Re: A question about USB Storage.

From: Florian Streck (streck_at_papafloh.de)
Date: 08/02/05

  • Next message: dallas jordan: "Re: Outlook Security"
    Date: Tue, 2 Aug 2005 18:20:36 +0200
    To: security-basics@securityfocus.com
    
    
    

    Hello,

    I'm not sure if this is really a better solution.
    The Problems I see are:
    - when the device is used it's the same as with temp/swap files on a
      disk.
    - when it's not used someone could find a usb-stick lying around ...

    Using Linux I think it's very easy to implement.
    And if you delete the data on the usb-device before logoff, you could
    also do this to your temporary files or the swap-area. And with an
    usb-device you have the complication that you can't be sure that the
    data was erased. Perhaps you pulled it out a little to fast ...

    I'd prefer to put such important temporary data on an encrypted
    filesystem. But the solution I'm using right now has the disadvantage
    that after I mounted that filesystem everyone with root-privileges can
    read it. My workaround is to only use it on a system were no one but me
    has access. But the why encrypt that stuff if I'm the only user?
    If someone on this list has a solution for my dilemma I'd be very
    thankful.

    Florian Streck

    On Tue, Aug 02, 2005 at 12:07:54AM -0500, Carlos Manuel de La Concha Canedo wrote:
    > Dear List Members,
    >
    > I have been reading threads recently about recovering temporary data such as
    > swap file, temp files, et al.
    > If the information in the swap file and other system temporal files its so
    > important ¿why don?t put it in a usb device?
    > With a usb capacity of about 4 GB it could be a solution (and an added
    > complication) for the security of such files.
    >
    > It?s possible to do it? In windows? In linux? In Freebsd?
    >
    > I think that the sistem could include a function to erase the usb device at
    > logoff or shutdown, besides, could you prove that
    > A specific usb device was used in a specific computer?
    >
    > Thanks for your attention
    >
    >
    > Ing. Carlos Manuel De La Concha Canedo
    > ofeyNET
    > Clavelinas 257-1
    > Colonia Nueva Santa María
    > 02800, Azcapotzalco, Distrito Federal, México
    >
    > "Cuando se siente herida, la ostra...
    > hace una perla."
    > Anónimo
    >
    > --
    > No virus found in this outgoing message.
    > Checked by AVG Anti-Virus.
    > Version: 7.0.338 / Virus Database: 267.9.7/60 - Release Date: 28/07/2005
    >

    
    



  • Next message: dallas jordan: "Re: Outlook Security"