Detecting Laptop Tampering

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering.

Posted on May 4, 2018 at 6:19 AM • 46 Comments

Comments

Mark GentMay 4, 2018 6:38 AM

I recently opted to format my macbook and do an over the network reinstall from Apple. It was remarkably painless, and fairly cathartic. Whilst there is no way to guarantee that someone hasn't tampered with the physical machine and the bios/boot mechanism, completely formatting and reinstalling does give some measure of comfort. Just compare the difficulties I had with a rootkit on my old MS-Windows based laptop 10 years ago - The two days that rebuild took are two days of my life I won't get back. Segmentation of activities is the only way; use different facilities to access different types of service, ideally separate VMs.

Mike AckerMay 4, 2018 7:05 AM

if you do not know what software is supposed to be on your computer you will not be able to check it for un-authorized software

Wolfgang Stiller (Stiller Research) offered a product called "Integrity Master"

Integrity Master would make an inventory of the software on your computer -- and then later check -- to make sure noting was added, or deleted, or changed -- without you knowing about it.

a simple concept, actually: we have called it "inventory" for years.

i think Stiller used a CRC on software; today digital signature would be better.

this leaves the question of improper code in the Field Programmable Gate Arrays -- but -- perhaps we can put those management engines to some sort of good use.

ThothMay 4, 2018 7:15 AM

@all

If you trust your insecure laptop, you are literally gambling with your own privacy and security.

How about the ORWL machine (linked below) that was featured some time ago.

Another way is to put the critical codes into a tamper resistant enclosure with a connected display and input to the tamper resistant chip like the Ledger devices.

Link:
- https://orwl.org
- https://www.ledgerwallet.com

Paul May 4, 2018 8:13 AM

Nice to see a reference to Integrity Master. It was a very useful tool. I'd like to see something like it for Linux. I don't need it as much as I can get by with Beyond Compare from Scootersoftware.com (one of the few non-open source tools I gladly pay for). And ZFS on my NAS helps ensure I avoid bitrot, one of the other things Integrity Master was good for.

Clive RobinsonMay 4, 2018 8:24 AM

@ All,

The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering.

Especially if you have "Imperfect knowledge" of the computer hardware. Which is very likely these days.

If you think about it persistant malware needs a place to hide, which is some sort of storage around 1Kbyte or larger. Therefore the hard part you have to do first is identify all the places that this storage might be. The second is about how you might access it so you can read it's contents for checking. Oh and the third but probably most important, that it has not already been got at in the delivery chain...

As I have in the past, to see the magnitude of just step one, I refere you to the photographs the UK's Guardian Newspaper. These were published after "Tweedledee and Tweedledum" came down from GCHQ Cheltenham to London for a little shopping and to "securely erase" the Ed Snowden trove from a computer owned by the Guardian...

Have a look at the number of chips ground off of the main board then compare it to a photograph of the same model still intact, it might just supprise you...

But even on the assumption that Tweedledee and Tweedledum were "over egging the pudding" a bit to look good for the cameras, or the Guardian staff made a mistake under their direction. It is something that they or GCHQ their employers would know that people would check up on and then pull data sheets to see what was in the chips...

At the time I suggested on this blog that those teaching security courses might just want to do that. My reason was three fold, firstly to give the students an idea of the scale of the problem, secondly to catch out GCHQ and thirdly and perhaps most importantly the chance to do a little reverse engineering on GCHQ's work and methods. Because sometimes when you shake an established tree you realy do not know what may fall out...

Bob Dylan's Hairy EyebrowMay 4, 2018 8:48 AM

The fundamental problem here is that one can never prove a negative. The absence of evidence is not evidence of absence. The results of Lee's experiment were always going to be inconclusive. The best one can do is eliminate the obvious then hope for the best.

Clive RobinsonMay 4, 2018 9:18 AM

@ All,

In the article Micah Lee says,

    When I dump BIOS firmware using chipsec, it may be possible for sophisticated BIOS malware to lie to chipsec, which could be used to prevent detection. (I have never heard of BIOS malware that actually does this, though.)

