Wireless dongle

[logicalconfusion]

Whats the best way to lock up a system when a wirless device belonging to the owner is 21" from the keyboard? I had to run outside and help my frantic neighbor extinguish a bush fire his kid started by throwing a bottle rocket into a pile of dry leaves yesterday. As I was hosing it down it occurred to me I left my outlook open. I'm looking for a ubiquitous, OS agnostic, device or secure protocol such as bluetooth that will lock up the system in the event of an emergency. The incident reminded me of a famous story I read....

Edited March 25, 2013 by logicalconfusion

[khaotic57]

Ubuntu has a app that locks the computer when your paired devices leaves a ceartin distance from it. I forget what the name of it is though.

[logicalconfusion]

Thats nice. I got linux, mac os x, win 7, and a proprietary OS written by NASA - honestly. I want the network to self destruct (erase the data or lock up) if I happen poop my pants and run out in a mad rush. any suggestions?

[digip]

You could do a couple of things, like someone else suggested using a USB key, when removed, locks the device, but really, just lock the screen or put a screen saver on password protected to kick off in a minute or so. Other options if you want to go all hightech, rfid reader over USB and maybe a bracelet(vs implant) that if you walk away and it can't read your wrist within range, locks the machine. That I think would make a great show segment too, since its already been covered somewhat with unlocking phones, having one for the purpose of say a wearable wrist/bracelet that locks if you walk away is a neat idea. If anyone builds, sells and patents this, I'm laying claim to it right here and now..lol. I want my share of sales.... "cash rules everything around me, cream, $$ bill yall..."

[digininja]

Funny, Darren and I talked about this a while ago and I've got some kit I'd like to test it out with if I ever have the time.

logicalconfusion, I think your desire to get a single thing which is completely cross platform isn't going to work. You are best looking for something specific to each platform and is designed to work with it. There was an episode of the show recently covering using bluetooth to auto-lock Windows and Linux so you could start with that.

And I'd also consider, do you really want to kill the machine if you accidentally walk away without locking it? You know it will happen, probably in the first few weeks while you are getting used to it. Ask yourself, who are you protecting against? Your kids playing without permission? If so then a simple screenlock would suffice.

[logicalconfusion]

@digininja It will suffice in wonderland.

security is important. My friend is a prominent artist in NYC. He makes a triple digit salary for his graphics work. He so scared of someone holding him up at gun point while he's deep in thought he asked me for solutions on how to destroy his network. I know that we're not going enjoy multi platform protocols in the near future. We can however engineer hardware. He's looking for an RFID device that will blow up (DBAN -instantly) his HD.

[digip]

@digininja It will suffice in wonderland.

security is important. My friend is a prominent artist in NYC. He makes a triple digit salary for his graphics work. He so scared of someone holding him up at gun point while he's deep in thought he asked me for solutions on how to destroy his network. I know that we're not going enjoy multi platform protocols in the near future. We can however engineer hardware. He's looking for an RFID device that will blow up (DBAN -instantly) his HD.

Look into int0x80's talks from Derbycon last 2 years and his (I think) Brucon and defcon talk on similar topics of file evasion and system protection.

[logicalconfusion]

Look into int0x80's talks from Derbycon last 2 years and his (I think) Brucon and defcon talk on similar topics of file evasion and system protection.

So much for eBay and Staples.

[digininja]

@digininja It will suffice in wonderland.

security is important. My friend is a prominent artist in NYC. He makes a triple digit salary for his graphics work. He so scared of someone holding him up at gun point while he's deep in thought he asked me for solutions on how to destroy his network. I know that we're not going enjoy multi platform protocols in the near future. We can however engineer hardware. He's looking for an RFID device that will blow up (DBAN -instantly) his HD.

The only way I'd say you can get what you want is to have something like thermite set up to kill the drives. A software solution would be to have an encrypted drive and then destroy the key but if it is something he knows then he will give it over at gun point.

If triple digit means he earns $100/day then I know people who earn a lot more than that and are a lot less paranoid, sounds a bit far fetched for me.

[ssilvo]

@digininja It will suffice in wonderland.

security is important. My friend is a prominent artist in NYC. He makes a triple digit salary for his graphics work. He so scared of someone holding him up at gun point while he's deep in thought he asked me for solutions on how to destroy his network. I know that we're not going enjoy multi platform protocols in the near future. We can however engineer hardware. He's looking for an RFID device that will blow up (DBAN -instantly) his HD.

I have to agree with Digininja here ,destroying the drives seems pretty drastic given we are only talking about intellectual copyright ,

why not use the plausable denial stuff from truecrypt ,he gives a key to the normal section of the os ,but the hidden os goes down the tubes

http://www.truecrypt.org/docs/?s=plausible-deniability

[digip]

Or just backup eveyrthing, install a new system with full disk encryption, restore files, make some sort of RFID tool that when out of range, powers down the machine or such. Other than a cold boot attack or Firewire grab, that should keep anyone happy. Destroying the data and files out of fear, sounds more like someone is doing shady shit than legit work.

[logicalconfusion]

@digninja

WTF kind of pyro manic sh!t is this man! We don't want the thief to end up as an amputee. I was thinking of somewhat more elegant solution that implements electromagnetic resonance to erase the the solid state drive. You're right. U got it friend. He doesn't make make a 100$ He's actually a hobo who strings tin cans and buttons for the statue of liberty. I bet anything MIT has the solution....

