Security Through Absurdity Rotating Header Image

Exploding Boot Loader

Aug 24th, 2006
by lyntux.
Comments are off for this post

I got this idea from watching TV a while back. The concept is pretty simple, You have a physical device in you computer that if it is not present, the data on your computer is destroyed. In the TV show, the physical device is a floppy disk.  We have come a long way since then and better, more reliable technology has become available. I have not yet implemented the exploding boot loader, so I don’t have all the kinks worked out, but here is how it is supposed to work.

You need a couple of things before you start:

  • any compact flash card, 32 MB minimum
  • a basic working knowledge of Grub (LiLo might work too)
  • Linux (Window users can get this to work too)
  • and a Compact Flash to IDE Adapter

The first step is to copy your /boot Partition onto the compact flash drive.  This will become the boot partition you are going to be using as primarily.  Select this device as the first boot option in BIOS, and make your hard drive the second.  Remove the contents of the /boot partition of your hard drive, my recommendation is to bcwipe your old /boot partition. Reinstall Grub back onto the old /boot partition and tell it to boot the partition it is on.  You need to have a very basic floppy type Linux install on this drive, like DSL.   Here is the key part, but I am a little fuzzy on it.  You need put bcwipe on this drive, tell it to execute on boot up and wipe all drives and partitions (other than the one it is running from) in the background.  This effectively destroys the information on those drives, or at least a good portion of it, before someone gets the idea of what is happening.

Here is what happens, with the primary boot loader on the compact flash drive, it should boot the computer like normal, remove the compact flash card, and the destructive boot loader loads and starts wiping data (remember that the CF card is not technically hot swappable, but if you are in a hurry, you probably won’t mind the ‘good’ boot loader being destroyed).

Now, their are a few potential problems with this. First, if you have a large hard drive, it will take a while to wipe everything and the would-be intruder will almost certainly halt the process before it is complete. Second, if the CF card should ever fail, you are going to have an interesting time turning you computer on without wiping everything (make backups).  Finally, there are much more secure methods for wiping data that would require booting off of a second hard drive or flash card so you can wipe the whole drive and not just the partitions (see Hampton, Michael.  “ATA Security Exposed.”  2600, The Hacker Quarterly Spring 2009.  6-7.)

There you have it, the Exploding Boot Loader.

Updated: June 02, 2009 @ 00:10

Posted in: Security Through Absurdity.
Tagged: ·

From The Silly Storage Dept. Minidiscs!

Aug 21st, 2006
by admin.
Comments are off for this post

If you have ever had some data you wanted to store in a safe place but couldnt think of quite the right thing that would be safe and secure, I know how you feel. I have had this idea for a few years, the perfect thing would be a freakin’ Minidisc. Why? Do you know anyone with a minidisc player? If you do no know anyone, (I certainly do not) then who is going to read your sensetive information?

Did you know that minidiscs can store data? As a matter of fact, there’s a SCSI Sony Diskman that plugs into a Mac. It acts as a conventional cdrom drive. In addition, it is also supported by the Linux kernel.

A lot of minidisc devices have what’s called a service mode, which allows you to do some interesting hacks. What’s better than a tweakable, hackable, portable, unconventional, and high capacity (1+GiB) storage device for sensitive information?

There are also plenty of service manuals out there for those of us absurd enough to do some modifications.

Sony has been doing a little bit to help those of us absurd enough to store data away on a minidisc with the new Hi-MD discs.

Now obviously, you wouldnt want to store data on there in plain text, thats why encrypting filesystems are so great thanks to linux crypto loops (more on that later).

For now, head on over to http://www.minidisc.org/. All kinds of interesting information if you want to mess around with minidisc data storage.

And last but not least, if it proves to be not quite the right thing for you, at least you have a kick-ass digital audio player in the end as an added bonus.

–ahazaurus

Posted in: Security Through Absurdity.
Tagged:

Security Through Absurdity

Aug 21st, 2006
by lyntux.
Comments are off for this post

It’s not just a play on words, it’s a revolutionary new concept in securing your data.  OK, maybe it’s not going to cause any ripples in the industry.  In fact, some of our ideas are so absurd that even we wouldn’t use them.  I only hope we can inspire just one more person to take security seriously, by any means necessary.  Share and Enjoy!

Posted in: Security Through Absurdity.