Go Back   MacRumors Forums > Apple Hardware > Notebooks > MacBook Air

Reply
 
Thread Tools Search this Thread Display Modes
Old May 20, 2013, 02:18 PM   #26
GoCubsGo
macrumors Nehalem
 
GoCubsGo's Avatar
 
Join Date: Feb 2005
I'm super curious what activities this guy gets into on his computer that would make him so paranoid. Either way, I truly want to know if I removed the SSD from the Air then would the TB port be useful at all? It's not like data is stored within the port.
GoCubsGo is offline   0 Reply With Quote
Old May 20, 2013, 11:55 PM   #27
flynz4
macrumors 68040
 
Join Date: Aug 2009
Location: Portland, OR
Quote:
Originally Posted by adnbek View Post
http://dailymactips.com/2012/05/04/h...sword-in-lion/

Same process for Mountain Lion. Make sure you use a password you won't forget as there is no way to reset or remove the password if you forget it.
Thanks... FW Password set. I've been meaning to do this. Now I do not necessarily need to power-down my machine when left in a semi-public place (like a hotel room).

Quote:
Originally Posted by jessica. View Post
I'm super curious what activities this guy gets into on his computer that would make him so paranoid. Either way, I truly want to know if I removed the SSD from the Air then would the TB port be useful at all? It's not like data is stored within the port.
I assume you are wondering about the wisdom of destroying a FW port... not using FV2 + FW Password.

/Jim
flynz4 is offline   0 Reply With Quote
Old May 21, 2013, 02:52 AM   #28
Ice-Cube
macrumors 6502a
 
Ice-Cube's Avatar
 
Join Date: Jul 2006
Location: Somewhere over the rainbow
I'm suspecting its his internet history and the 'someone' is his wife.
__________________
sent from my iPhone.
Ice-Cube is offline   4 Reply With Quote
Old May 23, 2013, 08:30 AM   #29
Steve121178
macrumors 68020
 
Steve121178's Avatar
 
Join Date: Apr 2010
Location: Bedfordshire, UK
Quote:
Originally Posted by bludsrevenge View Post
I am about to buy myself a brand new MacBook Air when the next model comes out.

I believe in anonymity and I am beyond paranoid.
Yet you use the internet leaving a highly visible and traceable paper-trail for everything you do? And do you know how much stuff is sent to Apple & other vendors who's software you install?

You haven't really thought this through have you?

Just a heads up, but if you are serious about security why the hell are you looking at MBA? Get a laptop that suits your needs and run Linux. And I mean proper Linux, not crap like Ubuntu.
__________________
13" rMBP Haswell i5/16GB/512GB (Late '13) • 21.5" iMac i5/16GB/1TB Fusion (Late '12) • iPhone 6 64GB • iPad mini 2
Steve121178 is offline   0 Reply With Quote
Old May 23, 2013, 04:10 PM   #30
simon48
macrumors 65816
 
simon48's Avatar
 
Join Date: Sep 2010
Quote:
Originally Posted by IeU View Post
The HD is encrypted. So, no "you are good to go" . . .
???? What?
simon48 is offline   0 Reply With Quote
Old May 23, 2013, 08:14 PM   #31
flynz4
macrumors 68040
 
Join Date: Aug 2009
Location: Portland, OR
Quote:
Originally Posted by simon48 View Post
???? What?
I believe that what he is saying is: Since the drive is encrypted... the bare drive data remains safe once out of the system.

/Jim
flynz4 is offline   0 Reply With Quote
Old May 23, 2013, 08:45 PM   #32
simon48
macrumors 65816
 
simon48's Avatar
 
Join Date: Sep 2010
Quote:
Originally Posted by flynz4 View Post
I believe that what he is saying is: Since the drive is encrypted... the bare drive data remains safe once out of the system.

/Jim
But the whole thread is about how that is not enough.
__________________
People don't seem to realize that people don't post threads like "HELP - my rMBP works perfectly!!! - is my display too good!?" to balance out the negatives.
simon48 is offline   0 Reply With Quote
Old May 23, 2013, 10:50 PM   #33
flynz4
macrumors 68040
 
Join Date: Aug 2009
Location: Portland, OR
Quote:
Originally Posted by simon48 View Post
But the whole thread is about how that is not enough.
No... I think you might be missing a key point. There is nothing wrong with an encrypted drive per se. An encrypted drive out of the system is safe.

The issue is that if a machine is either running or suspended... then the encryption key can be extracted from active system memory... and then the system has a vulnerability.