What is the betting that now Micah has said "I have never heard..." that he very soon will ;-)

Look at it this way the "bad guy govs" Micah mentioned were customers of a certain Italian company of low repute, will almost certainly read his article, and will see his comment. Which will almost certainly turn it into a "Must have feature" for the "bad boy gov checklist"... Which means somebody else who might live in say Italy will likewise have read the article, thus thought "the customer is always right when they have enough cash in their hand" thus have started in on developing such malware as you are reading this...

hermanMay 4, 2018 11:30 AM

Hmm... IMHO if you use Windows as your OS then you are fighting an uphill battle:
You don't know which programs are supposed to be on it.
You don't know which programs are running.
You don't know which programs are connecting to servers on the wild wild web.

The last time I scanned a default install of Windows 10, it connected to 39 servers without asking my permission.

The only way to have a modicum of security, is to unplug the network cable and turn off the Wifi and Bluetooth radios.

neillMay 4, 2018 12:25 PM

@all

someone please sue intel, to gain access to all docs about IME

IF we had that info, we could openly discuss, modify, test, validate, improve, ...

Security SamMay 4, 2018 2:44 PM

If your main concern is tampering
You should avoid any scampering
And instead of excess pampering
You should consider hampering.

Security SamanthaMay 4, 2018 2:57 PM

There once was a man from Cruz
Who had a laptop he wanted to use
But he couldn't decide
If that was actually wise
Before he glued in the screws.

JackMay 4, 2018 3:30 PM

There used to be a program called Tripwire for Linux & whatnot, many many years ago. Open Sourced.

Back in those days, I used to boot off the Fedora rescue DVD image and use RPM against the original packages to find differences. Like the folks who had replaced login and passwd. Not perfect, someone adding an extra passwd earlier the path would bypass the check, but it did help.

echoMay 4, 2018 4:26 PM

I am slowly managing to bring my new to me security Swiss cheese laptops online. Oh what a bother firmware patching was . Yes, I even checked the battery! I have a fairly good idea from one end to the other what the vulnerabilities and risks are. I have sussed my dual boot configuration and Linux usb. (Getting a ram disc for browser cacheing to stick on a persistent usb was a nightmare!) I will also be turning my old tower system into similar configuration and repurpose it as a fileserver which is another headache.

No clients have paid the slightest attention to my computers even when left unattended. I could spray them in pink flowers and they couldn't pay less attention. I have a clutch on my desk and a box of overflowing cheap jewellery and nobody has pinched a thing.

Because of legal interpretation issues half my sensitive data is stored on Russian servers of all places, and the other half has poor security practices which leave it open to being sucked up by GCHQ et al unchallenged. My metadata tells a story of its own and the US and Chinese have their sticky mittens on this too. I don't know anything which isn't before or after the event public knowledge. Really, an APT would gain nothing from accessing or tampering with my computers. If anything if I needed I'd ask them for a copy of the data they backed up for me! I'm also fairly sure if organised crime compromised my laptop they would take pity and put a cheque in the post. Multiple people have copies of some critical personally sensitive data for academic and civic activism and media and legal reasons so it doesn't matter if malware takes my data down. At worst it's a temporary headache and in some respects even privately held stored passwords to systems are obsolete and replaceable.

I wonder if what Micah Lee was looking for cannot be found because it wasn't there. Not just with his laptop but also because the world we live in is a different domain and analogue. Anyone who was a threat would have seen him coming and avoided him and anyone who wasn't a credible threat didn't care. He didn't have anything they wanted and he didn't mix with the wrong kind of company.

echoMay 4, 2018 4:44 PM

@neill

I speculate that because Iran has no copyright treaty and is an important economy it may be possible for a legal action in Iran to force Intel to open up IME? There is also US precedent for sourcecode being divulged? European case law clearly delineates between function and copyright. Given the economics and security critical nature of IME and possibilities of human rights abuses I am wondering if an civil (or criminal) argument can be made which under applicable law reverses the burden of proof. UK law can be a bit funny but there is a strong common law legal principle that the law is as the law is practiced (which is also not true depending on circumstance so a real headache to figure out) plus law as culturally accepted by a body of civic opinion (which suffers from the same problem). There has been some full disclosure for national security sensitive software and given the critical tilt towards protecting the ecosystem (i.e. infrastructure and common usage) business and ordinary consumers have well grounded reasons to be concerned which according to case law is a belief which must be taken into account.

