Security :: Security Implications For Wear-Leveling Of Hard Disks
Mar 17, 2010
I am surprised (from the searches I carried out on the net) that no one seems to have considered this danger so far as I can see...I'm a little concerned about the implications on security for algorithms that opaquely shift data blocks around on disks to even-out surface wear rates.In the good old days, if I wanted to wipe a file that documented my struggle to give up frosted strawberry donuts (for example) I knew where that file started on the disk and how long it was and could thus instruct the OS to wipe it with complete confidence.
Nowadays, however, with increasingly sophisticated use being made of W-L techniques and fancy, journaling file systems that separate meta-data from file content and whatnot and so forth, how can I still be sure that when I try to overwrite a personal and private file, that i AM actually doing precisely THAT, and not just nuking some virtual image of the thing which in reality remains preserved elsewhere on the disk?
I was wondering about the security implications of running a GUI in a VM. I know that a GUI adversely affects security, but don't know how this works when visualization is thrown into the mix.
1. Is the security of the host OS affected by the presence of a guest OS with a GUI, or is it just the guest OS that would take the hit?
2. If the host OS does not have a GUI, and the guest OS does have a GUI, would it be possible to see the GUI of the guest OS?
i have just recently purchased a SeaGate 1TB External Hardrive. i have very sensitive information on this storage unit that i only want certain people to have access to. is there any way of password protecting the hardrive? preferably using linux or what are my options?
In Ubuntu Lucid 10.04, when I click a disk in the left panel of Nautilus for the first time, the disks are getting mounted without asking a root password. This was not in the case for the previous versions of Ubuntu. how can I turn this feature on in Lucid.
By fiat I must distribute my homedirs across multiple physical disks/partitions. Unfortunately this is not open to discussion so obvious solutions like a lvm home partition are not available to me. The issue: Users created with homedirs on the main home partition (the one created as home during the f13 install) behave as expected, but if I create them on a different partition (home9 for the sake of this example) the users are not able to login (dropped back to login screen), nor run x-apps if su -'d to in a konsole.
If I 'su - <user-on-home9>' in a konsole, I get delivered to the /home9/<user-on-home9> as expected, but x-apps fail with the error: 'cannot open display: :0'. This can be temporarily fixed with the command 'xhost +SI:localhost:<user-on-home9>', but I would rather fix it permanently at the source.
This appears to be an selinux problem from the following.The contexts of the the two rootdirs are the same
% ls -Zd /home /home9 drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home9 but when I create the users (using useradd or the gui) their respective contexts differ: % ls -Zd /home/user5 /home9/user6
[Code]...
So, my questions for you selinux experts are 1) is it possible to have homedirs spread across multiple partitions with selinux, and if so, how, 2) Why, even when I manually set the dir/file contexts to match a properly functioning user5 from /home, do users from /home9 still not work (as far as login and x-apps).
My SSD HD supports ATA Security. Does Macbook EFI and linux support it? I know hdparm does. Who will do the unlock at each bootup? Can I still set a password without erasing the disk?
Update: removed "SED full hard disk encryption" from the title based on comment by @ataboy. Some might still refer to this ATA security incorrectly as "encryption" however.
I'm installing fedora 12 on a laptop using the live cd, and I have a few questions about the encryption process.
First, I'd like to fill the drive with random data. I've read the fedora documentation and it suggests using the following command: dd if=/dev/urandom of=<device>. The installer didn't offer an opportunity to do this, so I opened a terminal and typed the command. I expected it to take hours on my 160 gig hard drive, but it only took about 3 minutes, and indicated about 600 megs of data had been written. Did I do it correctly? According to palimpsest, my boot partition is sda1 and the other partition is sda2, so that's the one ran the command with.
Second, I need some advice on what to encrypt. The installer shows me the following layout after I select encryption:
LVM Volume Groups
Hard Drives
I know I can't encrypt boot, but I can encrypt lv_root and lv_swap. But is it necessary to do that? And tell me the pros and cons of using a boot loader password?
I encrypted my hard drive on my media PC but it's really annoying having to type in a password every time I turn it on. I chose a short password so it was quick and easy to type in but is it worth encrypting data with a weak password?If the computer is suspended, someone could come along and resume the computer. They would be presented with a locked GNOME session) but the data would be unencrypted; does this go against encrypting the hard drive? Or does the locked GNOME session provide enough security to keep an intruder out?
