This is an excerpt from an article on securityfocus.com. The full article can be read here: http://www.securityfocus.com/columnists/215

Dave had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware. Are you listening, Apple? The FBI wants to buy your stuff. Talk to them!

Dave also had a great quotation for us: "If you're a bad guy and you want to frustrate law enforcement, use a Mac." Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none.

I found that article quite amusing. Just another reason to use a mac
;)
Courtesy to yourmaclife.com for the reference.

Check your date, I think we did this a year ago -- don't know it it's been archived yet.

Edit: of course a year later they're finding that Windows machines (I think) are frustrating them more -- since the huge new database project may be scrapped.

yeah, i remember reading this article a LOOOOOOOOOONG time ago.

yeah, i remember reading this article a LOOOOOOOOOONG time ago.

i remember it too

but i still find it amusing

yeah, i remember reading this article a LOOOOOOOOOONG time ago.

Just because you have seen it before doesn't mean someone else hasn't.

I had never seen this before. Thanks for posting!

Just because you have seen it before doesn't mean someone else hasn't.

I had never seen this before. Thanks for posting!

HIGH FIVE

Removed

Thanks for the article, i sent the link to a friend who wants to major in forensics (also against mac :( )

Macs make the FBI happy. How cool.

oh hell.

now i hafta be afraid of the mounties?!

wouldn't finding info on a mac's HD be the same as on a window's based machine. Both have sectors, both have the same make hd. Maxtor, WD, Seagate... etc. I don't know the big deal about having a mac (in terms of the FBI not knowing how to physically get data off of it).

I have a life, so I'm not the first one to say "REPOST" and put up dumb graphics. This is a great article. Thanks for bringing it up because it was an enjoyable read. Also, with the things happening up north with the 4 RCMP officers, this story should hold some relevance.

This is an excerpt from an article on securityfocus.com. The full article can be read here: http://www.securityfocus.com/columnists/215



I found that article quite amusing. Just another reason to use a mac
;)
Courtesy to yourmaclife.com for the reference.
Of course the Mac user could just put all their important data in Firevault... then the FBI could get it... after the sun goes NOVA.

wouldn't finding info on a mac's HD be the same as on a window's based machine. Both have sectors, both have the same make hd. Maxtor, WD, Seagate... etc. I don't know the big deal about having a mac (in terms of the FBI not knowing how to physically get data off of it).
True, but you have to be able to read those sectors with something... aka the computer. And they don't know how to do that on the Mac. Firevault makes that even harder. Unless the user gives them the password they'll NEVER get the information.

I have a script that cleans house with srm -mzfv. Can data be recovered after using secure rm?

Thanks, I like bringing forth new entertaining articles. One thing to note is that when do a forum search to make sure you don't make a repost, results are not always accurate. This is because people will use titles that have nothing with the subject you want to post about. ;)

Back to the article. I'm not a hacking brainiac, but don't you need a PC to hack PC using systems?

True, but you have to be able to read those sectors with something... aka the computer. And they don't know how to do that on the Mac. Firevault makes that even harder. Unless the user gives them the password they'll NEVER get the information.

Um... stupid question but how does filevault work and why is it so hard to get into?

Um... stupid question but how does filevault work and why is it so hard to get into?

I was also wondering this. I don't understand how it could be that difficult to get info off of macs. And wouldn't the FBI not want the public to know about that?

I have a script that cleans house with srm -mzfv. Can data be recovered after using secure rm?

I think srm uses 7-pass overwriting, which is also known as "only the NSA is more paranoid". Correct me if I'm wrong on this...

And the FBI does have backdoor passwords to many encryption codes... It's considered "vital to national security" to have unfettered access to citizen's data, even if they think it's secure. That said, I don't know if the government has the key to Filevault, which uses a much more sophisticated system than your average encoder... This would truly be the only way to get in without a password, it can't be hacked (yet). Considering how much Apple would undoubtedly like to tap the intelligence market, it wouldn't surprise me if they gave the keys to the FBI, but then again Apple was started by leftist hippies, so who knows. This is all assuming such a backdoor key exists, it may not at all.

