Re: [liberationtech] A tool for encrypted laptops
On 5/9/14 1:08 PM, Steve Weis wrote: Hi Tom. Does hibernation on a Mac protect from physical memory extraction by default or is this something yontma configures? There may be an ACPI/UEFI attack here... UEFI Runtime Service drivers continue to run in the background while the main OS is running. A UEFI driver can detect these ACLU Sx states. UEFI includes a full IPv4/IPv6 network stack (optionally bootable via PXE), UEFI apps/drivers can talk over the net as well as to local storage media. So, a UEFI runtime service driver could detect hibernation, start getting active in background over net. IF adversary is smart enough to figure out how to install an EFI driver onto your system. And you don't detect the change. So, your EFI malware runtime service might be able to work while you and the OS think the system is merely hibernating. EFI's "Fast Boot" feature is the opposite of ACPI hiberation. The B states of EFI booting are conceptually similar to the S states of ACPI sleeping. Without "Fast Boot", EFI still controls ACPI hibernation, just not as quickly (there are redundant re-init/re-scans that are not "Fast"). ACPI is controlled by the firmware. OS suspend/resume is controlled by the firmware. IMO, power box off completely, to be sure there's no weirdness happening at firmware and silicon levels. Like people remove their batteries from their smartphones. PS: EFI-free Novena reached their crowdsourcing goals! You have 9 days to act before prices increase: http://www.bunniestudios.com/blog/?p=3750 http://www.crowdsupply.com/kosagi/novena-open-laptop "at the conclusion of the Crowd Supply campaign on May 18, all the prices listed below will go up by 10%" -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] A tool for encrypted laptops
On 9 May 2014 16:08, Steve Weis wrote: > Hi Tom. Does hibernation on a Mac protect from physical memory > extraction by default or is this something yontma configures? Not sure what you mean. Obviously we can't protect against someone unscrewing the computer and stealing the chips ;) > After a quick search, I ran across "destroyfvkeyonstandby" to destroy > the FileVault key on standby. Is that sufficient? So I read a lot about pmset, which is made more difficult because Apple has a lot of terms they use in different situations (hibernate, standby, power sleep, etc) that aren't always indicative of what we think they are. I BELIEVE that the minimal set of settings required for a 'true' hibernate (memory snapshot to disk, then shut down everything) are: standbydelay - Needs to be 0. "the delay, in seconds, before writing the hibernation image to disk and powering off memory for Standby." destroyfvkeyonstandby - Needs to be 1. hibernatemode - Needs to be 25. "The system will store a copy of memory to persistent storage (the disk), and will remove power to memory. The system will restore from disk image. If you want "hibernation" - slower sleeps, slower wakes, and better battery life, you should use this setting." Now I believe that when you set hibernatemode to 25, 'standby' (as in destroyfvkeyonstandby) actually becomes real 'hibernation'. I personally have set a bunch of other ones[0], but I don't believe these are required. Like I said, I'm fairly confident about these settings, but Apple's documentation is confusing, so if you think I'm wrong, do some research and argue back ;) YoNTMA will prompt you if it detects these settings are incorrect or you don't have FileVault enabled. > As for DMA attacks, my understanding is the latest OS X does pretty > good job by default. DMA is disabled while the screen is locked and I > wasn't able to hotplug arbitrary PCI devices via Thunderbolt (at least > as of a year ago). I wasn't able to conduct DMA attacks via > Thunderbolt unless the PCI device was connected on bootup and the > laptop unlocked. That's an artificial setting, except perhaps for a > laptop dock with a hidden Thunderbolt hub. Ah