Overwrite sleepimage & swap for security?

Lokrado

macrumors regular
Original poster
Jan 26, 2009
210
0
Denmark
I was wondering what happens if I overwrite my sleepimage?
I was reading thought mine, and the stuff I can find in there is amazing! It goes months back, and with just a little bit of background knowlage I am able to see more then perhaps anyone would like anyone but themselves to see. I even have partial connection logs for other computers?!

Perhaps a script could be made to wake up secure erase sleepimage and swap and make new ones, then sleep again?
 

iVoid

macrumors 65816
Jan 9, 2007
1,122
146
Well, first make sure that the 'Use secure virtual memory' checkbox is checked int eh Security SP. That will at least protect your swap file.

I have found some info that suggests the sleep mode file is encrypted as well when you use this setting, but nothing direct from Apple.
 
Comment

Lokrado

macrumors regular
Original poster
Jan 26, 2009
210
0
Denmark
Well, first make sure that the 'Use secure virtual memory' checkbox is checked int eh Security SP. That will at least protect your swap file.

I haven't been able to find if the sleep image is encrypted or not (would eb nice if it was).
I can pretty much verify that it isn't, yes there is a ton of gibberish but I am also able to pull a lot of plain text out of it, software I ran, installed, inside my encrypted home folder, lots and lots of IP logs. My friend has an encrypted server, but lots of it's contents are in plain English or hex in my sleepimage
 
Comment

iVoid

macrumors 65816
Jan 9, 2007
1,122
146
I can pretty much verify that it isn't, yes there is a ton of gibberish but I am also able to pull a lot of plain text out of it, software I ran, installed, inside my encrypted home folder, lots and lots of IP logs. My friend has an encrypted server, but lots of it's contents are in plain English or hex in my sleepimage
Do you have 'Use secure virtual memory' checked?

The info I found after posting my message originally said that the sleep image is encrypted if 'Use secure virtual memory' is checked.
 
Comment

Lokrado

macrumors regular
Original poster
Jan 26, 2009
210
0
Denmark
Do you have 'Use secure virtual memory' checked?

The info I found after posting my message originally said that the sleep image is encrypted if 'Use secure virtual memory' is checked.
I sure do.....

Try open your own in text edit, it's quite interesting I assure you...
 
Comment

angelwatt

Moderator emeritus
Aug 16, 2005
7,852
7
USA
Mine doesn't seem to have any readable content. I have FileVault and Use Secure Virtual Memory enabled though.
 
Comment

Lokrado

macrumors regular
Original poster
Jan 26, 2009
210
0
Denmark
Mine doesn't seem to have any readable content. I have FileVault and Use Secure Virtual Memory enabled though.
So have I
Try harder :D search it (CMD+F) for something common like "Apple" I had a bunch from Sierra wireless, the USB driver, dhcp resolver, install log from nmap etc. (the last part listed folders inside my home folder as that was where I installed it.
 
Comment

Similar threads

Replies
5
Views
506
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.