People are dying now / Do something you ugly cow / Sorry for myself again / Me, my wallet, and my men / Jesus, I love you / Frank I love you, too / Hit the road together / Get out of the zoo / No exit / Just a pit / Apocalyptic and a zit / Hurry now / Pack your bags / Adieu you món scalawags / Got my sneakers velcroed / Snap my bookbag on / Goodbye little zipcode / How can I go wrong?Dude that sig is an acid trip :eek:

And the FBI does have backdoor passwords to many encryption codes... It's considered "vital to national security" to have unfettered access to citizen's data, even if they think it's secure. That said, I don't know if the government has the key to Filevault, which uses a much more sophisticated system than your average encoder... This would truly be the only way to get in without a password, it can't be hacked (yet). Considering how much Apple would undoubtedly like to tap the intelligence market, it wouldn't surprise me if they gave the keys to the FBI, but then again Apple was started by leftist hippies, so who knows. This is all assuming such a backdoor key exists, it may not at all.
Erm...wow. The NSA might be a light-year ahead of civilian cryptographers, and they might not. They absolutely refuse to say a single word about it. But the NSA ain't letting the FBI in on the fun.

And I'm willing to bet (and do everytime I use it) that there aren't backdoors to most of the popular encryption schemes (Like PGP and GPG). That's why the FBI and NSA get pissed when citizens encrypt their data. I don't know where you got the "backdoor" idea, but go do some reading on the history of cryptography. Real "strong encryption" has years and years of dedicated peer review behind it and absolutely no "backdoors". Apple's filevault, being proprietary, is therefore almost certainly less secure than an open and tested system like PGP/GPG. Guys like Bruce Schneier laugh their ass off when a company shows them their "uncrackable" "secret" encryption routines. Security through obscurity does not work here. The math makes it ridiculously hard to crack, not hiding what's going on. That said, I'm not really up on the literature for Filevault. It could be based on a tested and proven routine with mounds of peer review.

And then again, the most common weak link is the meat sitting in the chair. Whether it's choosing your own birthday or "password" for your password or being susceptible to "social engineering", it's almost always easier for someone to crack the user than the encryption.

Thanks, I like bringing forth new entertaining articles. One thing to note is that when do a forum search to make sure you don't make a repost, results are not always accurate. This is because people will use titles that have nothing with the subject you want to post about. ;)

Back to the article. I'm not a hacking brainiac, but don't you need a PC to hack PC using systems?
Why does everyone get is such a tissy about reposts anyway? It happens. Most users aren't going to go beyond the first page to see if something has been posted.

Um... stupid question but how does filevault work and why is it so hard to get into?
It's the level of encryption and the fact there is no back door. If you don't remember your password God himself couldn't get the information off let alone the FBI. It would take 4.6 Trillion years to break the encryption. Even if we learn to break such codes exponentially over the next few decades it would take years and years to break in.

I have a life, so I'm not the first one to say "REPOST" and put up dumb graphics. This is a great article. Thanks for bringing it up because it was an enjoyable read. Also, with the things happening up north with the 4 RCMP officers, this story should hold some relevance.

Just voicing my support for Lacero... People who get so upset over reposts just need to take a break from the forums for awhile or something... or just relax. I for one had never seen this, and wouldn't have thought to search for it :p

Just voicing my support for Lacero... People who get so upset over reposts just need to take a break from the forums for awhile or something... or just relax. I for one had never seen this, and wouldn't have thought to search for it :pSome of us get quite a bit of entertainment out of people that think reposts are a fun and exciting way to get banned. ;)

Some of us get quite a bit of entertainment out of people that think reposts are a fun and exciting way to get banned. ;)
I'm with the people that think it's ok to repost. Frankly no one is going to go hunting for a particular thread if it's not readily available. It takes too much time and effort. And frankly unless you have no life and never leave the board you're bound to find someone who hasn't read it and would like to talk about the issue.

I'm with the people that think it's ok to repost. Frankly no one is going to go hunting for a particular thread if it's not readily available. It takes too much time and effort. And frankly unless you have no life and never leave the board you're bound to find someone who hasn't read it and would like to talk about the issue.I thought I saw you get in trouble yesterday for reposting a couple times. :p

Reposting when the original thread has been dormant for several months seems fine, even logical, to me. What's the point in bringing it back up since some of the original arguments/technical points may be out of date which means you'll end up with lots of corrections to things that probably were correct at the time they were written. Those who remember it's a repost could put a link to the original discussion for those curious to see if the arguments have changed.