cool. I hadn't looked into DMA countermeasures too closely. -tom [0] My other pmset-tings: #Do not go to sleep when plugged in and idle sudo pmset -a autopoweroff 0 #Do go to sleep when idle sudo pmset -a sleep 30 #Do wake up the computer when the lid is opened sudo pmset -a lidwake 1 #Do not wake up the computer when the AC is plugged in sudo pmset -a acwake 0 #Do put the screen to half brightness upon idle sudo pmset -a halfdim 1 #Do put the display to sleep (actually half brightness) after 30 min sudo pmset -a displaysleep 30 #Do not put the disk to sleep sudo pmset -a disksleep 0 #Do not wake on magic packet sudo pmset -a womp 0 #Or modem ring sudo pmset -a ring 0 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] A tool for encrypted laptops
Hi Tom. Does hibernation on a Mac protect from physical memory extraction by default or is this something yontma configures? After a quick search, I ran across "destroyfvkeyonstandby" to destroy the FileVault key on standby. Is that sufficient? As for DMA attacks, my understanding is the latest OS X does pretty good job by default. DMA is disabled while the screen is locked and I wasn't able to hotplug arbitrary PCI devices via Thunderbolt (at least as of a year ago). I wasn't able to conduct DMA attacks via Thunderbolt unless the PCI device was connected on bootup and the laptop unlocked. That's an artificial setting, except perhaps for a laptop dock with a hidden Thunderbolt hub. On Fri, May 9, 2014 at 11:41 AM, Tom Ritter wrote: > > Hey all. Reviving an ld thread with a new release: > https://isecpartners.github.io/news/tools/2014/05/09/yontma-mac-release.html > > From the first email: If your encrypted laptop has its screen locked, > and is plugged into power or ethernet, the tool will hibernate your > laptop if either of those plugs are removed. So if you run out for > lunch, or leave it unattended (but plugged in) at starbucks, and > someone grabs your laptop and runs, it'll hibernate to try to thwart > memory attacks to retrieve the disk encryption key. Not foolproof, but > something simple and easy. > > We've now released a version for Mac. (Open Source of course.) -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] A tool for encrypted laptops
A related tool which employs Bluetooth to detect if your laptop from you has been untimely ripped: http://blueproximity.sourceforge.net You can tweak it to do arbitrary things when it gets tripped, so it can be scripted to hiberate. HTH, ~T - Original Message - From: "Tom Ritter" To: "liberationtech" Sent: Friday, May 9, 2014 11:41:41 AM Subject: Re: [liberationtech] A tool for encrypted laptops Hey all. Reviving an ld thread with a new release: https://isecpartners.github.io/news/tools/2014/05/09/yontma-mac-release.html >From the first email: If your encrypted laptop has its screen locked, and is plugged into power or ethernet, the tool will hibernate your laptop if either of those plugs are removed. So if you run out for lunch, or leave it unattended (but plugged in) at starbucks, and someone grabs your laptop and runs, it'll hibernate to try to thwart memory attacks to retrieve the disk encryption key. Not foolproof, but something simple and easy. We've now released a version for Mac. (Open Source of course.) -tom On 30 May 2013 13:24, Seth David Schoen wrote: > Tom Ritter writes: > >> On 25 March 2013 11:57, Tom Ritter wrote: >> > It the moment it only supports Bitlocker, but support for Truecrypt is >> > coming[0]. \ >> >> Due to some internal confusion, this happened a little bit ago, but I >> didn't know about it. You can now tell it "I'm smarter than you and >> have FDE you don't know about"[0]. This will let it work with >> Truecrypt. >> >> Mac and Linux support are still stalled. Julian Oliver posted a quick >> script for Linux that emulates some amount of the functionality last >> March, I'm reposting: > > Jacob Appelbaum and I have some data sources for doing the whole thing > in the thread at > > https://github.com/iSECPartners/yontma/issues/2 > > I'm not sure how fancy we want to make this. > > -- > Seth Schoen > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] A tool for encrypted laptops
