rather than scrub it.

Right, the problem is with older drives, they were small, and it would get re-written relatively easily. For your average user, they may never write 1 tb worth of data to their drive, and the system won't re-write over deleted content until it reaches the end of the drive. Makes forensics easy.

$1:

I always have some sort of VPN back into my NAS at least, for when there is something I need when I'm not at home. It's saved me hours of time more than once.

That's also why I suggest a virtual image. Easy to store in free cloud storage (IBM offers the largest, 20GB IIRC) and you can use freely downloadable software to run the image from a standard build machine.

Except now you're trusting IBM. I'd rather just build one.

[Martin15]

Oh thank you Bernie Sanders for defending the 4th Amendment privacy rights BY VOTING.....

oh wait.




Controlled Opposition, paid in full.


No refunds, bitches.

[Tricks]

Martin15 Martin15:

Oh thank you Bernie Sanders for defending the 4th Amendment privacy rights BY VOTING.....

oh wait.




Controlled Opposition, paid in full.


No refunds, bitches.

Ah yes, the majority of Republicans voted the wrong way, but it's Bernie's fault. One guy should be the one who is responsible for this failing, and not all the pieces of garbage who voted to not ban this.

[Scape]

Martin15 Martin15:

Oh thank you Bernie Sanders for defending the 4th Amendment privacy rights BY VOTING.....

oh wait.




Controlled Opposition, paid in full.


No refunds, bitches.

He was afk but has some 'splaining to do:



Kyle makes a great point thou. The vote is called in advance and even if the 4 who didn't vote did there was a 100% chance that enough of people who did vote against would have flipped creating the same result. It's creepy, it's crazy and it is exactly the reason why so many people have unplugged from the whole process.