Edited March 28, 2013 by logicalconfusion

[digininja]

Or just backup eveyrthing, install a new system with full disk encryption, restore files, make some sort of RFID tool that when out of range, powers down the machine or such. Other than a cold boot attack or Firewire grab, that should keep anyone happy. Destroying the data and files out of fear, sounds more like someone is doing shady shit than legit work.

That wouldn't solve the problem of the attacker gaining access to the data when they put the gun against the guys head.

And logicalconfusion you want the data gone, its the only truly secure way I can think of that is instant and unrecoverable.

[logicalconfusion]

@digip

Other than a cold boot attack or Firewire grab, that should keep anyone happy. Destroying the data and files out of fear, sounds more like someone is doing shady shit than legit work

I dont think a coldboot attac or Firewire grab will do the trick. Think bout it - the military can send unmanned drones all over the world at super sonic speeds using satellite technology. Forcing a SSD to fall a apart (w/out causing a freaking fire alarm) is pretty trivial. I actually want a software (OS ) independent solution that works on top of the hardware.

@digip

Forget about guns and muggers. Lets just pretend I want to remotely destroy a drive for shits and giggles. Think of it as the ink-security tag stores attach to expense clothing.

Edited April 5, 2013 by logicalconfusion

[digininja]

the problem you are going to have with any software solution is that it takes a long time to wipe a drive. The only quick way to do it is to use full disk encryption and somehow forget the key.

If you know the key then you can be threatened till you reveal it so that is no good, you can't know the key.

The only way to do this then is to have a key that you never know. You could do this by storing the key in its own encrypted container and have the key for that change every time the machine boots, when you shut the machine down you are shown the key for the next boot. You then set it up so that you have a proximity detector which shuts the machine down if you walk away from it without showing the key.

Put all that together and if you walk away then you don't see the next key and so can't boot the machine again, it is locked with an encryption key you never knew and the only way to get to it is through a key that you don't know because you never saw it.

And if anyone ever uses something this complex then I reckon they will lose all their data within a week of setting it up.

[telot]

And if anyone ever uses something this complex then I reckon they will lose all their data within a week of setting it up.

That right there. Sorry logicalconfusion, theres no way to simply/elegantly accomplish what you're after. Theres just no off the shelf (open or closed source) product designed to do EXACTLY what you want. If you want it, you'll have to write it.

Back to the thermite though, thermite is not explosive and doesn't necessarily have to set off the firealarm. It IS extremely dangerous, of course. There was a con where the challenge was to destroy a 2U server rack of harddrives without setting off alarms or damaging other clients stuff. And one guy successfully did it. I'll try to find the video and will update this post. If nothing else, its fascinating to watch.

telot

[digininja]

Larry from Pauldotcom did it as part of one of the big numbered shows (200, 250 maybe) and videoed it but the video never got released. I've chatted to him about it and I wish I could have been there.

[logicalconfusion]

@telot that means the technology is already out there. Its just no available to the general public.

okay! so it looks like I wont pick a wireless self destructive dongle for my iphone/pc/or lap on amazon. back to the drawing board...I'll send post the schematics for it one day, till then pls post the video.

[sierrabrav0]

"The first is a Gnome applet called BlueProximity that automatically locks and unlocks the system based on how far away a Bluetooth device is. The second is a bluetooth Pluggable Authentication Module (PAM) for authentication based on the presence of a Bluetooth device.

The result of using both is that I can now log-in and automatically have the screen lock/unlock (and run other commands) based on the presence of my mobile phone. Seeing as it is usually in my pocket this means if I walk away from the PC I don't need to remember to manually lock the screen."

http://tjworld.net/wiki/Linux/Ubuntu/BluetoothLoginAndLocking

Edited April 5, 2013 by sierrabrav0

[sierrabrav0]

The thing is that the Bluetooth Device Address BD_ADDR isn't 100% secure because it could be easily spoof.

Edited April 5, 2013 by sierrabrav0

[logicalconfusion]

@sierrabrav0 do you know of any SSD manufactures that offer an on star type service that will inject battery acid into the drive if its stolen?

[digininja]

You also have to be religious about taking your phone away with you when you leave your desk and knowing how far you have to go before the apps kick in.

I'd say to use this as a backup to you physically locking it before you walk away rather than trust it completely.

[logicalconfusion]

@digininja precisely! I didn't mean that it has to worn like some kind of ankle braclet they use to detain parolees. I bet anything that an iphone app exists that configures every feature of the dongle/SSD device. What if it fails to detonate....when stolen. There's really not much info on pairing devices. I mean, the only thing on the table right now is the bluetooth solution that was recommended. And even thats hackable.

[digininja]

If you wanted something that would guarantee to lock/kill your machine if you walked away from it and accidentally left it unlocked then you would have to be religious about carrying a device if it were device based.

You could put scales in your seat so if you stood up without locking it it noticed if you didn't want to be tied to a device.

Not sure what you mean about not much info on paring devices, there is a full RFC on how it works.

[logicalconfusion]

@digninja I was actually referring to the wirelss dongle/SSD hd I originally suggested, the one that injects battery acid or lethal radio freq into the SSD when its triggered. I know what youre saying! It's probably impossible to make a foolproof wireless dongle, unless its embedded in the ass, religiously, by a priest. When you think bout it, nano-technology is just around the corner. It won't be long before this is on the shelf. I know that there're software solutions. Where can I find the RFC btw? Can you post links to software solutions available?

Edited April 5, 2013 by logicalconfusion