Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 07, 2016, 04:35:10 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Strategies for international travellers regarding new US Customs seizure policy  (Read 28393 times)

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,474
    • View Profile
    • Donate to Member
The problem is I store many passwords on my laptop - passwords and other confidential data in word/excel files that provide access to my email accounts and other sites. I'm afraid of this falling into the hands of the TSA people.

I suggest you stop storing your passwords in Word/Excel and use something much better like fSekrit. Also, make sure you have a good passphrase. Even 1024-bit encryption would be practically useless without a good passphrase.

The worst imaginable pass phrase (eg, "this is my secret password") is many times more secure than an average single word password (eg, "god123"). And it's easier to remember.*

Yes, well the problem with that is that so many systems/programs put such arbitrary limits on the "password", (eg. 3-8 characters consisting of at least one character from at least 3 out of the 4 groups: lowercase, uppercase, number and symbol), that it makes picking an easily remembered "passphrase" a joke.

I used to have all my program serial numbers in a plain text file which was then encrypted using my PGP key, (which was 2048 bit and a passphrase of 25 odd characters).  Very secure but an exceeding PITA when I needed it and didn't have PGP handy   :-[

Nowadays, just a self-extracting encrypted RAR executable - much more convenient and WinRAR's encryption is very strong.

Also, I picked up an imation Atom flashdrive.  Comes with software that lets you make an encrypted partition, if the wrong password is entered 3 times, (or was it 5?), it formats the drive.  If you are accessing the encrypted section and you unplug it, it automatically locks it again.  Even better, it's very, very small - smaller than a Type A USB plug.

But if you wanted to carry your data with you in a non-obvious way, I would suggest grabbing an 8GB MicroSD flash card - encrypt your data, put it on it, hide it - I very much doubt that they would be able to find it with a cursory search or even using the airport x-ray machines.  Don't carry the reader, otherwise they'll know what to look for - just buy a reader at your destination.
« Last Edit: August 21, 2008, 03:10:18 AM by 4wd »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Sorry! This got put up accidentally. :-[
« Last Edit: August 21, 2008, 01:44:26 PM by 40hz »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
The problem is I store many passwords on my laptop - passwords and other confidential data in word/excel files that provide access to my email accounts and other sites. I'm afraid of this falling into the hands of the TSA people.

I suggest you stop storing your passwords in Word/Excel and use something much better like fSekrit. Also, make sure you have a good passphrase. Even 1024-bit encryption would be practically useless without a good passphrase.

The worst imaginable pass phrase (eg, "this is my secret password") is many times more secure than an average single word password (eg, "god123"). And it's easier to remember.*

Yes, well the problem with that is that so many systems/programs put such arbitrary limits on the "password", (eg. 3-8 characters consisting of at least one character from at least 3 out of the 4 groups: lowercase, uppercase, number and symbol), that it makes picking an easily remembered "passphrase" a joke.

I used to have all my program serial numbers in a plain text file which was then encrypted using my PGP key, (which was 2048 bit and a passphrase of 25 odd characters).  Very secure but an exceeding PITA when I needed it and didn't have PGP handy   :-[

Nowadays, just a self-extracting encrypted RAR executable - much more convenient and WinRAR's encryption is very strong.

Also, I picked up an imation Atom flashdrive.  Comes with software that lets you make an encrypted partition, if the wrong password is entered 3 times, (or was it 5?), it formats the drive.  If you are accessing the encrypted section and you unplug it, it automatically locks it again.  Even better, it's very, very small - smaller than a Type A USB plug.

But if you wanted to carry your data with you in a non-obvious way, I would suggest grabbing an 8GB MicroSD flash card - encrypt your data, put it on it, hide it - I very much doubt that they would be able to find it with a cursory search or even using the airport x-ray machines.  Don't carry the reader, otherwise they'll know what to look for - just buy a reader at your destination.

Being both cheap - and sneaky - I like to supplement my security with a little bit of "low-cunning" rather than rely exclusively on technology.  ;)

One thing I always do is never put real passwords in my password manager. 8)

I have set of arbitrary conventions whereby one (or more) characters in a saved password is always incorrect. For lack of a better word, let's call these conventions "fake-outs." You can do this in a number of ways:

Examples:

1) Numeric Bump Fake-Out - add a certain number to another number.

   ex: Bump the last two digits by 2 (use modulo if digit rolls over)
     
   Real Password: ARB&1111 becomes Stored Password; ARB&1133
   Real Password: Trx119AB  becomes Stored Password: Trx131AB

2) Bogus Character Fake-Out - put a "red herring" in your password

   ex: Always insert fake character in 4th position

   Real Password: abcd1234 becomes Stored Password: abcWd1234 (4th char W is faked)

There are thousands of other ways to do this. And they can be combined. Get creative and come up with one you can remember. Just make sure you are consistent when you apply it.

If you're a real paranoid freak, you can come up with several schemes and use them at will. You could assign each one a code (ex: A B C D) and use that as the prefix for your faked password (ex: any password beginning with "A" uses the numeric bump method - so ignore the A and compute the real password from what's left). That way, even if somebody figures out one fake-out, they still don't have the "secret decoder ring" for the rest of your passwords.

Fake-outs do increase your security exponentially - even a cracked master password and access to your password manager won't give away your real access codes. But it does prevent you from using the automatic login feature of your password manager. Sorry, nothing is for free.