Reposting when there's another thread with the same title on the first page of that forum is a little different though since it takes little effort to scan that first page to see if there's a response. Similarly with technical queries, searching and looking at first page of results to see if there's a match isn't time consuming - and may save you time if the question's been answered in the past.

If your query isn't answered fully though, then starting a new thread that registers you know a similar one has been asked is better than restarting the old one. Many people only read the first post and answer that rather than reading all the comments; your subsequent question becomes an unread comment.

Apple's filevault, being proprietary, is therefore almost certainly less secure than an open and tested system like PGP/GPG. Guys like Bruce Schneier laugh their ass off when a company shows them their "uncrackable" "secret" encryption routines. Security through obscurity does not work here. The math makes it ridiculously hard to crack, not hiding what's going on. That said, I'm not really up on the literature for Filevault. It could be based on a tested and proven routine with mounds of peer review.FileVault uses AES (http://www.apple.com/macosx/features/filevault/), the standard that took over for DES (or 3DES) not too long ago. Should be secure enough. It's proberbly easier to guess passwords (either your login or master password)...

I thought I saw you get in trouble yesterday for reposting a couple times. :p
Yep, I was banned too by some newbie mod. A senior mod then unbanned me because of how ridiculous the banning was. Reposting is not a bannable offense, especially if you're not reposting in the same category.

FileVault uses AES (http://www.apple.com/macosx/features/filevault/), the standard that took over for DES (or 3DES) not too long ago. Should be secure enough. It's proberbly easier to guess passwords (either your login or master password)...

There is a feature on the AES when making encrypted .dmg files. - there is a little "i" bottom left when it asks for password and confirmation that reports the security of your chosen password as you type it in. Is this feature on filevault too?

There is a feature on the AES when making encrypted .dmg files. - there is a little "i" bottom left when it asks for password and confirmation that reports the security of your chosen password as you type it in. Is this feature on filevault too?Don't think so (it's a long time since I sat my master password)...
...but a random password (not found in ANY dictionary in ANY language) using all large/small letters, some numbers ang maybe some additional signs, with a length of 20 or maybe 30 should keep even the NSA busy for quite a while... ;)

Remember you have to use that long passwords not only as master passwords, but also for all users (including root) to be "safe"...

Erm...wow. The NSA might be a light-year ahead of civilian cryptographers, and they might not. They absolutely refuse to say a single word about it. But the NSA ain't letting the FBI in on the fun.

And I'm willing to bet (and do everytime I use it) that there aren't backdoors to most of the popular encryption schemes (Like PGP and GPG). That's why the FBI and NSA get pissed when citizens encrypt their data. I don't know where you got the "backdoor" idea, but go do some reading on the history of cryptography. Real "strong encryption" has years and years of dedicated peer review behind it and absolutely no "backdoors". Apple's filevault, being proprietary, is therefore almost certainly less secure than an open and tested system like PGP/GPG. Guys like Bruce Schneier laugh their ass off when a company shows them their "uncrackable" "secret" encryption routines. Security through obscurity does not work here. The math makes it ridiculously hard to crack, not hiding what's going on. That said, I'm not really up on the literature for Filevault. It could be based on a tested and proven routine with mounds of peer review.

And then again, the most common weak link is the meat sitting in the chair. Whether it's choosing your own birthday or "password" for your password or being susceptible to "social engineering", it's almost always easier for someone to crack the user than the encryption.

I'm taking this from a blog because I can't find a better source, but I'll keep looking...
Some have hoped for compromise solutions that would allow strong cryptography to be widely used while still enabling the NSA and the FBI to decrypt messages when lawfully authorized to do so. For example, there have been key-escrow proposals that would require users to register their software encryption keys with law-enforcement agencies, and key-recovery proposals that would give government agencies backdoor access to the keys. In a typical key-recovery scheme, an encrypted version of the message encryption key is sent along with each message. An FBI-authorized key-recovery center can use a master backdoor key to decrypt the message key, which is then used to decrypt the message itself.