Basically, I don't know but the gist of a discussion is there.

Thomas SewellMay 4, 2018 8:21 PM

@Jack,

Tripwire still exists. Works great for all sorts of data integrity checking. About 20 years old now, but has stayed updated. The current commercial version will track and alert on the integrity of remote machines from a centralized server.

Rj BrownMay 4, 2018 9:24 PM

Most hard disk drives today support on-board SMART technology. This keeps track of, among other things, the number of times the drive has been powered up, and the number of hours of operation that is has seen. Why couldn't this be leveraged to detect if the drive was removed from the laptop, "messed with" (powered up to read or write), then replaced. Likewise, it could detect serial numbers to detect if the drive had been substituted.

Clive RobinsonMay 5, 2018 4:51 AM

@ Rj Brown,

Why couldn't this be leveraged to detect if the drive was removed from the laptop, "messed with" (powered up to read or write), then replaced.

The simple answer is "it could but..." it's not dependable or secure thus the Evil Maid software could "clock it back" so you woukd be none the wiser.

It's actually quite hard to design what is a software counter writing to what is realy volatile memory to be tamper proof / secure. Have a search for Adam Young and Moti Yung and "crypto counters". They wrote a rather nice book a decade or so back about crypto-virology which explains the ins and outs of it quite well.

albertMay 5, 2018 11:33 AM

I just reflashed the BIOS on my ancient desktop before I read this post. Boot to MSDOS from floppy, then run. Simple. Getting Linux to recognize the FDD (to acquire the new BIOS), not simple.

Regarding the BIOS flash memory. It is possible to provide enough power for the flash chip to be read, but you then violate the principal of not powering up the unit. Yes, you can lift the Vcc lead but this borders on fantasy. Better to apply a conformal coating to the chip and its environs. Now both you and your nemesis must act through 'normal channels'. There is a way to 'bypass' conformal coatings, but it requires special equipment. Not suitable for an evil maid approach.

Am I correct in assuming that modern laptops, like desktops, have circuits that draw power even when powered down? Determining if the unit was powered up would be the simplest way to reveal tampering via the OS. Doing so requires an approach that would be unknown to your nemesis. Then determining if the HD was removed is all that's required. Some glyptal varnish would help with that.

Knowing -exactly- what was done is quite another issue. If you're a cake eater -and- a cake hoarder, that is.

. .. . .. --- ....

Phige TroeffeMay 5, 2018 5:43 PM

All,

What about EM (or other energy) based sampling methods? What is known about the radiative response of a laptop or other device e.g. mobile to radiation probing ? Can one find out useful things about the state and content of the memories, BIOS, other chips etc ? Could this be done undetectably ? (until if it works designs are modifed to detect this kind of thing) ?

PeaceHeadMay 5, 2018 5:52 PM

I tend to agree with comments such as herman's...

It's just so extremely hard to know what's happening at the OS level, the application level, etc.
The last time I took a real hard look at my previous system I realized that the whole tech industry and computer / internet industry is one gigantic data mining scam.

Nobody and nothing is protecting us.

It's all undermined at every level.
Computers are inherently insecure.

I plan on divesting from tech more and more if I can.

echoMay 5, 2018 10:01 PM

After the event analysis and old school opsec can only get you so far as this topic demonstrates and, yes, security by obscurity is a thing and can indeedbe effective. If nobody knows what they are looking for and don't know what to avoid then analysis and mitigation strategies are defeated. (You will find this a lot within large organisations and court cases whereeven the experts and the experts experts on both sides and judges even sometimes in good faith don't know what they don't know.)

I'm a walking redundancy and am happy with my Swiss cheese security model. It works for me!

P.S. To any advanced persistent threats who might everbecome interested in me and insert their NOBUS could you atleast patch behind you please? Oh, and do the vacuuming too instead of leavign your muddy prints all over the place? Tea and sugar is in the top cupboard and milk is in the fridge. Tah.