There are two ways to circumvent a memory resident key from being accessed:
  1. Shut down the computer when it might be physically accessed by a 3rd party.
  2. Use a firmware password so that the system cannot be accessed via an external boot device... including a FW or TB connection.

Either of those two actions removes the threat of this specific security threat.

A bunch of people appear to be misunderstanding that there is nothing wrong with an encrypted drive, and incorrectly believe that physical possession of an encrypted drive is insecure. They seem to be missing the fact that real culprit in this particular example is having the key available in system memory and available to be exploited... while the encrypted drive itself is otherwise actually secure.

/Jim

P.S. I previously used method #1 above to keep my system secure... but it is impractical to shut down 100% of the time. Due to the information in this thread... I now use approach #2... which adds security, even if I do not shut down.

Last edited by flynz4; May 23, 2013 at 11:03 PM.
flynz4 is offline   0 Reply With Quote
Old May 23, 2013, 10:51 PM   #34
Stetrain
macrumors 68040
 
Join Date: Feb 2009
Quote:
Originally Posted by simon48 View Post
But the whole thread is about how that is not enough.
The thread is about the apparent ability to access an encrypted drive when the machine isn't completely powered off because the encryption key is stored in memory.

Once the machine is turned off or the drive removed from the machine that would no longer be effective.
Stetrain is offline   0 Reply With Quote
Old May 24, 2013, 01:01 AM   #35
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
Quote:
Originally Posted by flynz4 View Post
No... I think you might be missing a key point. There is nothing wrong with an encrypted drive per se. An encrypted drive out of the system is safe.

The issue is that if a machine is either running or suspended... then the encryption key can be extracted from active system memory... and then the system has a vulnerability.

There are two ways to circumvent a memory resident key from being accessed:
  1. Shut down the computer when it might be physically accessed by a 3rd party.
  2. Use a firmware password so that the system cannot be accessed via an external boot device... including a FW or TB connection.

Either of those two actions removes the threat of this specific security threat.

A bunch of people appear to be misunderstanding that there is nothing wrong with an encrypted drive, and incorrectly believe that physical possession of an encrypted drive is insecure. They seem to be missing the fact that real culprit in this particular example is having the key available in system memory and available to be exploited... while the encrypted drive itself is otherwise actually secure.

/Jim

P.S. I previously used method #1 above to keep my system secure... but it is impractical to shut down 100% of the time. Due to the information in this thread... I now use approach #2... which adds security, even if I do not shut down.

Bold
Three, disabling the Thunderbolt extensions is another one.
justperry is offline   0 Reply With Quote
Old May 25, 2013, 07:44 PM   #36
dyn
macrumors 65816
 
Join Date: Aug 2009
Location: .nl
Quote:
Originally Posted by justperry View Post
Bold
Three, disabling the Thunderbolt extensions is another one.
In that case you are wrong too. There are many more ways of destroying the TB port. You could desolder it for example. All of those are impractical. The two mentioned are the most practical and useful ways of avoiding the issue.
dyn is offline   0 Reply With Quote
Old May 25, 2013, 08:38 PM   #37
Siderz
macrumors 6502a
 
Join Date: Nov 2012
Location: London, UK
Plot twist: His friend needs the Thunderbolt port, and so OP wants to destroy it so that he can no longer use the device.

Why don't you just open the MBA and physically remove the port?
__________________
focus
Siderz is offline   0 Reply With Quote
Old May 25, 2013, 08:53 PM   #38
andiwm2003
macrumors 601
 
andiwm2003's Avatar
 
Join Date: Mar 2004
Location: Boston, MA
Quote:
Originally Posted by jessica. View Post
I'm super curious what activities this guy gets into on his computer that would make him so paranoid. Either way, I truly want to know if I removed the SSD from the Air then would the TB port be useful at all? It's not like data is stored within the port.
While this all sounds paranoid there are scenarios where this paranoia is warranted.

I'm working for a biotech and on my computer are project plans, chemical structures that are not patented yet and such stuff. When I'm on a conference usually the entire industry is booked in the same hotels and it's conceivable that someone for the heck of it downloads a bunch of laptop HD's and figures out who is doing what.

