kassube at gmx.net
Sat Apr 26 08:39:25 BST 2008
Larry Hartman wrote:
> 2. If the harddrive is cloned, then how good are the capabilities to
> examine it at most security checkpoints. Do most security checkpoints
> even have capability to clone? If the equipment is confiscated, then
> the loss is as total as having the data read by unwanted eyes.
The question should not be if _most_ checkpoints have the capability for
cloning, but if there are _any_. What if only one checkpoint in the world
had the capability, but you pass exactly that one?
> 4. Someone above mentioned that even if the user account were not
> visible in the display manager, the username had to be listed in
> /etc/passwd...which would be a give away to investigators that
> something is up.
If you use a standard system account, it might be less suspicious.
Something like vdr or mythtv or root. Just don't put your sensitive data
in the standard home directory for that account.
> 6. Perhaps my question would be rephrased to, "how to hide data in
> such a transparent way so as to not arouse suspicions that would cause
> further investigation?"
Then perhaps don't use a special account, but put your sensitive data in a
file which looks like and really starts as a most boring but very long
video. However that video is corrupted in a way that after the first 5
minutes of the video it is overwritten by a virtual (encrypted) partition
file containing your data. If your sensitive data are on the (small)
partition /dev/sde3 of your external harddisk, you could get such a file
with these commands:
dd if=catvideo.mpg of=catsleepingonmylawn.mpg bs=10000000 count=1
sudo dd if=/dev/sde3 >>catsleepingonmylawn.mpg
Now if you want to access your sensitive data, use this mount command:
sudo mount -oloop,offset=10000000 catsleepingonmylawn.mpg /mnt
where 10000000 is the offset in bytes where the virtual partition starts,
i.e. the value for the "bs=" option of the dd command above. Use
something you can easily remember, then you don't need to have that info
written somewhere on your harddisk. And don't forget to clean the file
$HOME/.bash_history (and maybe others) because otherwise the command
could be found there. And I leave the encryption part as an exercise to
you because I'm too lazy to read it up myself :)
More information about the kubuntu-users