Hey all. Reviving an ld thread with a new release: https://isecpartners.github.io/news/tools/2014/05/09/yontma-mac-release.html >From the first email: If your encrypted laptop has its screen locked, and is plugged into power or ethernet, the tool will hibernate your laptop if either of those plugs are removed. So if you run out for lunch, or leave it unattended (but plugged in) at starbucks, and someone grabs your laptop and runs, it'll hibernate to try to thwart memory attacks to retrieve the disk encryption key. Not foolproof, but something simple and easy. We've now released a version for Mac. (Open Source of course.) -tom On 30 May 2013 13:24, Seth David Schoen wrote: > Tom Ritter writes: > >> On 25 March 2013 11:57, Tom Ritter wrote: >> > It the moment it only supports Bitlocker, but support for Truecrypt is >> > coming[0]. \ >> >> Due to some internal confusion, this happened a little bit ago, but I >> didn't know about it. You can now tell it "I'm smarter than you and >> have FDE you don't know about"[0]. This will let it work with >> Truecrypt. >> >> Mac and Linux support are still stalled. Julian Oliver posted a quick >> script for Linux that emulates some amount of the functionality last >> March, I'm reposting: > > Jacob Appelbaum and I have some data sources for doing the whole thing > in the thread at > > https://github.com/iSECPartners/yontma/issues/2 > > I'm not sure how fancy we want to make this. > > -- > Seth Schoen > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] A tool for encrypted laptops
Tom Ritter writes: > On 25 March 2013 11:57, Tom Ritter wrote: > > It the moment it only supports Bitlocker, but support for Truecrypt is > > coming[0]. \ > > Due to some internal confusion, this happened a little bit ago, but I > didn't know about it. You can now tell it "I'm smarter than you and > have FDE you don't know about"[0]. This will let it work with > Truecrypt. > > Mac and Linux support are still stalled. Julian Oliver posted a quick > script for Linux that emulates some amount of the functionality last > March, I'm reposting: Jacob Appelbaum and I have some data sources for doing the whole thing in the thread at https://github.com/iSECPartners/yontma/issues/2 I'm not sure how fancy we want to make this. -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
On 25 March 2013 11:57, Tom Ritter wrote:
> It the moment it only supports Bitlocker, but support for Truecrypt is
> coming[0]. \
Due to some internal confusion, this happened a little bit ago, but I
didn't know about it. You can now tell it "I'm smarter than you and
have FDE you don't know about"[0]. This will let it work with
Truecrypt.
Mac and Linux support are still stalled. Julian Oliver posted a quick
script for Linux that emulates some amount of the functionality last
March, I'm reposting:
//->
#!/bin/sh
while true;
do
AC=$(acpi -a | awk '{ print $3 }')
if [ "$AC" = "off-line" ]:
then
echo "Power unplugged. Hibernating."
pm-hibernate
fi
sleep 1
done
//<
-tom
[0]
https://github.com/iSECPartners/yontma/commit/26cef9cc60ecbb68b7c6bc78c418d367e657af6a
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
On Tue, 26 Mar 2013 13:03:56 + Michael Rogers wrote: > Last time I tried it wasn't simple to get Linux to hibernate with an > encrypted swap partition. Are there now distros that support this out > of the box? Works fine for me in Debian Wheezy, Fedora 17, and FreeBSD 9.something. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
