messing with the power connection

So how long have you worked for that company?

On Fri, 15 Feb 2008 19:36:35 -0800 Anthony Guzzi wrote: | snipped-for-privacy@ipal.net wrote: |> This is an amazing device: |> |>

|> | | | So how long have you worked for that company?

Never have. I'm actually trying to figure out ways to defeat it.

1. Use a 240 volt circuit. The 240 volt version might not be in the USA.
2. Use 48 volt DC to the PSU. They don't even make that.
3. Use a power strip plug that shorts itself while not inserted.
4. Configure the whole disk encryption to timeout regardless of activity.

There is a *very* much easier way to defeat it. However, bearing in mind that its use is as a forensic tool for law enforcement - such discussions really aren't in the public interest.

Can you still get Mercury tilt switches in your neck of the woods?

Stick one in the power lead to to HDD. It needs to be positioned so that it's made while the computer is stationary in it's normal position but breaks the moment it is moved. At one time car alarms used to have some sort of trembler switch too. Of course you might need microswitches that open the feed when someone tries to remove the computer casing to "interfere" with this arrangement.

I rather suspect that on an accessible website like this, that it's aimed at a somewhat less respectable clientel!

I'm sure law enforcement agencies already have their own methods of dealing with things.

On Sat, 16 Feb 2008 09:34:13 GMT Palindrome wrote: | snipped-for-privacy@ipal.net wrote: |> On Fri, 15 Feb 2008 19:36:35 -0800 Anthony Guzzi wrote: |> | snipped-for-privacy@ipal.net wrote: |> |> This is an amazing device: |> |> |> |>

|> |> |> | |> | |> | So how long have you worked for that company? |> |> Never have. I'm actually trying to figure out ways to defeat it. |> |> 1. Use a 240 volt circuit. The 240 volt version might not be in the USA. |> 2. Use 48 volt DC to the PSU. They don't even make that. |> 3. Use a power strip plug that shorts itself while not inserted. |> 4. Configure the whole disk encryption to timeout regardless of activity. |> | | | There is a *very* much easier way to defeat it. However, bearing in mind | that its use is as a forensic tool for law enforcement - such | discussions really aren't in the public interest.

I disagree. Such tools can also be abused, and might be in the near future.

On Sat, 16 Feb 2008 10:54:43 +0000 (GMT) Stuart wrote: | In article , | Palindrome wrote: | |> There is a *very* much easier way to defeat it. However, bearing in mind |> that its use is as a forensic tool for law enforcement - such |> discussions really aren't in the public interest. | | I rather suspect that on an accessible website like this, that it's aimed | at a somewhat less respectable clientel! | | I'm sure law enforcement agencies already have their own methods of | dealing with things.

A lot do, I am sure. Most probably would be baffled by a device like this. Those same LEAs would probably boot up a computer they take back to the lab instead of imaging the HD(s). I wouldn't be surprised if they leave the external HD(s) at the scene. And worse, they might even re-install if the computer is infected.

On Sat, 16 Feb 2008 10:12:38 +0000 (GMT) Stuart wrote: | In article , | wrote: |> On Fri, 15 Feb 2008 19:36:35 -0800 Anthony Guzzi wrote: |> | snipped-for-privacy@ipal.net wrote: |> |> This is an amazing device: |> |> |> |>

|> |> |> | |> | |> | So how long have you worked for that company? | |> Never have. I'm actually trying to figure out ways to defeat it. | |> 1. Use a 240 volt circuit. The 240 volt version might not be in the |> USA. 2. Use 48 volt DC to the PSU. They don't even make that. 3. Use |> a power strip plug that shorts itself while not inserted. 4. Configure |> the whole disk encryption to timeout regardless of activity. | | Can you still get Mercury tilt switches in your neck of the woods?

Sure. I all need to do is drive around out in the countryside and look for homes that have some kind of central heat, and trade them a fancy new digital thermostat for that old one.

| Stick one in the power lead to to HDD. It needs to be positioned so that | it's made while the computer is stationary in it's normal position but | breaks the moment it is moved. At one time car alarms used to have some | sort of trembler switch too. Of course you might need microswitches that | open the feed when someone tries to remove the computer casing to | "interfere" with this arrangement.

D'oh! That one was too simple for me to think of.

The local Sheriff's department would leave your sorry ass in the dust, then. Not only are they computer experts, but they have a nice electronics lab to build things they can't find on the market. Whenever there is suspected cyber crime, or a computer found when a warrant is served, the regular deputies do not touch them. The experts are called in, and take over the investigation, until their part is done.

Barney Fife might be your local Sheriff, but those clowns are rapidly disappearing.

