Paranoia

[rcgreen]

Is paranoia a disease or an aquired habit? Oh well, anyway,
I have it. I think it can be a useful tool, as a conversation starter
at parties, for instance.

Ok, here's the conversation starter. Back when I understood how filesystems
worked (around the time of FAT12 LOL), I had pretty good confidence of what
happened when a file was deleted, and what you needed to do to wipe the
data from a disk.

Today's filesystems are too complex for me to master, I just have to trust
the OS to do the right thing. So here's the paranoid questions.

[list=1][*]Could a filesystem be designed to save secret data?[*]Could the disk controller save secret data?[/list=1]

Let's say Microsoft comes out with a new version of Windows, with a magical new
filesystem, better than NTFS, proprietary and patented. Lots of neat new features.
Since no one has yet studied it, would you be confident that it didn't have a secret
"second container" that saves stuff you wish it wouldn't?

The second question is more paranoid. What if the hardware manufacturer had a special
"relationship" with say, homeland security to make their drives save,in ordinarily
inaccessible sectors, info that might be "useful"?

It's gotta be technically feasible, but do they have the motive? Would they try it?

[The Texan]

Hey, i looked around on Google for stuff related to this and i couldnt find anything concrete most was just on "hard drive security" and such so im gonna answer with my guessimate. Q Could a filesystem be designed to save secret data? A: Yes in theory but, think about if someone found out about this, a "whistle blower" or just a smart consumer. They would blow the lid wide open on this! and the company would have such bad backlash they would must likely be shut down. Q Could the disk controller save secret data? A: no i think not since a disk controller is just a circuit that connects the CPU to the harddrive but, i guess it could be programmed to do so? As for you 2nd more paranoid question, I think its possible but not likely... Our privacy has lately been invaded alot but that just seems to cross the line WAY to much.... the only cercumstance i can think of where that would happen was with known terroist suspects, so the government could get a case against them but, how would the gov. know who's pc to do that too and whos not too? It would be a big mess and prolly not worth the hassle..... anyway all this is just my 2 cents.

[nihil]

rcgreen

Try looking at "alternate data streams":

http://www.windowsecurity.com/articl...a_Streams.html

Also consider "cluster tips"

Do you really know what all those chips on your MoBo do?...................is that really a capacitor? EEPROM chips?

In answer to your specific questions:

1. YES...................NTFS already does: see above link.
2. YES...................they already do with bad sector management?

Also hard drives contain a lot of "secret data" in that it is not user accessible.

If you don't believe me, why is equipment used in truly "secret" environments comprehensively
DESTROYED afterwards?

Windows already stores a lot of stuff that WE don't need.

Welcome to the club old chap

[rcgreen]

Justfiable paranoia can be a terrible thing. No matter what outlandish things you
imagine, they are actually doing it and worse. I guess they "thought it was a
good idea at the time".

[Nokia]

On the first one, yes I think that is very possible. The main problem I see is that it would be very easy to detect and I dare say someone would develop a program that would let you see the data that is stored there!

[Noia]

did I hear my name?

Its long been known that HDD's arn't to be trusted, what I'm interested in is stateful silicon disks....ie, 200 gig USB-styley disk, the big brother of USB keys. Will they also have residual traces of data? can they be trusted?

Incase you want to take this to a new level, riddle your case with cordite and wire up some sort of smart-sence security system to blow up your case should some one fiddle with it. Make sure the cat can't set it off, that would be a bad idea.

[|gridley|]

#1 Could a filesystem be designed to save secret data?
You can try to hide things from plain sight but once you distribute and use something widely at the filesystem level, someone will find out and your secret will no longer be secret.
The Grugq's anti forensics.
http://www.archive.org/details/hitb2004-grugq
http://www.phrack.org/author.php?a=320

# Could the disk controller save secret data?
I am with the paranoia.
I take it a bit like dan brown said in 'deception point' : take what is is (technologicaly) publicly known and add twelve years (no exact quote).

To store a 120GB HDD on something secret would be a hard task I think.

[Aspman]

Hey Noia, you can recover data from flash disks in much the same way as normal disks. As long as it hasn't been overwritten it's still there. Saw it demonstrated not long ago.

[nihil]

Hey Aspman

To add to your comment, you can recover data from RAM by forensic means, as a similar solid state transistorised technology, the flash drive is equally susceptible.

In fact it is harder to clear out your RAM as the tools are just not available?

Check out Peter Gutmann on this...............I seem to recall writing a tutorial that mentions this a long time ago