Speculation is that a number of software developers are voluntarily implementing similar systems... Or simply offering up any cracks they know about, which the public might not. But there have been cases where the FBI appears to have decrypted files that they shouldn't have been able to. Of course as you said, the human element is the weakest and perhaps that's all they're exploiting. Certainly publically the FBI is just beginning to acknowledge that they use viruses and loggers to obtain passwords in some cases...

So I guess my point is, even if it's not happening yet, it will be soon...

Also, it's rubbish to think Filevault is going to be secure for ever. True, with today's technology it would be an unfathomably long time to crack... But with the hardware available in 2010? 2008? Sure, piece of cake. They've made similar claims in the past and they're always shattered by the exponential growth of technology.

Dave also had a great quotation for us: "If you're a bad guy...use a Mac."Oh, so that explains why Rush Limbaugh and Karl Rove use Macs... :D

So I guess my point is, even if it's not happening yet, it will be soon...

Ah, yes, the old "key-escrow" thing. That's been around as long as "amateur" cryptography (amateur meaning not NSA). And everyone in the crypto community has rejected it as ludicrous. Or course, companies aren't really in the crypto community so maybe they will try to build in backdoors. But I don't think real cryptographers would, it goes against their principles. And being scientists, what the NSA and FBI want hopefully won't be foremost in their thinking. Hopefully. ;)

I'm with the people that think it's ok to repost. Frankly no one is going to go hunting for a particular thread if it's not readily available. It takes too much time and effort. And frankly unless you have no life and never leave the board you're bound to find someone who hasn't read it and would like to talk about the issue.

It just clutters up the boards, that's why the mods don't like reposts. And its against the FAQs/Rules so thats a major reason why they don't like it either. And don't make fun of us who can't leave the boards... it isn't OUR fault that we only exist on the internet and choose to live here... what is life anyway?

Don't think so (it's a long time since I sat my master password)...
...but a random password (not found in ANY dictionary in ANY language) using all large/small letters, some numbers ang maybe some additional signs, with a length of 20 or maybe 30 should keep even the NSA busy for quite a while... ;)

Remember you have to use that long passwords not only as master passwords, but also for all users (including root) to be "safe"...

Also, you should wear tin foil (NOT Aluminum foil, doesn't work) and live in a bomb shelter to be extra safe. But what you said was good, too. That is, if you don't work for the government... maybe you are trying to trick us? :eek:

Actually I would just plain piss the hell out of the FBI. My Thinkpad had a built in encryption subsystem that supports on the fly 128-bit encryption of the local hard drive that also integrates into the OS at a pretty low level. ( There is a reason why the gov uses IBM after all. ) Since there is a subsystem dedicated to encrypting and decrypting the disk there is virtually no strain on the CPU and overall system performance still flys. Apple isn't the only one in the industry who can innovate. :p

Also, you should wear tin foil (NOT Aluminum foil, doesn't work) and live in a bomb shelter to be extra safe. But what you said was good, too. That is, if you don't work for the government... maybe you are trying to trick us? :eek:And you'll be in big trouble if they stuffed the transmitter up your south end instead of putting it in your teeth.

great article, hadn't seen that before.

and good work Apple. ;) :D

Also, you should wear tin foil (NOT Aluminum foil, doesn't work) and live in a bomb shelter to be extra safe. But what you said was good, too. That is, if you don't work for the government... maybe you are trying to trick us? :eek:D*mn, you got me. Now I have to take down that Norwegian proxy and set it up somewhere else...

Don't worry, the big black vans, gathering in front of your house right now is nothing to worry about...

:p

That's awesome. So, essentially, even the government hates Windows. Nice.

And you'll be in big trouble if they stuffed the transmitter up your south end instead of putting it in your teeth.

Why do you think I crap in a hole that I dig myself? :p

D*mn, you got me. Now I have to take down that Norwegian proxy and set it up somewhere else...

Don't worry, the big black vans, gathering in front of your house right now is nothing to worry about...

:p

Good to know.... ~checks outside~
~Grabs PowerBook, A/C adapter, and emergency government-is-coming-to-kill me kit, decides to drop it and instead grabs the government-is-coming-to-hurt-me-badly kit and then runs~