On Sat, 16 Feb 2008 14:10:07 -0500 Michael A. Terrell wrote: | snipped-for-privacy@ipal.net wrote: |> |> On Sat, 16 Feb 2008 10:54:43 +0000 (GMT) Stuart wrote: |> | In article , |> | Palindrome wrote: |> | |> |> There is a *very* much easier way to defeat it. However, bearing in mind |> |> that its use is as a forensic tool for law enforcement - such |> |> discussions really aren't in the public interest. |> | |> | I rather suspect that on an accessible website like this, that it's aimed |> | at a somewhat less respectable clientel! |> | |> | I'm sure law enforcement agencies already have their own methods of |> | dealing with things. |> |> A lot do, I am sure. Most probably would be baffled by a device like this. |> Those same LEAs would probably boot up a computer they take back to the lab |> instead of imaging the HD(s). I wouldn't be surprised if they leave the |> external HD(s) at the scene. And worse, they might even re-install if the |> computer is infected. | | | The local Sheriff's department would leave your sorry ass in the | dust, then. Not only are they computer experts, but they have a nice | electronics lab to build things they can't find on the market. Whenever | there is suspected cyber crime, or a computer found when a warrant is | served, the regular deputies do not touch them. The experts are called | in, and take over the investigation, until their part is done.

Sure, there are a lot of departments that do have their act together. The sad fact is, most don't. And it isn't because they have Barney on the ranks. It's just that they are not prepared for anything unusual. They don't have these experts to call on. They just have a couple of officers in the ranks that really do know how to use computers, as long as they are Windows. They even know how to image a drive. But that's the end of it.

It must be really backward on your world. Do your cops still ride horses and hang people in the public square for spitting on the street?

Aside from the discussions of security, defeating it, etc. there are electrical safety issues:

1) This guy claims "years of experience as an electrician" yet demonstrates opening an outlet cover and cutting a hot wire with the circuit energized. He says to use "insulated" cutters, but how many non-professionals would know that the normal hardware store cutters are not adequately insulated. 2) The hot plug device, once armed, puts 120V on the end of an exposed plug, and the receptacle (after it is removed).

This is completely irresponsible. Dangerous product, and dangerous demonstration.

At least two very easy ones come to my mind. Not only don't you want the criminals to know, but you don't want hotplug to enhance their product to accomodate those. I am not convinced that law enforcement is their target market. If it was, it would be marketed through more confidential channels. Anyone can order it from their web site, and then use it on your computer for whatever reason they have.

I must admit to being rather shocked ( ;) ) that it *could* be marketed. ICBW, but I very much doubt that such a product could be sold to anyone, through "confidential channels" or not, in the UK. It is just an accident waiting to happen.

It isn't even a very bright idea, from the computing viewpoint. Transporting *spinning* hard disks. Not exactly the best way of protecting irreplaceable data - hitting the machine with a fire axe would quite possibly be safer.

Even the "mouse jiggler" concept is flawed. But I suspect that you can think of at least two flaws yourself, without me mentioning them!

I wonder what the guy is going to invent next? Roller skates for seeing eye dogs?

IBM did studies on this for the army in the early 90s. It turns out spinning hard drives are not really much more in danger than drives at rest. There are lots of older MP3 players that use mini drives and the army/marines have hardened laptops that they carry around in combat. The drives are pretty much "off the shelf" items.

From the data sheet of a typical desktop machine hard disk:

Shock (Gs) Operating: 63 Nonoperating: 300

I'd not call the difference between them "not really much more".

I've written off the odd hard disk by careless handling whilst it was running - in each case a powered-off drive would have survived, I'm sure. YMMV.

Of course some modern laptop drives have become very sophisticated and include g sensors that rapidly park and lock the heads. Producing a suitably school marmy comment on the screen, having done so. I'm not aware of any desktop machine drive that has such protection..

On Sun, 17 Feb 2008 03:47:39 -0500 Michael A. Terrell wrote: | snipped-for-privacy@ipal.net wrote: |> |> Sure, there are a lot of departments that do have their act together. |> The sad fact is, most don't. And it isn't because they have Barney on |> the ranks. It's just that they are not prepared for anything unusual. |> They don't have these experts to call on. They just have a couple of |> officers in the ranks that really do know how to use computers, as long |> as they are Windows. They even know how to image a drive. But that's |> the end of it. | | | It must be really backward on your world. Do your cops still ride | horses and hang people in the public square for spitting on the street?

You sure do seem to have a narrow range of experience. Maybe you should out sometime and see the world. Things really are more modern than you seem to grasp. They just aren't as diverse at all technologies in all the places. That's not necessarily the fault of the LEAs/LEOs ... it's just the way the world is. When you are dealing with small towns with maybe 20 to 30 LEOs on staff, and small budgets, there is no luxury of having experts in all technologies available.

Are you trying to tell us something, or is it that you can't string together enough words to form a coherent sentence?

Which is the reason Phil is fascinated by it.