Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Stealthier Internet access
From: Valdis.Kletnieks () vt edu
Date: Wed, 26 May 2010 01:03:42 -0400

On Wed, 26 May 2010 10:15:32 +0545, Bipin Gautam said:
it's a *bad* sector, so reading and recovering the data is a bitch...

No, storing in Negative Disk, bad sector, stenography, slack space are
all bad places to store data!

No, I meant it's usually not worth worrying that if the disk has done a
hardware assignment of a replacement sector for a *real* live actual
the-hardware-barfs-on-it bad sector, you can usually not worry about the
contents of that bad sector, as the drive hardware won't let you access it
directly anymore, redirecting you to the new replacement block.  So basically,
somebody needs to take the disk apart and start doing the clean-room data
recovery routine off the disk, trying to read 512 bytes of data at a time off
known-physically-bad areas of the disk.

And if your threat model includes adversaries that will do that, then
you *really* need to be using full-disk encryption and thermite in your
counter-defenses.  Oh, and a good countermeasure for rubber-hose crypto. ;)

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]