RightToPrivacy & Tech Tips BusKill Tutorial: Self Destructing Laptop Storage
#buskill #encryption #crypto #storage #forensics #antiforensics #HDD #infosec #cybersecurity #datarecovery #luks #encrypted #harddrive #privacy #security #educational
Watch On #Peertube:
Recent searches
Search options
#luks
2 posts2 participants0 posts today
BusKill: Self Destructing Laptop Storage
Replied to marczz
Why you should use full-disk encryption
If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.
You will fail to delete drives properly
Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like shred don't work. hdparm may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.
The law demands it
#GDPR and similar data protection and privacy laws require you to store no #PII (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.
Law enforcement makes "mistakes"
I'm a board member of @Artikel5eV, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.
There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.
You already mentioned that ordinary thieves can also be a problem.
Encryption is available for free
So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. #LUKS is reliable free and open-source software for HD encryption. If you are not using Linux, check out #VeraCrypt. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.
Replied to Christian Pietsch
@chpietsch I was wondering if enabling #LUKS on a running server has really a benefit. Of course if thieves enter your place, unplug the server and take it the disk is protected. But this scenario is not so usual. Most often the attacker get access to your live server. Once the server is booted and the disk is unlocked, all data on the encrypted volume is accessible to anyone with access to the system. This makes encryption ineffective against attackers who compromise a running server.
Lately I've been doing more #SelfHosting again due to the current situation. Of course, I'm paying particular attention to power consumption and noise. After good experiences with the #ARM64 architecture, even with power-hungry applications such as Mastodon, I'm now using the smartphone technology for my homeservers, too.
There are #SBCs with more open hardware, but the #RaspberryPi is widely available, well documented, powerful and inexpensive. And it is available with up to 16 GB of RAM.
Anyone operating a server on the Internet must install #security updates quickly. However, many people forget to restart running software so that the new version runs instead of the old one. The #needrestart tool helps with this on Debian-based Linux systems, which unfortunately is usually not pre-installed.
On my Raspberry Pi 4, needrestart always runs correctly (automatically after apt upgrade). On my Raspberry Pi 5, however, I first had to create a configuration file as described by the main developer here:
https://github.com/liske/needrestart/blob/master/README.raspberry.md
Previously, the tool always claimed that a reboot was necessary because it thought an outdated Linux kernel was running.
Next, I want to activate #LUKS hard drive encryption on both raspis. Unfortunately, this is not as easy under #Raspbian or #RaspberryPiOS as on other Debian systems. If you have managed this: Please let me know how you did it!
Mastodon, gehostet auf fedifreu.deFedifreudeDiese Mastodon-Instanz wird vom überregionalen netzaktivistischen Zusammenhang Datenfreude <https://datenfreu.de> betrieben. Dazu zählen https://datenpunks.de und https://kleindatenverein.org.
My experience with #FlashDrives recently has been mixed. I have no problem in encrypting them with #LUKS, using #cryptsetup or with formatting a partition with #Btrfs, for instance, using #gparted and doing other tinkering with #Gnome #disks. But the problem has been with the actual drives themselves. The cheaper ones seem to have quite a few bad sectors, etc. and so they’re not really reliable for medium term storage.
1/2
www.cureus.comHighly Aggressive Multiple Sclerosis Relapse During Pregnancy Following SARS-CoV-2 Infection: A Case Report and Literature ReviewWe report a challenging case of a 32-year-old previously healthy pregnant woman at 17+2 weeks gestation with a new diagnosis of exceptional highly active relapsing-remitting multiple sclerosis (RRMS) triggered by a severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) infection. Remarkable clinical characteristics were the rapid clinical deterioration, the severity and the nature of the symptoms, including spastic tetraplegia, dyspnea, dysphagia, anarthria, and a severe pain syndrome, which resulted in the need for intensive care and mechanical ventilation within 24 hours. Relapse treatment, as well as symptomatic treatment, was challenging and complicated by pregnancy. Early diagnosis, consistent and persistent interdisciplinary management including six weeks stay in the intensive care unit and 3.5 months in neurorehabilitation, led to a full recovery of the patient and a healthy born child. In addition to the remarkable clinical characteristics, we report the challenging therapeutic measures throughout the hospitalization. This case report could, therefore, assist others who may be confronted with a similar situation.
