Delete Data On Netbook If Stolen? 459
An anonymous reader writes "I have just moved overseas on a 2-year working holiday visa and so I picked up a netbook for the interim, an MSI Wind U100 Plus running WinXP. I love it to bits. But as I am traveling around I am somewhat worried about theft. Most of my important stuff is in Gmail and Google Docs; however, I don't always have Net access and find it useful to gear up the offline versions for both. Ideally I would like to securely delete all the offline data from the hard drive if it were stolen. Since it is backed up in the cloud, and the netbook is so cheap I don't really care about recovery, a solution that bricks it would be fine — and indeed would give me a warm glow knowing a prospective thief would have wasted their time. But it's not good if they can extract the HD and get at the data some other way. All thief-foiling suggestions are welcome, be they software, hardware, or other."
Encryption (Score:5, Informative)
Encrypt the entire drive with TrueCrypt or something. Use a strong cipher and a very strong passphrase. The laptop is as good as bricked to anyone who gets it.
Encryption (Score:2, Informative)
That is what encryption is for. Get truecrypt or other similar application and then the data won't be extractable by anyone without the password.
Lojack for Laptops (Score:4, Informative)
Website: http://www.absolute.com/products/lojack [absolute.com]
FAQ: http://www.absolute.com/resources/public/FAQ/L4L-FAQ-E.pdf [absolute.com]
Costs $59.95/year for the premium package which supports Remote Wipe. Embeds itself in the BIOS/EFI. Supports XP and OS X.
Re:Encryption (Score:1, Informative)
Get a seagate momentus FDE and do pre-boot authentication.
encryption is done in hardware, on the drive, viola.
Just make sure you get one of the FDE drives that does AES CBC not AES ECB.
Re:Encryption (Score:4, Informative)
Re:Encryption (Score:5, Informative)
What do they want to steal? (Score:5, Informative)
Most casual thieves want the hardware to use, resell, or simply because it's pretty. They don't give a toss about your data unless they can get easy cash out of it.
Encrypt the disk to protect your data. It doesn't even have to be very strong encryption but obviously good encryption is better if your CPU can handle it. You can save CPU cycles by only encrypting data that really needs to be kept personal.
Personally I'd be tempted to have some kind of low trick on there just to fuck with their minds. Add a script like
echo "GPS location tracking started..."
sleep 13
echo "Device location found and reported."
read x
There is absolutely no security in this but casual thieves are normally not too smart so might shit their pants.
Re:Whole Disk Encryption (Score:4, Informative)
I know it doesn't help the OP, but on linux-based netbooks it's trivial to re-install linux with whole disk encryption if you want to upgrade to Ubuntu anyway. I've been running this way on my primary laptop for over a year and haven't really noticed any performance degradation.
Re:Booby trap it? (Score:1, Informative)
There is probably room in the case for a few ounces of C4 explosive, and a detonator. You might have a hard time getting it through customs though.....
I doubt it. The security theater at the airports I've seen only exists to inconvenience and intimidate, it would be pretty easy to for someone of average or greater intelligence to get knives, bombs, or other improvised weapons though.
Re:Identity Theft or Physical Theft (Score:1, Informative)
You could just use something as simple as a screensaver password. After a few minutes of not using the machine, they would need the password to get back to your session.
There would be no way for them to run any tool to brute force the password or anything, without rebooting the machine. But then if they reboot the machine, they have to decrypt the drive again.
Why do they want your E-mail? (Score:2, Informative)
Firstly: You're not that interesting - nobody wants to read your E-mail, and the 'important' stuff (like your PGP keys) are individually passphrase protected, aren't they.
Secondly: You're not that interesting - the thief either wants the device for themselves, or to fence it for $50 worth of crack (or food, depending on where you travel). If they want it for themselves - chances are they'll just wipe it with a clean Windows install (you even leave the registration key on that little sticker on the back, don't you...) to get past your login/resume password. If they don't whoever fences it will.
Re:Whole Disk Encryption (Score:2, Informative)
Would also like to mention FreeOTFE (http://www.freeotfe.org). Unlike Truecrypt it happens to be Linux/LUKS compatible.
