Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.
The nfoCentrale Blog Conclave
nfoCentrale Associated Sites
ACM News Service: Skeletons on Your Hard Drive. This blurb is a great reminder of how much we put faith in two things: What people tell us their service or disk wiper software provides, and what we believe because we don’t know how to read the wiped data ourselves. We tend to forget that a culprit out for your information or simply opportunistically scanning for anyones goodies and private files is going to attempt things we aren’t equipped to verify ourselves.
This is distressing for me because I am a big advocate of arrangements that I term “confirmable experience.” Confirmable experiences, such as two end parties having the tools they need to figure out why an e-mail communication is failing, have a strong cooperative component—the willingness to arrange, use, and exchange confirmatory findings. You and I may successfully arrange to run the same tests at a distance, or tolerate failures in ways that the defect can be discovered. More than that, I am able to communicate what I am seeing to the other party so that the end-to-end picture can be pieced together. That’s completely different than the situation where someone is willfully seeking an exploit and has no interest in my awareness of it, let alone confirming it with me.
So here we are having to think about the unseen and putting faith that its invisibility to us means it is truly inaccessible. It’s one of those moments that brings William Kingdon Clifford’s challenging “The Ethics of Belief” sharply into recall.
Matt Hines’ 2005-04-20 CNet News.com article provides more details and information about how to wipe disks properly if you’re going to rely on such techniques.
All of this is of little help for ordinary theft of a laptop. There you have a pristine hard drive with what the user wants to be there, in all its glory. Not only am I bothered by it apparently being quite easy for my laptop to be reset to an insecure default startup configuration, with physical access to the machine a thief can simply remove the hard drive and examine it at leisure using a different machine, so I have to protect the data on the drive in a direct way. Mostly, I don’t want anyone else to be able to use the machine with my hard drive in it, and I’d rather the thief be discouraged in trying to use anything that is on that drive, especially the operating system itself. A determined perpetrator won’t be dissuaded, but I’d like to cut down on the hazards of ordinary theft of a mobile device.
If encryption is the answer, how do I rely on that, and whose product can I trust? How does it impact my day-to-day ability to operate? I have no idea. What I know is that I have little way of telling whether the safeguards are really working as claimed, just as I have to rely on my antivirus software being benign, on my software firewall really protecting my system, and my residential router actually being impenetrable from the net, especially with a DSL modem in front of it. I am left with Clifford’s challenge: What right do I have to believe that I am protected by these measures?
|You are navigating Orcmid's Lair.|