..on Tue, Mar 26, 2013 at 01:03:56PM +, Michael Rogers wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 26/03/13 09:59, Julian Oliver wrote: > > For your Linux laptop why not just use an encrypted file-system and > > lid-switch? Close the lid and the machine hibernates. If you forget > > to close the lid then time it out to a screen lock. Can be done in > > a few lines of shell script with xtrlock and a > > /proc/acpi/button/lid/LID/state trigger. > > Last time I tried it wasn't simple to get Linux to hibernate with an > encrypted swap partition. Are there now distros that support this out > of the box? All good for me here with Debian and swap encryption. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
On Tue, Mar 26, 2013 at 8:03 AM, Michael Rogers wrote: > On 26/03/13 09:59, Julian Oliver wrote: >> For your Linux laptop why not just use an encrypted file-system and >> lid-switch? Close the lid and the machine hibernates. If you forget >> to close the lid then time it out to a screen lock. > > Last time I tried it wasn't simple to get Linux to hibernate with an > encrypted swap partition. Are there now distros that support this out > of the box? Debian. It's worked beautifully for me since Squeeze (at least, maybe Lenny?). -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/03/13 09:59, Julian Oliver wrote: > For your Linux laptop why not just use an encrypted file-system and > lid-switch? Close the lid and the machine hibernates. If you forget > to close the lid then time it out to a screen lock. Can be done in > a few lines of shell script with xtrlock and a > /proc/acpi/button/lid/LID/state trigger. Last time I tried it wasn't simple to get Linux to hibernate with an encrypted swap partition. Are there now distros that support this out of the box? Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRUZy8AAoJEBEET9GfxSfMvYEH/0nl+wEL8eoO2DAwc6kWvHhP hlnKn3wju31Iy0pQoPdPu1hKYesAkI2C3WJsUB/zvqZqTrcaoK//KgLHaEaZD5J2 mxqyP1fOQjvy1lulMBRhklV94zAGqIRy9a941GjqbL8GUz+MS9HDdjr0Fptnfgw5 OoHJplww5QNQduvv0oAJxzQfftonoofX+z6U3LSIlN2VcbAU4uKsg9Z/5G8zGqBs hoILNOP0PqqiE7dofoqfleTcIZC0c5qFYeS30ahRwqfpAkWtQnIDQwV3VmCvRgXk bZWYyQt7H3k9zTSOED0ntjFyZvunsudPQ7bWkbGgCC5trrCxFoN2R5AQf9tmVOs= =nPzo -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
..on Tue, Mar 26, 2013 at 10:59:22AM +0100, Julian Oliver wrote:
> ..on Tue, Mar 26, 2013 at 05:55:19AM +, Andreas Bader wrote:
> > > Hi all - at the risk of shilling, my company has released an Open
> > > Source tool called "You'll Never Take Me Alive". If your encrypted
> > > laptop has its screen locked, and is plugged into power or ethernet,
> > > the tool will hibernate your laptop if either of those plugs are
> > > removed. So if you run out for lunch, or leave it unattended (but
> > > plugged in) at starbucks, and someone grabs your laptop and runs,
> > > it'll hibernate to try to thwart memory attacks to retrieve the disk
> > > encryption key. Not foolproof, but something simple and easy.
> > >
> > > It the moment it only supports Bitlocker, but support for Truecrypt is
> > > coming[0]. If you have suggestions - add them to the github issues
> > > page.
> > >
> > > https://isecpartners.com/news-events/news/2013/march/yontma.aspx
> > > https://github.com/iSECPartners/yontma
> > >
> > > -tom
> >
> > Great Idea, solves a huge problem with the hack of SEDs.
> > But Windows itself is a big security hole, why don't you offer this for
> > Linux? When I encrypt my Laptop with Bitlocker and Yontma, then I have a
> > half Open Source secured Laptop..
>
> For your Linux laptop why not just use an encrypted file-system and
> lid-switch?
> Close the lid and the machine hibernates. If you forget to close the lid then
> time it out to a screen lock. Can be done in a few lines of shell script with
> xtrlock and a /proc/acpi/button/lid/LID/state trigger.
>
In fact here's a quick crude sketch that polls rather than triggers from /proc:
//->
#!/bin/sh
while true;
do
AC=$(acpi -a | awk '{ print $3 }')
if [ "$AC" = "off-line" ]:
then
echo "Power unplugged. Hibernating."
pm-hibernate
fi
sleep 1
done
//<
Add it to /etc/init.d/ and it will hibernate the machine when the power is
unplugged. You could also have it read STDIN, waiting N attempts for a password
before hibernating on failed auth.