Re:Encryption (Score:5, Informative)
My personal experience with a Inspiron 1520 is that whole disk encryption significantly reduces battery life, which is a real usability problem.
Most likely, when I get back to the states (I only encrypted for some overseas travel anyway), I will decrypt it and move back to an encrypted truecrypt container for the small number of documents that are really sensitive.
Re:Whole Disk Encryption (Score:3, Informative)
Difficult to take seriously... (Score:2, Informative)
You're worried about security and privacy? Then why are you using Gmail and Google Docs for that oh-so-important data? If you're going to be paranoid, you might want to start there...
I mean, I use Gmail too, but as a student, I don't exactly have a lot to hide - a few forum passwords, slashdot credentials, a few measly bucks in the bank. If you were really AT ALL serious about privacy and security, you should be using services that aren't paid for by a company that makes money from knowing your private data...
Sorry, but this makes it very difficult to take your post seriously...
Dongles (Score:1, Informative)
Re:What do they want to steal? (Score:5, Informative)
It doesn't even have to be very strong encryption but obviously good encryption is better if your CPU can handle it.
AES is quite fast on 32-bit CPUs. There's no excuse for bad crypto.
Don't place an OS on the drive (Score:1, Informative)
Many netbooks boot from USB or an SDcard. Run the OS off of one of these. If you use an Ubuntu live CD, there will be no information on the drive upon reboot. For local storage use a USB drive with Truecrypt.
Re:Encryption (Score:3, Informative)
I have a Pentium 3 Mobile 1.7GHz Thinkpad and Truecrypt makes no appreciable difference in performance. Even during benchmark tests the CPU is only about 50% loaded, so the bottleneck is the HDD itself. 50% sounds like a lot, but keep in mind we are talking artificial benchmarks here. Real world performance is probably in the order of 5-10% when loading an app or large file.
Truecrypt is by far the best option. Not only does it protect your data in case of theft or over-zealous customs staff, but you can wipe the entire disk instantly just by destroying the TC header (1 sector). Without the header you can't even do a dictionary attack, you would need to brute force AES which is basically impossible in the foreseeable future.
Re:Are you evil enough? (Score:2, Informative)
True, but there are ways to get a reasonably high level of confidence that something will happen. Most flash utils that I've dealt with either do no checking on the image, which is awful, or simply check it for size, extension, or a basic checksum. I'm guessing that this is because the developers believe that only an insane person would try to flash a .jpg or whatever to their BIOS. Since this is one of a very few things that can actually make your computer unusable, you would think that they would take more care, but they don't. As for testing, most of the flash utilities that I've used give you at least two chances to confirm that you really want to perform the flash, usually the last one is after the new BIOS has been read in and, presumably, passed any checks being done. If you were very familiar with the flash program and had the fortitude, you could run the process right up to the point of no return and then say 'no', and I would be pretty confident that something bad would have happened should you have gone ahead...
Re:Encryption (Score:1, Informative)
I'm not sure what you were doing wrong there, but the veteran testers at Tom's Hardware found that TrueCrypt whole disk encryption reduced battery life just by 1% for AES.
http://www.tomshardware.com/reviews/truecrypt-security-hdd,2125-11.html [tomshardware.com]
Battery Runtime Test Passed
Our MobileMark 07 testing was conducted with a Dell Latitude D610 and a 9-cell battery. It resulted in a 1% runtime decrease for AES and 3% for AES-Twofish-Serpent. The same percentage decreases should also apply to smaller batteries.
Re:encryption is not the answer (Score:3, Informative)
The Atom can only barely play higher-quality youtube videos. Any little thing will tip it over the edge. I agree that it is only a minor impact for most users. But Atoms are a different case.
You should actually try it. I have an OLPC XO-1 (with a Geode processor -- even slower than the Atom) and full-disk encryption makes no detectable difference in performance.
What you're missing is the fact that symmetric ciphers, which are actually what the bulk encryption is done with, are very fast. Even low-end processors are typically able to encrypt/decrypt *many* times faster than they can read or write data to disk/flash. And, actually, there shouldn't be any storage I/O involved in playing a youtube video, so even if full-disk encryption were slow, it wouldn't cause a problem with that.