
The Self-Destruct File - fogus
http://blog.obiefernandez.com/content/2010/05/the-selfdestruct-file.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+obie+%28Obie+Fernandez%29&utm_content=Google+Reader
======
mark_l_watson
I don't use full disk encryption, but I do have an encrypted partition that
has my .ssh, .pgp, password reminder file, and sensitive customer information.
Each time I boot up, I mount this partition. I have soft links in my home
directory to .ssh, etc. on this partition.

------
petercooper
OS X has the "FileVault" system which encrypts the contents of your home
folder. This should include things like SSH keys in ~/.ssh, and so forth.
(This is not particularly useful if someone steals your computer while it's on
and logged in, of course.)

~~~
martey
I think it is better to use a full disk encryption product (which encrypts
information) or encrypted disk images (which only encrypt sensitive
information) as opposed to FileVault.

FileVault converts your entire home folder into a encrypted disk image. While
this is fine for security (no worrying about whether your files are actually
encrypted, as long as they are in your home folder), it is bad for usability.
When you login or logout, FileVault will either mount and decrypt or encrypt
and unmount your home folder/encrypted disk image. Sometimes this process can
take several minutes. If your computer runs out of battery (or it is turned
off in exasperation), the encrypted disk image can be corrupted. The data
within is unrecoverable.

~~~
petercooper
After a brief foray with "DoubleSpace" back in the MS DOS 6.0 days, I vowed
not to try such nonsense again for fear of data loss, so I hadn't got around
to trying FileVault yet. I only mentioned it because no-one else had and it
seems to be an overlooked part of OS X.

That said, encrypted disk images work _great_ on OS X. I'd also suspect
there's an interesting way to auto-mount/symlink USB drives into useful places
so you have to carry it around with you for anything private to work.

------
BoppreH
I would use a user account called Administrator, without password. Make this
user, and only this one, auto-start a program to do all those things you want
it to.

It's better than a .txt because it's easier to hide (you don't have to
actually hide it this way) and the person that stole your notebook is more
willing to wait a little for the default programs to load than when opening a
file, especially a txt one.

When he/she thinks it logged in successfully, the portrait of the thief is
already in your inbox and your sensitive files encrypted/deleted.

------
quellhorst
After physical security, you should secure your data. Tips for Mac users:

1\. Using 1Password for random passwords encrypted with a master password

2\. Enable FileVault, if the password is entered wrong too many times it will
wipe the drive.

3\. Password protect your iPhone, set it to remove personal data after too
many bad attempts.

4\. Never use open WiFi.

~~~
AngryParsley
_2\. Enable FileVault, if the password is entered wrong too many times it will
wipe the drive._

I've never heard of FileVault wiping the user's encrypted sparse image after
too many bad password attempts. Googling gives me nothing. If too many bad
passwords _do_ wipe the sparse image, how do I disable that? I have backups,
but I don't want anyone to be able to delete my data so easily.

 _4\. Never use open WiFi._

Umm... why? Pretty much every site uses HTTPS or hashes your password in
JavaScript before sending it over the wire. Sure there's a chance of HTML
injection if the login form is sent over HTTP, but it's a very small one.
Unless you're at DEF CON or something, open wifi isn't a major risk. I guess
if you're super paranoid, set up a VPN server and connect to it when you're on
an untrusted network.

I think the ideal solution is to use FileVault or some sort disk encryption,
then also have a cron job runs a script every hour/day/whatever. This script
would check a certain URL for a message (say <https://your-
website/is/my/computer/stolen>). If that message says, "yes I am stolen", the
script would activate the camera, e-mail the picture to you, and run shred on
the drive. Basically a poor man's version of
<http://www.orbicule.com/undercover/mac/>

------
0wned
Full disk encryption. No worries mate.

~~~
sorbus
Perhaps combined with another operating system which performs the tasks
mentioned in the article? [Taking a picture, and sending it, the ip address,
and anything else interesting/identifying about the network (nmap dumps,
nearby access points - assuming that it just connects to any unencrypted one -
traceroutes, and so forth), to a predetermined email address].

------
mjgoins
The 'delete everything sensitive' step would either not be reliable (unlinking
all the files) or would take an extremely long time (writing zeroes or noise
over all those bytes).

~~~
tetha
I think you could just flip bits at random positions (probably blockwise to be
faster) in those sensitive files. This should corrupt the files pretty
quickly.

------
anujseth
While encryption may save your data, you can't really brick the computer. Take
out hard-disk throw in trash, replace with new 50$ disk, welcome to you're new
macbook pro.

~~~
Splines
I know that Dell in particular can set a password on the BIOS that is
extremely non-trivial to bypass. Other hardware makers probably offer similar
functionality. Taking this a step further and allowing this to be set from the
running OS could be possible, thus effectively bricking the computer (barring
access to hardware support channels, but you registered your computer anyway,
didn't you?)

------
joezydeco
I could see a file called "secret_accounts_dont_open.txt" being really
attractive to my wife or son. Pass.

