Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Flaws | 19 comments | Create New Account
Click here to return to the 'Flaws' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Flaws
Authored by: VRic on Sep 29, '04 01:21:48PM

A physical key protects against someone with physical access to the machine, which is almost pointless. Only encryption does that. There are Firewire disks with on-the-fly hardware encryption for real paranoids.

I suppose there's a deterring effect on bozo spys, but who cares about bozo intelligence ? It's not like anyone relies on them for matters of war or something. Oh, wait.

With access to the mac I wouldn't try to get your login/pass: unless it has a firmware password I could boot it in firewire target disk mode and hook it to mine in less time than a login, browse its disk as root, then restart and leave it waiting for login, which if your script killed everything would be indistinguishable from the state you left it in.

So this is worse than nothing if you don't advise the use of a firmware password first: not only would a low-tech spying have occured in no time, but the owner couldn't even tell (unlike current sessions turning out to be changed or closed).

Of course a firmware pass only works if the bad guy doesn't have 5 min to remove the disk from the mac, hook it to his via a Wiebetech Super DriveDock (bare bus-powered hot-pluggable ATA-FireWire bridge), then put it back. Which is also essentially low-tech and requires no OS X knowledge at all.

Against that there's only (a) encryption or (b) using a clamshell iBook, which takes half a day, a coffe machine and 5 sq meters of desk space to get to the hard drive, at what point he will probably yell with joy and relief, which will get him noticed.



[ Reply to This | # ]
Flaws
Authored by: Gabs on Sep 29, '04 03:29:33PM

Changing the amount of installed RAM will reset a firmware pass - so not even the old Clamshell is safe... Back to encryption then. Ain't that a beach.



[ Reply to This | # ]