Each time I needed to migrate my data to a new SSD with LVM and LUKS, I struggled a lot, until I figured this out properly. I have documented all necessary steps in this document:
https://gist.github.com/andrewshadura/58098ea35471f2067bf9e5a33aec0c35
GistMigrating the system onto the new SSD with LVMMigrating the system onto the new SSD with LVM. GitHub Gist: instantly share code, notes, and snippets.
Arch Linux mit vollständiger Festplattenverschlüsselung
GRUB Bootloader zusammen mit LUKS2 und BTRFS Dateisystem Die Einrichtung von Arch Linux mit vollständiger Festplattenverschlüsselung durch LUKS2 bietet ein hohes Maß an Sicherheit für Benutzerdaten und Systemintegrität. LUKS2 (Linux […]
#arch #btrfs #grub #installation #linux #luks #luks2 #verschlüsselung
https://dirkwouters.de/arch-linux-mit-vollstaendiger-festplattenverschluesselung/
Zum ersten Mal war der Verband Angiodysplasie Schweiz beim "Rare Disease Day" im Luzerner Kantonsspital vertreten – und es mit war eine total bereichernde Erfahrung! 
Ein riesiges Dankeschön an ProRaris für die grossartige Organisation dieser besonderen Veranstaltung.
https://angiodysplasie.ch/unser-erster-tag-der-seltenen-krankheiten-in-luzern/
I managed to create an #encrypted #Linux #Filesystem on a #USBStick. The reason I wanted this is that I want to back up some directories, which contain secure information and also #NTFS, the one that comes on most drives, doesn’t know how to handle #SymbolicLinks properly. I don’t need or want to share the stick with any non-Linux machines.
Permanence autodéfense numérique
7 avril 2025, 17:00:00 CEST - GMT+2 - anarchive, 101 Rue Josaphat (Schaerbeek)https://agenda.collectifs.net/events/681803cd-64f0-4ac4-a786-ee01a23a8195
#Cifrar archivos, como última opción: consejos para no perder #información valiosa
El cuarto de GatoOscuro · Cifrar archivos, como última opción: consejos para no perder información valiosa - El cuarto de GatoOscuroCifrar archivos, como última opción: consejos para no perder información valiosa general
Replied in thread
@agu 1,2kg is a pretty steep target, but feasible unless you want a 15" 4k monster with dedicaded GPU.
- As with toolfree-swappable storage, that is easy to solve too.
I'd recommend to use either #LUKS-encrypted #btrfs or #VeraCrypt-encrypted #ext4 for portable storage...
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Attached: 1 image
@Clygro@labyrinth.zone @fuchsiii@oxytodon.com I literally have this one.
The LG GGC-H20L...
Sadly it doesn't do #BDXL so I had to basically get a BU40N as well...
And now my front bay is crammed to the max.
Mein Backup der wichtigsten Sachen habe ich immer dabei – auf einem USB-Stick am Schlüsselbund. Der ist natürlich verschlüsselt, damit im schlimmsten Fall die Daten nicht in falsche Hände geraten. Hier mal ein sehr einfacher Weg, einen Stick oder eine externe SSD/Festplatte unter #Linux zu verschlüsseln:
youtu.be- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
In one of your recent stream VODs, @tomlawrence, someone asked, whether they could run #ZFS on #LUKS - i can answer that; YES*, with an *asterisk.
I did this for quite some time, until i've decided that it's rather inconvenient to type in my password on every reboot. Now, i'm running LUKS on ZVOLs, in #Ubuntu / #qemu / #libvirt.
It's a small home server, and i need a few "privacy insensitive" VMs to auto-start after power-fail.
All one needs is a block dev, zpool create, done! 
…technically
Replied in thread
@x_cli Si tu utilises LUKS avec Clevis (TPM2) sur FCOS et que tu dois effacer le volume, c'est probablement dû à l'option wipe_volume: true par défaut. Ça empêche de garder les données entre les installs. Pour éviter ça, configure LUKS manuellement sans cette directive et assure-toi que Clevis ajoute une nouvelle keyslot sans écraser l'existant. 
#Linux #LUKS #FCOS
I am kinda confused about choosing the #encryption system for use with #zfs should it be ZFS native encryption or shall I put ZFS on top of #LUKS. LUKS seems to be the more 'mature' option and the performance is hardly 10% lesser than native. Does anyone have experience with using ZFS native encryption?