Traveling With A Laptop

Discussion in 'Tech Talk' started by F106 Fan, Oct 2, 2015.

  1. F106 Fan

    F106 Fan

    Messages:
    9,966
    Likes Received:
    2,565
    Joined:
    Oct 19, 2011
    Our mayor just had his laptop and cell phone seized as he returned from a trip to China:

    http://www.recordnet.com/article/20151001/NEWS/151009979

    It seems to me that if I had to travel with a laptop, I would remove the hard drive and just run off a Linux Live CD. Most mail systems (like Yahoo) allow the user to interact with their email on their web site or download it with something like Outlook. While traveling, just use the web interface from the browser on the Live CD. You could even use an Out Of Office notice to have senders resend their email to a new but temporary web based email site.

    If my laptop wouldn't boot from a DVD with the HD removed, I would put in a new drive just to make BIOS happy and never write a single file.

    As to the cellphone? Buy a burner at 7-Eleven and tell those few people who get your new number to not call unless the Fire Department just left your burned out house and maybe not even then. Certainly don't allow texts. Don't create any contacts either. If you can't remember a number, call someone else who can.

    ETA: Files that you absolutely must have could be stored on the cloud.

    Yes, Live CDs are slow but at least you're not going to give away your life's story.
     
  2. tattooo

    tattooo

    Messages:
    1,121
    Likes Received:
    451
    Joined:
    Aug 25, 2015
    Man....that's some 007 $#☆☆ right there
     

  3. Turn4811

    Turn4811

    Messages:
    1,638
    Likes Received:
    878
    Joined:
    Jan 31, 2014
    Location:
    NE Atlanta
    If they took my laptop and cellphone there is no way I would provide passwords. I have traveled extensively internationally and the only time I have ever had a problem was in Ethiopia. BTW Ethiopia is a $hithole and government corruption is the norm.
     
  4. F106 Fan

    F106 Fan

    Messages:
    9,966
    Likes Received:
    2,565
    Joined:
    Oct 19, 2011
    Most US cell phones won't work in foreign countries anyway. Leave it home.
    Dropbox enters into this equation for files, itineraries, contact lists, etc.
     
  5. Ralff

    Ralff

    Messages:
    1,289
    Likes Received:
    10
    Joined:
    Sep 10, 2008
    Location:
    Central FL
    If someone is traveling overseas (or anywhere, really) with a company laptop, they should consider using Bitlocker and/or drive encryption. Live CD/USB is not a bad idea either, if all you need is web access.

    Otherwise, someone with physical access to your device will be browsing your local files in 30 seconds, passwords or not.
     
  6. F106 Fan

    F106 Fan

    Messages:
    9,966
    Likes Received:
    2,565
    Joined:
    Oct 19, 2011
    It's my understanding, and I am probably wrong, that you can be forced to give up your passwords for the laptop and cell phone. There's some interesting case law re: protecting the border that seems to contradict the rights we think we have.

    So, BitLocker isn't really a help if you have to give the Feds your password. Better to not have any files on the system at all. If somebody asks why you use a LiveCD, tell them you were concerned that your laptop might be stolen. Identity Theft, that sort of thing.

    With DropBox and Cloud services, there is no reason to have data files on a laptop.

    It's an interesting topic, there are lots of ideas on Google. But any of them that play with hidden partitions and such won't survive a cursory glance by someone who knows what they are doing. Encryption doesn't help if you have to give up the key. Simply not having any files is an absolute way to prevent information leaving your laptop headed for The New York Times.
     
  7. MajJamesMcFarlane

    MajJamesMcFarlane

    Messages:
    3,531
    Likes Received:
    1,083
    Joined:
    Jun 18, 2015
    I've advised at least one big name journalist who goes to denied areas on this subject. You are onto the right idea with a live disk but go USB stick, a lot easier to eat or smash. It really depends on the country but then again the free market has really democratized malware sold to "the good guys" (the sovereign government of a nation). Going to China, Russia, Iran or Syria isn't the same as going to Ghana or Nairobi.

    At the end of the day in most of these cases it might well come down to a little "rubber hose cryptography". Something like a live CD/disk is going to get you out of that situation if you are able to destroy it and your laptop boots up to a picture of you and the family skiing in Vale last year. You have over the Windows Password and all he finds are some spreadsheets and a whole lot of tranny porn.

    As far as cell phones, depends on the area but some place like China, I'd leave my smart phone at home. I know people who will use a VPN wifi router that will grab a signal from a network around you and then rebroadcast an SSID that ports directly through a VPN back home. They can use this for somewhat secure VOIP conversations but if you are really that concerned about a foreign intelligence agency snooping, you have the right idea in just buying a burner and being comfortable with the fact that you do not have anything approaching secure coms while you are on the trip.
     
