It is nice to hear a story involving the police in which they're helpful and effective rather than spraying protesters/journalists/bystanders with pepper-spray.
I think the fact that the police officer was so involved with updating the writer is what stood out to me. It is rare that we see/hear a detailed explanation of what police work entails and unless we ourselves are the one they are speaking with it might never happen.
I have the best of both worlds. Turn my laptop on and it will automatically boot into Windows without even so much as a password prompt. From there I have Prey installed so I can track it.
I never use this Windows installation though and it contains no valuable/personal data. It's effectively a honey-pot operation system. I have a Linux installation on there too (my "real" os) which takes up the vast majority of the drive and uses full disk encryption. I insert a USB stick at startup which contains the boot partition+loader and boot from that.
Absolutely. My previous laptop was a Macbook that I used to just suspend to RAM. When I decided to start taking my security/privacy seriously I decided I would start shutting down my machine when not in use. Even though TRESOR keeps my encryption key out of RAM, my RAM is still going to contain sensitive information when suspended. I can't suspend to disk because I've disabled swap. I did this because I use an SSD and wanted to avoid unnecessary wearing.
I suspected that I might be frustrated by having to boot up my machine every time I use it, because I'd become accustomed to suspend to ram. It hasn't turned out that way. It doesn't bother me at all.
I almost never shut it down. Probably only once a month.
Waking from sleep is faster and I don't have to re-open my applications and documents. Shutting it down would save a small amount of power but that's rarely an issue (I'd shut it down if I was flying somewhere).
Are there some benefits to shutting it down I'm overlooking?
If you suspend, you are vulnerable to reading decryption key from RAM (firewire, ram freezing). If you are doing full disk encryption, then only shutdown or hibernate are secure.
My encryption key doesn't live in RAM because I use TRESOR. It's hidden in the debug registers of my CPU. There is still going to be other sensitive information in RAM though which I wouldn't want to be accessed.
With SSD, on OSX, it's pretty fast to reboot. Most OSes can now be tuned to boot very quickly; the big thing was getting rid of the BIOS for EFI I think.
I speculate an ugly not-too-distant future: Mike crosses US border from Canada to US. Fancy government computers "lookup" Mike and flag his name because of suspicious posts on "hacker" news. Fun ensues, when agents discover hidden/encrypted partitions on computer. Computer impounded for further investigation. Mike has a bad day.
I'll just overwrite that partition with random garbage and use the Windows honey-pot OS for the duration of my visit, restoring when I get home. Well I might. Or I might not. Plausible deniability anybody?
The random garbage will probably get you in deeper trouble than the encrypted data -- they'll think that it is encrypted data, and ask you to decrypt it. Since it's garbage, you won't be able to; and then... I'll leave the rest to you imagination ;)
Overall, it's probably better to just give them your encrypted data. If you're not doing anything illegal, you don't have much to worry about. In my case, my data consists of software projects, personal diary/e-mails, etc. Nothing incriminating.
In principle what they're doing is wrong (violating your privacy and searching you without a warrant), but in the long run it'll probably just save you time to comply. Unless you're doing anything illegal, giving them your data shouldn't really be a problem.
If they "accidentally" share / release NDA'd corporate data (never heard of this happening), you can always take them to court. Heck, you can even take them to court for searching you without a warrant.
They just keep him in prison until he gives them a password.
Luckily he's not identified as a terrorist. Because those people are subject to extraordinary rendition and intense interrogation techniques, and detained without trial.
Pair that with a slightly stronger form of data hiding by using TrueCrypt's hidden partition feature to encrypt the second OS partition. Just make sure not to ever boot into the honeypot os afterwards, or it could overwrite parts of the hidden partition. You can safely load the honeypot os by typing in the hidden password as well so that true crypt can load the proper partition boundaries.
Too bad that some guy is going to spend years and years in prison over drug charges when he should really only be charged with theft but I guess the lesson is don't go stealing traceable devices when you're running a dope operation.
Seems more likely he accepted the laptop as payment for drugs. The original thief was smart enough not to turn it on, hence taking a couple days to show up.
Possession of marijuana and murder, two completely analogous things. I certainly hope all the people he victimized with his marijuana possession get compensated.
I had a similar experience that took place over the course of a single day in which I tracked down that thieves in real-time and confronted them in a parking lot. Instead of calling the cops, and since they had taken money and not an actual laptop, I had them give me collateral and gave them 2 weeks to give me money back in exchange, which they did after.
I actually did write up and submit a police report, but it was about 3 months before I heard anything from the police.
Lessons learned: (1) sometimes it's better to roll up your sleeves and do it yourself and (2) some (most?) people legitimately want to come clean.
Oh Make Magazine, please put your "close this slide show" button on the upper right instead of the upper left. I'm conditioned to look for X icons to close out of modal windows on the upper right not the upper left. Thaaaaaaanks.
great story! A friend of mine got her iPhone stolen, Find My iPhone didn't render anything for days so she gave up on it and got another one. This kind of technology should be standard on any new device
They probably aren't really laptop experts & don't have the install disks either. But you'd figure the word would have gotten around by now that these things can phone home.
I have heard of muggers stealing cell phones and taking the time to demand the pass code as well, so they're getting smarter about it.
So it would still be possible for the thief to boot to the recovery partition and wack the encrypted partition. Clean machine but at least none of my data.
Is there a Boot Loader or Bios password type option to beven prevent the user from holding down 'Option' and selecting a boot device..
NOTE: Yes I know it is EFI, but everyone knows what a BIOS password is, I think.
There are ways around the fw password, so it's an additional layer against the uninitiated but probably won't help you much and can cause problems for legitimate users.
Don't those require going to an Apple store, officially, which gives them a chance to check serial # vs. stolen list? (It used to be possible by pulling the RAM, but on modern MBA's, the ram is soldered to the main board.)
Oh, right, I seem to read a lot of trouble with FileVault and I should have mentioned that I have a MBP with 2x750GB striped using SoftRAID 4.3.3 as the driver. Obviously my superdrive is gone.
I am going to make all my mobile devices hit a webpage on a few of my servers silently on bootup (if there is a web connection) so I would at least have that ip. Also embedding a hidden image into the browser about:blank (startup) page.
I wonder if you could install something on the BIOS as well in case they try and wipe the Operating System (which they really should do if they want to be safe).
