The Paladin was looking around the Internet and found a very interesting article and video put out by the Center for Information Technology at Princeton University.

Why This Should Matter To You
In the last few years we have had more than one major news story regarding an employee of a company taking a laptop computer outside of their office and having the computer stolen. In some cases, the data on the hard disk (which could be your credit card information, social security number, and other data used by people who engage in “identify theft”) has been “encrypted,” which is to say that a program has been used to “scramble” the data so that if the computer *is* stolen, the thieves would perhaps not be able to access the data on the hard disk.

Well, The Center for Information Technology has just released a report about how easy it is to steal encrypted data off of your hard disk given just a short amount of time with physical access to your machine.

Fortunately, the average person on the street would not be able to take advantage of this technique (there is some sofware they would need that the average person would find a bit difficult, but not impossible, to acquire). However, this has huge ramifactions for companies that try to tell you that your personal data is safe because it is encrypted.

Do not get me wrong, encryption is one important tool in the toolbox of data protection. What I am trying to convey is that buy itself, encryption is not the “end all be all” of data protection.

As the Paladin is constantly emphasizing, data and computer protection is a set of tools plus some knowledge about how computers are compromised. Without the knowledge portion of the equation, tools to protect your computer and your data are far less effective.

But I digress…

The method demonstrated by the Center for Information Technology takes advantage of a little known fact: When you power down your computer, your random access memory (RAM), which is the memory space where programs run (for the most part), does not forget what was there immediately!

This comes as news to a lot of people. Most of us think that when we power down our computers, what is in memory immediately disappears (again, I am talking about your system RAM memory…there are other kinds of “memory” such as your hard disk, that are meant to hold their data when the computer is powered down). It turns out that this is not completely true.

You see, when power is cut from RAM memory it loses its contents over time. Sometimes this time period is measured in seconds. Sometimes it takes much longer. And as the Center for Information Technology points out, there are easy ways to extend the length of time it takes the memory to “forget” its contents.

The video that was posted on YouTube is excellent at showing in straight-forward (and non-technical) terms how they used this fact to get information off of encrypted hard drives. It is very much worth your time to view this short video. With this information, you will have an entirely different point of view when some big company that keeps your personal data in a computer tries to tell you that your data is safe because it is encrypted. Encryption is just ONE part of an entire data protection plan…and by itself only offers limited protection.

Greetings Citizens of the Realm!

The Paladin was poking around the internet and discovered a rather interesting article (you can read the article here) regarding a special hard drive enclosure that was advertised as being very secure with respect to protecting your data.

If you are not familiar with the concept, a hard drive enclosure is a “box” into which you would place a standard hard drive. The reason you would do this is to create your own “portable” hard drive. This box contains power (that is, a plug) and a way to connect it to your computer (typically through a USB cable) and all of the circuitry necessary to allow your hard drive to communicate with the computer.

One of the things that separated this encosure from others was that the manufacturer advertised that the data stored on the hard drive inside of the enclosure was very strongly encrypted.

Read the rest of this entry »

Greetings Citizens of the Realm!

Once again the Paladin is taking time out from building the finer points of this site to share some knowledge with you that will be invaluable in your fight against the anti-programmers and many others.

The Paladin came across an interesting article by the BBC (located here) which describes an investigation into software EULA’s by the National Computer Council (NCC).

If you are not familliar with the acronym, an EULA is an “End User License Agreement” that software companies include with their software. You see, when you buy software, you are not really buying the software…you are purchasing the right to use the software. The software is actually licensed for your use by the price you pay.

Read the rest of this entry »