  8. MajJamesMcFarlane

    MajJamesMcFarlane

    Messages:
    3,531
    Likes Received:
    1,083
    Joined:
    Jun 18, 2015
    Really depends on locations and having that special little blue passport but there are plenty of ways to encrypt entire drives so that not even NSA can access them. The problem there is that you now become the weakest link in this chain and your password is probably only a few blows to the head from the surface. The idea behind the live disk is that without it the system boots to a normal computer that a middle aged businessman would be carrying. Family pictures, a little music, some mundane business stuff and email and maybe some weird porn just to fit in to camel-f'n country.
     
  9. GIockGuy24

    GIockGuy24 Bliksem

    Messages:
    4,187
    Likes Received:
    74
    Joined:
    Jul 14, 2005
    Location:
    Pentagon City VA
    Many of the newer laptops can boot from SD Card. I installed a live DVD on an SD Card. A USB thumb drive could be used instead. If the laptop can't boot from SD Card, like my old one, I put the boot section on a CD or a USB stick and the OS on an SD Card. It doesn't have to be a live system. A hard drive install to USB drive or SD card should work. I have used a microSD Card in a full size SD card adapter so I can swap out my personal card to a generic OS for going through airport security.
     
  10. MajJamesMcFarlane

    MajJamesMcFarlane

    Messages:
    3,531
    Likes Received:
    1,083
    Joined:
    Jun 18, 2015
    Roundly good advice, I carry around a USB stick that got washed and the case came off. I'd much rather swallow a MicroSD than I would a full sized 32GB USB drive.
     
  11. GIockGuy24

    GIockGuy24 Bliksem

    Messages:
    4,187
    Likes Received:
    74
    Joined:
    Jul 14, 2005
    Location:
    Pentagon City VA
    I travel with no hard drive and two microSD Cards as collar stays. One with my personal OS and one with a clean OS, in case my laptop is taken for examination.
     
  12. MajJamesMcFarlane

    MajJamesMcFarlane

    Messages:
    3,531
    Likes Received:
    1,083
    Joined:
    Jun 18, 2015
    The issue there is that you raise massive red flags. Why don't you have a hard drive? Why do you carry a laptop that doesn't boot? Take your pants down, spread your cheeks, bend over and cough sir. Oh you don't want to? Really? Mr. Habbibi can help you with this.
     
  13. GIockGuy24

    GIockGuy24 Bliksem

    Messages:
    4,187
    Likes Received:
    74
    Joined:
    Jul 14, 2005
    Location:
    Pentagon City VA
    The second SD Card is left in the laptop for airport check-in. The laptop will boot and run from it as a regular hard drive. That card has no personal data on it.
     
  14. MajJamesMcFarlane

    MajJamesMcFarlane

    Messages:
    3,531
    Likes Received:
    1,083
    Joined:
    Jun 18, 2015
    Again, this is gonna work fine in most of Africa but China, the mid east and Russia....good luck with that.
     
  15. Jon_R

    Jon_R

    Messages:
    7,580
    Likes Received:
    3,467
    Joined:
    May 3, 2009
    Location:
    Central Florida
    Be careful with encryption some countries ban personal use of encryption. You may find yourself in a crappy prison cell. Know before you go. Also assume in bad countries if you lose site of your device it is compromised without good encryption.

    When I go to blackhat I just bring my ipad and wipe it when I go home.
     
  16. MajJamesMcFarlane

    MajJamesMcFarlane

    Messages:
    3,531
    Likes Received:
    1,083
    Joined:
    Jun 18, 2015
    Some stuff is covered by ITAR. Back when PGP came out the NSA was seriously scared that industrial level encryption was not only available to everyone but free and easy to use. Julian Assange actually collaborated on a file system exactly for this scenario.

    https://en.wikipedia.org/wiki/Rubberhose_(file_system)

    https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

    I rarely stay at the hotel the Con is being held at for that reason. Professionally I'm a one man show so if I travel, I have to have 2 laptops a tablet and a phone on me. I leave all that gear at the hotel and forward my VOIP business number to my burner flip phone or Nokia. It's within the realm of possibility that old crap like that could be used as an attack vector but no one is going to be targeting me that specifically so I'm not too worried.
     
  17. Jon_R

    Jon_R

    Messages:
    7,580
    Likes Received:
    3,467
    Joined:
    May 3, 2009
    Location:
    Central Florida
    ITAR deals with export of technology from the US. Some countries you bring encryption in you have contraband in the country and are subject to arrest.

    https://en.wikipedia.org/wiki/Restrictions_on_the_import_of_cryptography

    We had to research it as our company requires all laptops to do hardware based full disk encryption and some people that travel regularly to countries that ban encryption we had to make exceptions to keep them out of jail. They don't really want to go a Belarus or such prison.

     
  18. Hef

    Hef

    Messages:
    4,105
    Likes Received:
    392
    Joined:
    Sep 12, 2004
    Location:
    Hilton Head, SC
    How thorough is the factory reset in iOS for wiping data? I am familiar with retrieving deleted data in iOS but have never dealt with a wiped drive.