On Saturday, December 4, 2004, at 05:04 AM, Ben Dyer wrote:
On 4 Dec 2004, at 20:54, walter wrote:
Just as a matter of theoretical curiosity: does the Firmware password prevent access to a hard drive that is being enslaved via Firewire Target mode?
Walter
According to http://docs.info.apple.com/article.html?artnum=106482 , the OF protection prevents the computer from being started in target disk mode. However, it doesn't prevent someone from pulling the hard disk out of the computer and accessing it from another machine.
Uh, *duh*! See rule 3...don't let the bad guy at your computer.
If your stuff is that sensitive, use encrypted disk images to store it. (Really paranoid? Encrypted images on a removable disk you put in a real vault after using...)
I recommend this rather than FileVault because FileVault is this 'all eggs in one basket' kind of thing. One bit flips unexpectedly and blammo, your entire user directory is nothing more than digital noise. It also makes backups unnecessarily complicated (as you have to back up your entire user disk image every time)
Read through what the Masters of Paranoia have to say, in the NSA guide to securing OS X: <http://www.nsa.gov/snac/os/applemac/osx_client_final_v.1.pdf>
They recommend using FileVault, I disagree with that for most civilian purposes, for the reasons above, but their section on using Keychain access and maintaining secure passphrases is a very worthwhile read.
It's a good booklet to look through and cherry-pick for ideas, though I don't think most of us would consider going so far as to get Apple Repair certified, so we could tear open the Powerbook and cut out the internal microphone and speakers without voiding the warrantee....
-- "Wherever you go, there you are." - B. Banzai, Ph.D. Bruce Johnson
-- G-Books is sponsored by <http://lowendmac.com/> and...
Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! |
Support Low End Mac <http://lowendmac.com/lists/support.html>
G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/>
---------------------------------------------------------------
The Think Different Store
http://www.ThinkDifferentStore.com ---------------------------------------------------------------