Other scenarios are that I have unpublished clinical trial results on my HD and someone could use the information to buy/sell stocks. We had our company broken in and all computers stolen a few years ago. Luckily the thief's seem to have been interested in the hardware only.
andiwm2003 is offline   0 Reply With Quote
Old May 28, 2013, 03:34 PM   #39
dyn
macrumors 65816
 
Join Date: Aug 2009
Location: .nl
If you put that much data on a notebook it means that you haven't thought it through. Always carefully decide what data to bring along and what not. Also carefully decide how you bring it. Do you put it on just the drive with whole disk encryption turned on or do you put it in a secured Truecrypt container on a drive with whole disk encryption turned on whilst only powering the machine when necessary? Do you even put it on the notebook or keep it stored elsewhere that you can safely access?

It's not just whole disk encryption you need to think about in that case!
dyn is offline   0 Reply With Quote
Old May 28, 2013, 08:03 PM   #40
DisplacedMic
macrumors 65816
 
Join Date: May 2009
Quote:
Originally Posted by Ice-Cube View Post
I'm suspecting its his internet history and the 'someone' is his wife.
seriously. just get one of these

DisplacedMic is offline   0 Reply With Quote
Old May 29, 2013, 05:55 AM   #41
cyclotron451
macrumors regular
 
Join Date: Mar 2005
Location: Europe
Liquid Nitrogen

The LN2 attack involves cooling the MBA rapidly down to minus 321 farenheit and allows to preserve the RAM contents for quite some time, potentially allowing the whole-disk-encryption key recovery from RAM, even in a powered off MBA.

The SSD on the MBA, being an SSD, never actually quite deletes data, the trim algorithm presumably keeps writing the whole-disk-encryption key all over the place, such that even a NIST military 'data destruction' overwrite on the SSD isn't actually guaranteed to overwrite your sensitive stuff.

Some Three letter Acronym organisations glue/seal items to block USB & other ports for their staff devices. (a 'cheap' Apple A1305 or similar DVI adapter could have the bare TB connector removed and superglued into the port, I wouldn't do anything more aggressive than that to an Apple MB/MBA)

Machines that are über-protected in any of these ways are easily persuaded to reveal their contents via social engineering = targeted Phish APT or by essential system upgrade components being subverted ( = iTunes upgrades allegedly used by FinFisher in the past) or by generic *.* Certificate Authority SSL certificates (which are still in use for Enterprise and National security means)

The various whole disk encryption schemes might be assumed to have essential third-party maintenance access capabilities anyway.

The sound that your keyboard makes when you type your decrypt passwd can be used to 'guess' it, likewise many keyboards radiate sufficient RF for the keypresses to be scanned from a short distance (I've seen reading at three floors distance in a hotel! - with around $1K of Ettus products used)

It's best to have a vanilla machine , use it normally and store your secrets in a safe! (or saran-wrap covered 64GB microSD card retained in your mouth)

For realistic data security you have to assume your opponents are already in your system, so use multiple independent elements of security.

There are some situations where these 'paranoid' levels of security are necessary - journalism comes to mind in some countries, but on the whole I do trust my national authorities with all of my data.

Ross Anderson has another 600 pages on the subject here Cambridge UK
cyclotron451 is offline   0 Reply With Quote
Old May 31, 2013, 07:36 PM   #42
marvin4653
macrumors regular
 
Join Date: Jun 2012
Wasn't the FireWire/Thunderbolt DMA vector patched in 10.7.2 for all states except when a user is actively logged in (i.e. the attack isn't possible if the computer is idle with a screensaver and password prompt, or sleeping with a password prompt on wake)?

http://support.apple.com/kb/HT5002
marvin4653 is offline   0 Reply With Quote
Old May 31, 2013, 11:25 PM   #43
mizzouxc
Banned
 
Join Date: Apr 2010
Someone could hack you via your Internet connection. You should maybe jut not use computers.
mizzouxc is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Hardware > Notebooks > MacBook Air

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
How will I use my thunderbolt port if I have a non-Thunderbolt Cinema Display? EvilEvil Mac mini 6 Jun 22, 2014 05:35 PM
Mid 2011 MacBook Air to Thunderbolt HDD to Thunderbolt->DVI adapter to Monitor mrcarl79 MacBook Air 7 Aug 22, 2013 04:47 PM
use thunderbolt instead of hdmi port foofan Mac mini 5 Feb 1, 2013 01:38 PM
Have you ever used your Thunderbolt port? someone28624 Mac Basics and Help 13 Jan 20, 2013 03:21 AM
Thunderbolt Wall Port rustyk123 Mac Peripherals 2 Jul 6, 2012 11:52 AM

Forum Jump

All times are GMT -5. The time now is 01:14 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC