Overwrite sleepimage & swap for security?

Discussion in 'macOS' started by Lokrado, Jul 31, 2010.

  1. Lokrado macrumors regular

    Joined:
    Jan 26, 2009
    Location:
    Denmark
    #1
    I was wondering what happens if I overwrite my sleepimage?
    I was reading thought mine, and the stuff I can find in there is amazing! It goes months back, and with just a little bit of background knowlage I am able to see more then perhaps anyone would like anyone but themselves to see. I even have partial connection logs for other computers?!

    Perhaps a script could be made to wake up secure erase sleepimage and swap and make new ones, then sleep again?
     
  2. iVoid macrumors 65816

    Joined:
    Jan 9, 2007
    #2
    Well, first make sure that the 'Use secure virtual memory' checkbox is checked int eh Security SP. That will at least protect your swap file.

    I have found some info that suggests the sleep mode file is encrypted as well when you use this setting, but nothing direct from Apple.
     
  3. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #3
  4. Lokrado thread starter macrumors regular

    Joined:
    Jan 26, 2009
    Location:
    Denmark
    #4
    I can pretty much verify that it isn't, yes there is a ton of gibberish but I am also able to pull a lot of plain text out of it, software I ran, installed, inside my encrypted home folder, lots and lots of IP logs. My friend has an encrypted server, but lots of it's contents are in plain English or hex in my sleepimage
     
  5. iVoid macrumors 65816

    Joined:
    Jan 9, 2007
    #5
    Do you have 'Use secure virtual memory' checked?

    The info I found after posting my message originally said that the sleep image is encrypted if 'Use secure virtual memory' is checked.
     
  6. Lokrado thread starter macrumors regular

    Joined:
    Jan 26, 2009
    Location:
    Denmark
    #6
    I sure do.....

    Try open your own in text edit, it's quite interesting I assure you...
     
  7. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #7
    Mine doesn't seem to have any readable content. I have FileVault and Use Secure Virtual Memory enabled though.
     
  8. Lokrado thread starter macrumors regular

    Joined:
    Jan 26, 2009
    Location:
    Denmark
    #8
    So have I
    Try harder :D search it (CMD+F) for something common like "Apple" I had a bunch from Sierra wireless, the USB driver, dhcp resolver, install log from nmap etc. (the last part listed folders inside my home folder as that was where I installed it.
     

Share This Page