Why I wouldn’t swap hard drives on a laptop.

Dax0007 wrote in response to my point 14. Secure format/wipe hard disk, and replace with original disk.  Repeat process. (21 Things to do when quitting work)

“When taking over a company laptop I think its a god idea just go out and buy another HD, HD kit for the laptop, & some restore cd’s for that laptop.. then setup your new harddrisk for personal use and when u do company work use ur company harddrisk.. you should be 100% safe to surf, download, and do what u want.. right????”

Maybe Dax0007.  But swapping hard disk drives on a Lenovo Thinkpad is going to get awful tiring fairly quickly.  The following three drawings from IBM illustrate how much of a process it is:
t43hdd1t43hdd2t43hdd3

(used to take me 10 minutes to swap the disks on a T41 Thinkpad)

If I still had a company laptop, I would

  • set a drive password on the hard drive
  • encrypt the hard disk drive with TrueCrypt.
  • also TrueCrypt encrypt any “backup” drives I used at/for work.

And I’d also remind myself that anything I do while connected to the corporate network, is definitely not “safe” from scrutiny.

TrueCrypt – not as secure as I thought.

TrueCrypt LogoOn Wednesday, I wrote about TrueCrypt, and the requirement to create a Rescue Disk if you were going to use System Encryption.  I  looked into that, as I was setting up a test laptop so I could try the “Evil Maid” attack on TrueCrypt System Encryption.

And by Jove!  The Evil Maid attack works.

In short, the Evil Maid attack is a way to grab someone’s TrueCrypt’s passphrase.  Have a look at this photo of my test laptop:
Evil Maid - Can this password be hacked

Continue reading

Bypassing the TrueCrypt Rescue Disk check requirement.

Update: TrueCrypt 7 and later will allow you to bypass this check.

TrueCrypt, the freeware open source disk encryption product, allows you to encrypt your whole hard drive.  TrueCrypt calls this “System Encryption”.  Another name for it is Full Disk Encryption.  Just like Microsoft Bitlocker.
When you encrypt your system drive, TrueCrypt prompts you to create a Rescue Disk.  Should the TrueCrypt Boot Loader be corrupted, the Rescue Disk will help you fix that problem.
But TrueCrypt requires a CD/DVD drive to create the Rescue Disk, and if you don’t have one, it won’t let you continue:
Truecrypt - Full Disk Encryption - ISO check

Continue reading