So welcome to Little Orphan Annie's Inner Circle! (Here's you secret decoder ring.) Now all you need to do is decide how much security you really need - and how much you can tolerate. Just watch out for those waterboards! ;D
« Last Edit: August 21, 2008, 01:48:44 PM by 40hz »

Mamba

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 2
    • View Profile
    • Donate to Member
Switching to online storage/applications will only make it easier for the gov't. since all the ISP's have given them a window to do deep packet inspection on all their traffic. You can use encryption but I suspect that soon doing that will be automatic grounds for a ticket to Gitmo.

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
But if you wanted to carry your data with you in a non-obvious way, I would suggest grabbing an 8GB MicroSD flash card - encrypt your data, put it on it, hide it - I very much doubt that they would be able to find it with a cursory search or even using the airport x-ray machines.  Don't carry the reader, otherwise they'll know what to look for - just buy a reader at your destination.

That's what I did on my last trip.  I put the card at the bottom of my bag and it got un-noticed. :)
But this was just to be used in extreme case... As I didn't have a laptop with me anyway (all these stories got me a bit nervous).

I still wonder what the people who absolutely MUST travel with their laptop do...? Just Risk loosing it? Use mouser's strategy of buying 5 laptops...?  ;D Mailing is definitely a possibility, but an expensive one and not necessarily convenient one -- and soon, of  course, we'll learn that all computers sent by mail will be confiscated etc.

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Read more about this member.
    • Donate to Member
I still wonder what the people who absolutely MUST travel with their laptop do...?

Good point - it always *seems* like a great idea to take my notebook, but I rarely do much with it and no longer even bother taking it out in the cabin. In fairness, when I've traveled for work, I've used it extensively. However, I've never really used it when I've been on vacation...
"Some people have a way with words, other people,... oh... have not way" - Steve Martin

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
In these totalitarian circumstances, I'd certainly think twice before taking my laptop with me on vacation!  :o I'd take the risk only if I had absolutely NO choice to bring it with me (special applications, no computers easily available where I'm going, etc.). And then I'd probably replace the hard drive with another one containing nothing but a strictly functional Linux distro, send my data in advance by mail to where I'm going, or just download the necessary data (encrypted) from a web to be able to work. This is not ideal, but feasible.

There's also the liveCD option. But it's not as easy as one would probably think... There are not many internet caf├ęs around that will allow you to reboot their computer with a live CD ( :tellme: ) , and, depending on where you're traveling, using someone's (or whatever) computer might be not be an easy option either! Still... carrying a liveCD (or USB stick) with everything you need, is not a bad idea as it could be useful. It could.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,408
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
There is an easy and safe way to travel with your laptop overseas.

Step One, take apart your laptop into small pieces:
laptop-parts3.jpg

Create a handbag out of the keys and give that to your girlfried to carry:
key_bag2.jpg

And give her a pair of these cpu earings to wear:
2212424969_cb40fe9fe0.jpg

Wrap the rest of the pieces in ziploc bags and swallow them, along with a small screwdriver*.

When you arrive at your destination, merely reassemble the pieces and your are ready to compute!

[*you may want to simply purchase a small screwdriver at your destination instead of swallowing it as screwdrivers are a considered a deadly weapon on planes now]

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
What is the optimun size of laptop hard disk size for swallowing (and how do I get it out again - I may have a big bum but ....)  :-\

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,367
    • View Profile
    • Donate to Member
What is the optimun size of laptop hard disk size for swallowing (and how do I get it out again - I may have a big bum but ....)  :-\
That will require careful analysis...

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
What is the optimun size of laptop hard disk size for swallowing (and how do I get it out again - I may have a big bum but ....)  :-\

i'd be more worried with the lcd.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
Can you get roll up LCDs for laptops?

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,605
    • View Profile
    • Donate to Member
given the angst this thread apparently created this from slashdot may be of interest

Quote
Your Rights Online: Bill To Add Accountability To Border Laptop Search
Posted by kdawson on Wednesday September 17, @08:07AM
from the is-a-receipt-too-much-to-ask dept.

 I Don't Believe in Imaginary Property writes

"Rep. Loretta Sanchez (D-CA) has introduced a bill that would add accountability to the DHS searches conducted upon the laptops of those crossing the border. Specifically, it would require the issue of receipts to those who had their property confiscated so that it could later be returned, would limit how long the DHS can keep laptops, would require them to keep the laptop's information secure, and would create a way to complain about abuse. Finally, the DHS would be required to keep track of how many searches were done and report the details to Congress. Rep. Sanchez also has also issued a statement about the proposed bill."

Grorgy

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 821
    • View Profile
    • Donate to Member
Good to see Target, a little accountability is a good thing. You have to stop the bad guys somehow but there is not a lot of point if in doing so you become the bad guys!

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,605
    • View Profile
    • Donate to Member
yeah, accountability is a reasonable expectation

Reading this thread i couldn't help wondering if this was really such a problem, or if a lot of it was speculative (some posters seemed pretty worked up about it...)

a non-issue for me as I don't travel, or own a laptop, but it seemed to me that laptops were only the tip of the potential iceberg as any digital device (eg usb keys, mobile phones, digital camera's, memory cards, even some kid's toys) could be subject to this legislation...

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 10,325
    • View Profile
    • Donate to Member
give them a message (probably get you even more attention though!)

metalplatessdfv.jpgStrategies for international travellers regarding new US Customs seizure policy

One of my favorite artists, Evan Roth, is working on a project that will be released soon - the pictures say it all, it's a "carry on" communication system. These metal places contain messages which will appear when they are X-Rayed.
via this boingboing post

Tom

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
eheh. Fun stuff.
(Not sure I'd do that though...  :))