Cheers,
--
Julian Oliver
http://julianoliver.com
http://criticalengineering.org
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
..on Tue, Mar 26, 2013 at 05:55:19AM +, Andreas Bader wrote: > > Hi all - at the risk of shilling, my company has released an Open > > Source tool called "You'll Never Take Me Alive". If your encrypted > > laptop has its screen locked, and is plugged into power or ethernet, > > the tool will hibernate your laptop if either of those plugs are > > removed. So if you run out for lunch, or leave it unattended (but > > plugged in) at starbucks, and someone grabs your laptop and runs, > > it'll hibernate to try to thwart memory attacks to retrieve the disk > > encryption key. Not foolproof, but something simple and easy. > > > > It the moment it only supports Bitlocker, but support for Truecrypt is > > coming[0]. If you have suggestions - add them to the github issues > > page. > > > > https://isecpartners.com/news-events/news/2013/march/yontma.aspx > > https://github.com/iSECPartners/yontma > > > > -tom > > Great Idea, solves a huge problem with the hack of SEDs. > But Windows itself is a big security hole, why don't you offer this for > Linux? When I encrypt my Laptop with Bitlocker and Yontma, then I have a > half Open Source secured Laptop.. For your Linux laptop why not just use an encrypted file-system and lid-switch? Close the lid and the machine hibernates. If you forget to close the lid then time it out to a screen lock. Can be done in a few lines of shell script with xtrlock and a /proc/acpi/button/lid/LID/state trigger. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
> Hi all - at the risk of shilling, my company has released an Open > Source tool called "You'll Never Take Me Alive". If your encrypted > laptop has its screen locked, and is plugged into power or ethernet, > the tool will hibernate your laptop if either of those plugs are > removed. So if you run out for lunch, or leave it unattended (but > plugged in) at starbucks, and someone grabs your laptop and runs, > it'll hibernate to try to thwart memory attacks to retrieve the disk > encryption key. Not foolproof, but something simple and easy. > > It the moment it only supports Bitlocker, but support for Truecrypt is > coming[0]. If you have suggestions - add them to the github issues > page. > > https://isecpartners.com/news-events/news/2013/march/yontma.aspx > https://github.com/iSECPartners/yontma > > -tom Great Idea, solves a huge problem with the hack of SEDs. But Windows itself is a big security hole, why don't you offer this for Linux? When I encrypt my Laptop with Bitlocker and Yontma, then I have a half Open Source secured Laptop.. -Andreas -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
On 25 March 2013 14:41, Karl Fogel wrote: > Your paragraph above doesn't mention it, but appears this is (right now) > only for MS Windows. Any chance of Linux support coming soon, and in > the long run of getting folded in as a kernel service so that I can just > configure it from my System Settings menu eventually? :-) > > I'm sure others will be asking about Mac OS X too. https://github.com/iSECPartners/yontma/issues/2 - Linux https://github.com/iSECPartners/yontma/issues/3 - Mac The more folks add +1's to the tickets they care about, the more likely the authors (who code it in their free time) will be to work on it. I know the authors don't have a lot of Linux/Mac experience though, so any pointers into how those disk encryption systems could be detected, and how to get the events for ethernet/power plug removal would be appreciated and probably improve motivation. =) -tom -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A tool for encrypted laptops
Tom Ritter writes: >Hi all - at the risk of shilling, my company has released an Open >Source tool called "You'll Never Take Me Alive". If your encrypted >laptop has its screen locked, and is plugged into power or ethernet, >the tool will hibernate your laptop if either of those plugs are >removed. So if you run out for lunch, or leave it unattended (but >plugged in) at starbucks, and someone grabs your laptop and runs, >it'll hibernate to try to thwart memory attacks to retrieve the disk >encryption key. Not foolproof, but something simple and easy. > >It the moment it only supports Bitlocker, but support for Truecrypt is >coming[0]. If you have suggestions - add them to the github issues >page. > >https://isecpartners.com/news-events/news/2013/march/yontma.aspx >https://github.com/iSECPartners/yontma What a terrfic idea, Tom -- thanks. Your paragraph above doesn't mention it, but appears this is (right now) only for MS Windows. Any chance of Linux support coming soon, and in the long run of getting folded in as a kernel service so that I can just configure it from my System Settings menu eventually? :-) I'm sure others will be asking about Mac OS X too. -K -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] A tool for encrypted laptops
Hi all - at the risk of shilling, my company has released an Open Source tool called "You'll Never Take Me Alive". If your encrypted laptop has its screen locked, and is plugged into power or ethernet, the tool will hibernate your laptop if either of those plugs are removed. So if you run out for lunch, or leave it unattended (but plugged in) at starbucks, and someone grabs your laptop and runs, it'll hibernate to try to thwart memory attacks to retrieve the disk encryption key. Not foolproof, but something simple and easy. It the moment it only supports Bitlocker, but support for Truecrypt is coming[0]. If you have suggestions - add them to the github issues page. https://isecpartners.com/news-events/news/2013/march/yontma.aspx https://github.com/iSECPartners/yontma -tom [0] https://github.com/iSECPartners/yontma/issues/5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
