Security-related questions

Nils Kassube kassube at gmx.net
Sat Apr 26 08:39:25 BST 2008


 Larry Hartman wrote:
> 2.  If the harddrive is cloned, then how good are the capabilities to
> examine it at most security checkpoints.  Do most security checkpoints
> even have capability to clone?  If the equipment is confiscated, then
> the loss is as total as having the data read by unwanted eyes.

The question should not be if _most_ checkpoints have the capability for 
cloning, but if there are _any_. What if only one checkpoint in the world 
had the capability, but you pass exactly that one?

> 4.  Someone above mentioned that even if the user account were not
> visible in the display manager, the username had to be listed in
> /etc/passwd...which would be a give away to investigators that
> something is up.

If you use a standard system account, it might be less suspicious. 
Something like vdr or mythtv or root. Just don't put your sensitive data 
in the standard home directory for that account.

> 6.  Perhaps my question would be rephrased to, "how to hide data in
> such a transparent way so as to not arouse suspicions that would cause
> further investigation?"

Then perhaps don't use a special account, but put your sensitive data in a 
file which looks like and really starts as a most boring but very long 
video. However that video is corrupted in a way that after the first 5 
minutes of the video it is overwritten by a virtual (encrypted) partition 
file containing your data. If your sensitive data are on the (small) 
partition /dev/sde3 of your external harddisk, you could get such a file 
with these commands:

dd if=catvideo.mpg of=catsleepingonmylawn.mpg bs=10000000 count=1
sudo dd if=/dev/sde3 >>catsleepingonmylawn.mpg

Now if you want to access your sensitive data, use this mount command:

sudo mount -oloop,offset=10000000 catsleepingonmylawn.mpg /mnt

where 10000000 is the offset in bytes where the virtual partition starts, 
i.e. the value for the "bs=" option of the dd command above. Use 
something you can easily remember, then you don't need to have that info 
written somewhere on your harddisk. And don't forget to clean the file 
$HOME/.bash_history (and maybe others) because otherwise the command 
could be found there. And I leave the encryption part as an exercise to 
you because I'm too lazy to read it up myself :)


Nils



More information about the kubuntu-users mailing list