I have two internal harddisk. Harddisk 1 has ubuntu, fedora installed and harddisk 2 has ubuntu installed. I normally connect either one, and use it. How can i always keep connect both harddisks, and at the start, select from which harddisk to boot? Or it's not possible?
I was trying to install Fedora 9 on my new laptop that came with Win XP. I have selected the option to wipe out all partition and create a default layout with the Encryption option selected. But that installation got stopped on the middle, therefore I have started the installation again. This time it asked for the encryption password as expected but don't know why, its not accepting my password. I am 100% sure that the password is correct but it is not allowing me to enter into the hard disk partition section.
My question is, how do I remove encryption from my hard disk? I don't need to preserve the data, I just need to use my hard disk again. Is there any boot CD that allow us to format encrypted disks without prompting for a password?
I've got a few laptop for which I'd like to encrypt hard drive with the help of a smartcard.Does one techno (LUKS, true-crypt,) support smart card for getting the secret/passphrase ?
So what I want to do is encrypt my entire hard drive, but heres the thing.
I dual boot Ubuntu and windows 7, but I am afraid that if I use truecrypt to do the encrypting that it will wipe GRUB and not allow me to boot into any OS, is that a possibility and is there a way around it?
I have a friend that has a computer running UBUNTU he has not used in a while and has forgotten the user name and password for it. Is there away to retrieve the data from this hard drive?
I have recently bought a new laptop, installed my first linux OS on it (Ubuntu 9.10) and an external hard drive with 500GB on it for backup. For the first few days my external hard drive was working fine, but then eventually it wouldn't let me copy/move/delete stuff to and from it. So I kept trying to change the permissions but it wouldn't let me.
I figured this would be a very very common problem, so I looked up some forums to try out the methods but they didn't work. So I thought I would ask you guys for help because I am pleased with the support. I wouldn't think this would be a hard problem to solve.
What I want to do is pull data from any of the hard drives attached to my Linux box from my Windows machine. I have been moving small amounts of data from the drives to my OS drive and those parts share easily, but I want to move away from that method to move large amounts of data at the same time.I have tried using Samba as it is used for file sharing between systems and that I have to give my Windows box permission through Samba.
Trick is, I'm not sure where to start, though I have an idea and wanted to know if this is the right track before I start editing my file system.
I have an external hard drive that has all of my Apple Powerbook G4 files on it. I plugged in my "Journal Extended" external hard drive into my new HP laptop with Ubuntu 10.10 on it.
All of my files are on the hard drive still, however lots of them have a little X on the folders and when I try to open them it tells me I don't have permission? How can I force the permission for everything on my external? It's my own files and I can't even access them lol.
I want to access my hard drive to copy over my old documents. So I boot into a LiveUSB, mount my ubuntu partition, and then cd to my home directory, but I can't open it. I get "permission denied." I encrypted my whole home directory and know the password, but how do I "decrypt" it or login as the partition's root so I can access the documents that way. I'm booted into the USB, but can't access the home directory. I get "You do not have the permissions necessary to view the contents of 'jake'".
I was thinking of physically removing the hard drive and use the computer only with a liveCD for security. But is disabling the hard drive in the cmos just as secure, or does software exist that can still access the hard drive?
i am having a problem that i would call a bit "important" with my server. so, from last 3 weeks the used space of my hard disk (RAID I) started growing up. i have 2 x 1 tb HDD working on RAID I and i did not install anything those weeks. the space just started changing from 90 GB till 580 GB. now the situation is stable there but i think it's not normal.
the bandwidth usage is low (like 120 gb in 2 months) and i am running 6 counter strike gameservers, a forum, a very little website and some local stuffs... a friend of mine told me that my server could have been hacked but i am afraid it did... some useful informations: when i reboot the server the used space goes down again to ~100 GB and then it starts going up again. i cant really find where all those files are located:
I want to view a hard drive and see if it has all zeroes, how would I do this? I want to view a hard drive and see if it has all random data, or random data mixed with zeroes. How can I do this? I prefer to do all this in linux if possible without a gui...so looking for any cli tools to view with.
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg !!------------------ [ 12.762633] cfg80211: Calling CRDA for country: AM
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
