But if
you're getting information security advice from a Forbes blog, that will be the least of your worries.
Where would you suggest we get information security advice from? Many here are quick to point out what people should not rely upon. But relatively few seem to want to assume the responsibility to suggest what people should use. We are gleaning material including on concepts from the Information Security chapter written by Danny in CPJ's Journalist Security Guide (full disclosure: I wrote the chapters on physical safety). We are looking for guidance on tools from Security-in-a-Box by Tactical Tech. And we are reviewing and closely following the discussion over the new Internews guide which covers both concepts and tools. We are also looking at relevant guides by Small World News by Brian and others, and Mobile Active by Katrin and Alix. It seems to me that the above comprise the best available sources out there. Would you agree? Of course, if you or anyone has any other suggestions, we are all ears. The discussion itself over the Forbes blog and other material is all helpful. But backhanded snipes without the benefit of positive alternative suggestions are not. Most people on this list and in conferences seem to be agreeing, at least lately if not also before, that if people who need to use the tools don't use them, then that becomes a security problem in and of itself. And that the overwhelming majority of people in places like Syria really do not understand the risks or practice best measures. Would you agree? Getting over these obstacles requires training, and also more transparency within this "Open Source" community about what we should be teaching people. I am also learning not to take gratuitous snipes here personally. As it seems to be all too common within this group. But I do think we would serve a great many more people if we had more constructive conversations. Isn't that what this list is for?
-------- Original Message -------- Subject: Re: [liberationtech] Forbes recommends tools for journalists From: Steve Weis <steveweis@gmail.com> Date: Mon, December 17, 2012 6:10 pm To: liberationtech <liberationtech@lists.stanford.edu>
Just to go further down the tech tangent...
There are SSD drives with full-disk encryption, such as the Intel 520 series. Here's a paper "Reliably Erasing Data From Flash-Based Solid State Drives" from Usenix 2011 that analyzes disk sanitation on several SSD drives. Their conclusion was that built in encryption and sanitization functions were most effective, but were not always implemented correctly: http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf
Regarding storage for disk-encryption keys, PCs with TPMs can seal keys such that they can only be unsealed if the machine is booted to a verifiable state. Then you can leave the sealed key on the disk, which is how Bitlocker works.
Keep in mind that TPMs can be compromised by physical attacks. They aren't going to protect you from a moderately-funded forensics effort. But if you're getting information security advice from a Forbes blog, that will be the least of your worries.
On Mon, Dec 17, 2012 at 1:42 PM, Michael Rogers <michael@briarproject.org>wrote:
I'm not aware of any suitable storage on current smartphones or personal computers, so we may need to ask device manufacturers to add (simple, inexpensive) hardware to their devices to support secure deletion. <hr>-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE