How protected does laptop encryption leave you?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://fortune.com/2015/04/28/laptop-encryption-protection/

Security tips and busted myths about full disk encryption.

Want to protect your personal data? Try full disk encryption—a means of
locking down your computer files so that no one else with access to your
machine may pry inside.

To the uninvited inspector, encrypted hard drive data looks like
alphanumeric gobbledygook. To those with the right passphrase, it looks and
acts as normal.

“Everyone should be running full-disk encryption on their laptops,”
implores The Intercept before supplying a user-friendly tutorial on the
technology. “[I]t’s the only way to protect your data in case your laptop
gets lost or stolen, and it takes minimal effort to get started and use.”

Without disk encryption, your laptop is a sitting duck, Micah Lee writes:

If someone gets physical access to your computer and you aren’t using disk
encryption, they can very easily steal all of your files.

It doesn’t matter if you have a good password because the attacker can
simply boot to a new operating system off of a USB stick, bypassing your
password, to look at your files. Or they can remove your hard disk and put
it in a different computer to gain access. All they need is a screwdriver,
a second computer, and a $10 USB enclosure.

That’s right. Hacking an unprotected hard drive is that simple. So make no
mistake: Disk encryption is a good practice.

But beware! It will not protect you against everything. Motivated hackers,
wandering-eyed shoulder surfers, compressed air can-wielding operatives,
and tech-savvy “evil maids” may still all unlock your precious data, in
spite of encryption’s sureties. To help illuminate the limitations and
liberations of the technology, Fortune dissected The Intercept’s guide into
a taxonomy.

Here’s a quick list of what disk encryption does and does not protect
against.

You’re safe from…

Undesired physical access due to misplacement, thievery, or government
seizure. “Encrypting your disk will protect you and your data in case your
laptop falls into the wrong hands,” Lee writes.

Insistent border agents. At their edges, travelers to different countries
enjoy no right to privacy.

You’re vulnerable to…

Internet surveillance and spies. Think National Security Agency.

Trick malware downloads. Be careful when choosing whether to open email
attachments.

Bug exploitations. No software is perfect.

Traffic hijackers. Visit only websites that use encryption—”hypertext
transfer protocol secure” (aka HTTPS)—to secure incoming and outgoing
traffic.

Faulty memory. Do not forget your password.

Failure to lock unattended devices. Power off when you’re absent.

Weak passwords. “Password” is not a good password.
“Th1sIsN0tMyRe@lPas$wordHackz0rz”
is better.

Guest account workarounds. Cut off the other ways to access your laptop.

Direct memory access attacks. Malicious devices can be used to manipulate
or read your computer’s RAM, aka random access memory storage, when your
machine is unlocked.

Cold boot attacks. Using little more than a screwdriver, compressed
air-can, and the laws of thermodynamics, a crafty hacker can freeze and
eject your RAM after use, and then load its contents onto another disk.

“Evil maid” attacks. A bad actor can load malware onto your operating
system that triggers once your machine has been unlocked—so don’t let your
computer out of your sight, paranoid people.

Deprecated encryption software (like TrueCrypt). If a flaw is discovered in
the program, which is all but inevitable, you’ll want someone to patch it
immediately.

Shoulder surfers (who peak at passwords and PINs) and other
up-to-no-gooders… “The different ways you can get hacked or surveilled are
too numerous to list in full,” Lee writes.

For the “How to,” including best practices and the like, head over to The
Intercept where you’ll learn how you—yes you, too—can encrypt your Windows,
Mac OS X, or Linux disks. It’s easy.

Now all you need is a dab of glitter nail polish.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!