on 27/2/03 4:52 PM, Jeremy Derr at [EMAIL PROTECTED] wrote: > most/many unix distributions have a similar feature. in fact, booting any UNIX > into Single User mode (doing this varies widely by vendor, ranging from > horribly simple to horrifically difficult) gives SuperUser access to the > entire filesystem, including the /etc/passwd (or equivalent) file.
Good to know (but not very comforting)! > i don't care what kind of computer you have... if you can't guarantee physical > security to your system, NOTHING will save your data. driver level encryption, > wake-from-sleep password protection, nothing. Wouldn't driver level encryption make it *very* challenging to get at someone's data without being able to sniff passwords *and* have physical access to a machine (provided appropriate network precautions were in place)? Even if you could gain physical access to a machine *and* read the raw data stream (e.g. swapping out the HD) you'd still have to crack the encryption first, especially if the encryption was tied to a particular hardware encryption card (if they exist). Of course, keystroke sniffers could make life much easier by allowing you to capture passwords but you'd still have to bypass all the other safeguards in place (however insecure they may be) *before* you could get to the point of capture passwords. And, if you use (my hypothetical) hardware encryption, I suppose if a hacker were technologically skilled enough they could capture the raw data stream between mobo and card and extract the data that way. You're right nothing will *absolutely* save your data (short of encasing the computer in a concrete block in an intelligently hidden location (e.g. a number of routers to confuse a tracker, these routers encased in concrete and lead themselves, etc)), and to protect the area with guards. If your data is that valuable, you'll have to hire trustworthy guards to secure your computer *and* make sure your computer network traffic is constantly monitored by trustworthy people and trusted software. For mere mortals like me that is overkill. If someone *really* wants my data that badly, they can have it. What I want to do is make life very difficult for a casual thief, or a casual snoop (and this is quite important in an inherently insecure environment like a university office). If someone were serious about accessing my personal data all they'd have to do is steal my HD and pop it into their own computer, but I want to make it that difficult, that they have to resort to such measures (& if they're willing to do that, criminal charges will come into play and my data would have to be *that* important to them (which it wouldn't be)). > my point is, in the end, that you're trying to use inherently insecure methods > and add security to them. sleep is, by it's very nature, an insecure process. > booting directly to the desktop is an inherently insecure process. the screen > saver is inherently insecure. study programming for a while and you'll see > that this isn't something that can just be changed -- find out how a screen > saver works, find out how the sleep mode works. Apple can't sit down and just > say "oh, hey, let's make it do THIS" when it comes to some of these things. Yes, sleep is "insecure" as you put it, and, yes, the screen saver is merely an app that draws a pretty picture, but most people don't know how to defeat the password, and the casual snoop/thief certainly would be stymied by having to enter a password on wake. A computer would be made *much* more secure by having the option to "activate screensaver on sleep", "request password on wake", and "activate security alert on forced restart during a password request". As I mentioned a long time ago (and as Laurent pointed out accurately), the reason I would like this "activate screensaver on sleep" feature is that, in clamshell mode (in which my computer runs for 70% of its operating time), I have to sleep it before I can unplug the monitor, and, then, if I plan to move it I have to (if I want to make it *more* difficult for someone to snoop) wake it up again, activate screen saver, and then close the computer to sleep it (since there isn't an option to sleep when in screensaver mode). Anyway, I'm still curious, does anyone know if anyone makes IDE (or SCSI... seems more logical for SCSI) controller cards which offer hardware-level encryption? Eric. -- G-Books is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/> --------------------------------------------------------------- >The Think Different Store http://www.ThinkDifferentStore.com ---------------------------------------------------------------
