Recent Features
| |||||||||||||
On the security of our processes and infrastructureOn the security of our processes and infrastructurePosted Sep 9, 2011 7:44 UTC (Fri) by geofft (subscriber, #59789)Parent article: On the security of our processes and infrastructure
"Anybody who has attended a few developer conferences has seen a long line of laptop bags against the wall at meals and receptions"
Just... stop doing that.
There are a couple of approaches. I'm that weird guy who keeps my laptop bag with me at all times (when I don't leave it at home, and if people are breaking into my home I have bigger problems). It's a little awkward to have a bag with you / under your table at dinners and such, but hey, we're all programmers, we can be awkward.
If you set out with the approach that your laptop is dangerous if it isn't in your hands, you quickly adapt to carrying it everywhere, or leaving it in advance in safe places like locked to your office table.
You can also set an admin password in your BIOS and disable booting to external drives, set a GRUB password, and lock your screen when you walk away. While it's not enough to deter a determined "Evil Maid"-style attacker who's willing to open your laptop, it's probably good enough. (This worked better on my netbook, which didn't have an easily removable internal drive, even if you opened the case.)
Finally, we could as a community figure out how the heck you're supposed to use the TPM and trusted boot and all this fun stuff. I would really like the ability to create a trusted container/VM on my laptop, and I know the hardware technology exists, but I can't figure out how to use any of the free software support for it. It should get built into the desktop the way things like NetworkManager are.
(Log in to post comments)
On the security of our processes and infrastructure Posted Sep 9, 2011 10:31 UTC (Fri) by NAR (subscriber, #1313) [Link] "Anybody who has attended a few developer conferences has seen a long line of laptop bags against the wall at meals and receptions"Just... stop doing that. On a conference I never dared to leave my laptop alone. Not because I was afraid that someone would break the screensaver lock, but because I was afraid someone might simply steal it...
On the security of our processes and infrastructure Posted Sep 9, 2011 12:29 UTC (Fri) by jengelh (subscriber, #33263) [Link]
In that regard, the grandparent poster's laptop must be quite a vintage or defaced-with-stickers for it not to be stolen when left unattended :)
On the security of our processes and infrastructure Posted Sep 10, 2011 3:23 UTC (Sat) by geofft (subscriber, #59789) [Link]
Oh, certainly, at a hotel or at certain university buildings like libraries, I'd worry about theft primarily.
At other university buildings I'd worry more about pranksters. :)
On the security of our processes and infrastructure Posted Sep 15, 2011 16:37 UTC (Thu) by slashdot (guest, #22014) [Link]
Just encrypt the whole hard drive with cryptsetup-luks and turn off the laptop when you leave it unattended.
An attacker can still corrupt the hard drive or steal the machine, but almost surely won't achieve anything beyond forcing you to buy a new machine and restore backups.
On the security of our processes and infrastructure Posted Sep 18, 2011 0:36 UTC (Sun) by ccurtis (guest, #49713) [Link] You can also set an admin password in your BIOS and disable booting to external drives, [...]Or, as I do (out of necessity, really), remove the hard drive from the laptop and only boot from external drives. It's a lot easier to carry around a portable hard drive than a laptop anyway.
On the security of our processes and infrastructure Posted Sep 23, 2011 17:27 UTC (Fri) by oak (guest, #2786) [Link]
In this case you could make the OS on the internal hard drive to do "interesting" things if somebody ever happens to boot it, like:
* Log anything the user does (URLs, passwords etc), take photos with the webcam * Scan for WLAN networks & connect to network * If that fails, use few dollar/euro prepaid SIM to do cellular connection instead * "Call home" to log close-by WLAN & phone base stations etc info needed to locate the laptop and identify its thief * If "Home" tells that the device should do something, first disable volume & power off keys * Then start blinking the screen & blasting from the tinny speakers something like "I'm stolen, please call police" etc.
Whoever steals that device, will probably remember it for a while and maybe even avoid geek conferences in future...
|
|||||||||||||