Sep 16, 2008

Secure your homemade porn

So recently I had the misfortune of overhearing a conversation whereby an acquaintance of mine (she lives in my neighborhood, pretty girl really) tell whoever it was about how some... "sensitive" photographs of herself got "leaked" on the internet. Now we all know this kinda thing has been going on for ages and ages but the tragedy is that apparently "people" still don't take adequate measures to protect themselves.

Now I'm not saying there's anything wrong with photographing, or even videoing yourself and/or others - with their consent of course - and in face, it would pure hypocrisy for me to tell you not to do it. Heck I've been doing it for so long it's almost like a hobby now, but I've never had to face said situation because I've always been careful about where and how I kept my data (as in not just "sensitive" photographs but sensitive stuff in general).

There are a few simple rules to follow if you don't want to get caught/exposed

1. Encrypt everything

If it's out in the open it's practically fair game and sometimes hiding something isn't enough! You gotta put a lock on that box if you know what I mean. I know lots of people who'd think that simply hiding the folders in some nook is enough but it's not. Encryption is the key people. Password protected Zip/Rar/ACE (whatever) files are NOT repeat NOT an option! (second favourite option for the less enlightened). The reason why it's not a good idea is because when you use a zip file, most often (there are exceptions I believe) temporary data is written to disk and THAT puts you at risk because that data can be recovered quite easily. Besides that a LOT of tools exist to bruteforce (crack the password of) these archives.

I recommend using an on-the-fly-encryption program of good reputation. I've used and trused Truecrypt for ages and before that I used to rely on something called Cryptainer (there is a free version availible). These have the advantages of allowing you to work almost directly off the encrypted data and not leaving traces on the host computer, and providing strong encryption. In addition to that there are availible to you more options for authentication than by simply putting a password on it. more on that later -

2. Strong passwords

Any lock is only as good as it's key mate - if a pin tumbler had just one pin an infant with a toy could probably pick it! (err..never mind if you didn't understand that bit) All I'm saying is that if your password is something like "fuckyou","iloveyou","iloveyoutoo" or "123456789" (which believe me are ridiculously common based on a bunch of passwords I managed to get my hands on from a forum db dump a year or two ago), then you might as well forgo the whole encryption deal so - long (at least 14 characters), random (avoid dictionary words), include numbers, punctuations and special characters.

TrueCrypt (and others) offer something called a keyfile, which is an ordinary file that you will need to open a "vault". The idea is that nobody knows which file you need except you.. so it's basically a second password. In the past I've used this method as a sort of multi-party authentication thing... more on that later!

2.1 Your computer login password doesn't protect you

All it takes for somebody to grab all your files is to pop in a CD into your drive, boot up a portable system and just sweep it all up into a portable hard disk or something. Disk encryption is available in most modern operating systems. You might want to look into that.

3. Card to vault and never out!

That was pretty self explanatory wasn't it? If you're using a digital camera copy directly to the encrypted vault and don't take it out of it. If you want to Photoshop and stuff, you can do it from within the vault itself... but if you absolutely must take it out into the open, read about "shredding" below.

4. Don't delete - Shred!

You may think you're safe once you've clicked that delete button but you're wrong. Deleting doesn't remove the actual data (most of the time...always exceptions), but just the reference to it. So the computer can't find it - but the actual stuff is still there on disk and can be recovered using special software. This is why those temporary files are so dangerous! To securely remove anything you gotta overwrite that data with something else. Eraser is a good program that can be used just for that! So if you ever want to delete something permanently... use a good secure wipe tool (Eraser on windows is recommended, for linux there's the built in shred command..good ol' linux!!!) wipe it good people..hehe.. don't forget to wipe the memory cards too, and flash drives you've used to carry it (only when you need to though...)

5. Never ever lend out a camera or flash drive to a friend without wiping it first...never...EVER!!!

'Cos this is probably where most of the stuff gets leaked anyway. As stated above, it's easy as zap to recover deleted files so - you know what that means. You can trust anyone..but not the devil inside em as that guy.. (what's his name?) said in that (what's that movie?) movie! This goes to memory cards on cellphones as well. Five minutes is all it takes and all your kinky habits are for the world to know :| a good recovery prog you say? umm..try Recuva (it's free) and Photorec/Testdisk on linux. (even free-er).

6. Trust??

so your ex-boyfriend did it eh? shouldn't have trusted him in the first place eh? hehe... well shit happens sucks to you! Just kidding. Prevention before cure that's what they say. Multi-party authentication! like needing two keys to open a door - you could, say, make a truecrypt volume with a bunch of keyfiles needed - give some to the guy keep some for yourself so that the vault can only be opened when you're both present! Of course you can explore the "Secret Sharing" (oh yea! there is a use for it) option I was talking about before... TrueCrypt's dev docs have mentioned supporting hardware tokens (eg.flash drives) and stuff so you should see a lot of improvement in this area sometime in the near future.

oh and one more thing... those computer repair guys? Megachip? Focus? I wouldn't trust them if I were you. Trust me you wouldn't trust them. oh and CELLPHONES GET STOLEN!!! do keep that in mind.

well there you have it... there are probably more comprehensive umm.. paranoia guides out there than this, but I just wanted to rant about it. I hope I didn't bore you or anything... much :) I love you all mwah mwah


Post a Comment