SynonymousMay 6, 2018 5:33 PM

... whether or not his laptop was ever tampered with. The results are inconclusive, ...

They're already tampered with by design. Laptops are consumer equipment. Even the local yokel cops in cooperation with the Chinese government gotta have an indefeasible hardware backdoor or back orifice of some sort to get into a "personal" computer.

There's child pornography. Privacy is only for corporations.

Where have you been hiding?

Clive RobinsonMay 6, 2018 6:40 PM

@ Phige Troeffe,

What about EM (or other energy) based sampling methods? What is known about the radiative response of a laptop or other device e.g. mobile to radiation probing ? Can one find out useful things about the state and content of the memories, BIOS, other chips etc ?

It can be quite effective as I discovered back in the 1980's.

They are forms of "Active EmSec Attack" and also part of a larger class,of attack vector "Active Fault Injection Attacks".

They can be quite devistating. A few years ago a couple of students at the UK's Cambridge Computer labs "illuminated" an IBM 32bit TRNG through it's ventilation slots and reduced it's entropy from one in four billion down to around one in a hundred.

In effect brining any "brut force" search attack down into the done in microsecond range...

They illumination signal was just an unmodulated EM carrier. Back in the 1980's I experimented with AM and FM modulated EM carriers in the 10GHz range. Due to the nature of "slot radiator antennas" the 10GHz signal would easily get inside standard metal casing such as "19inch rack equipment" where it would then be picked up on internal signal wires. As such wires frequently go to the pins of IC's with their "to substrate" protection diodes any amplitude modulation (AM) would be "envelope detected" and appear as a current in the wire. Which inturn would create an offset voltage which can be used to unbalance both analogue and digital circuits. You can improve the effectiveness by double modulation. That is you modulate the 10GHz signal with a frequency that resonates with the wire you are trying to attack. It is this resonating frequency you modulate with the actuall attack waveform.

Even if you are nit trying to inject faults, an unmodulated carrier will get picked up by a wire and re-radiated. The effectiveness with which it does this is dependent on it's effective impedence which for most wires and PCB traces changes with the signal in them. Thus the reradiated carrier will be cross modulated by the signal in the wire/trace and the carrier will carry that modulated information back out of the piece of equipment.

This crossmodulation issue has been taught to TEMPEST technicians for many decades, and there are empirical rules about how signal wires, power wires and RF cables should be seperated and screened to limit the crossmodulation and reradiation.

If you want to know more any good book on Electromagnetic Comparability (EMC) for design engineers will provide you with much of what you need to know. On the RF side the likes of the ARRL in the US and RSGB in the UK publish books for amateur radio home/personal equipment builders, going further into the practical details of how to manage RF energy in equipment.

MarkMay 6, 2018 6:45 PM

One can't prove a negative.

Buy a laptop off the shelf, pay only with cash.

Consider your laptop a "security domain". Putting controls within that domain to monitor that security domain can always be compromised. Therefore, you really need something external to monitor evil maid attacks. I don't know enough about cameras etc. to really comment, but you need something external to monitor the laptop. This is pretty obvious from a security point of view.

Install an open source operating system. If you're truly paranoid, you'll run Trisquel (or some fully open source operating system that does not contain binary blobs). Don't touch Apple or Microsoft. Don't even touch Ubuntu.

Disable Intel backdoors (IMT? I can't remember what it's called). I assume AMD has the same, but I haven't done the research.

That's a good start. And you're kidding yourself if you don't at least do these things.

meMay 7, 2018 6:39 AM

@Clive Robinson
i'm from italy, and is a shame that nothing happened to hacked team after all the illegal and immoral things that they have done.
same apply to the nsa, gchq.

VinnyGMay 7, 2018 6:52 AM

@Thoth re: ORWL - This device might have merit, but I suspect some potential flaws, as well. I am mistrustful of product reviews by a purported independent party (DSW) who doesn't seem to provide any qualifications. Also, with six different sensors just waiting to trigger a scrub of the encryption key, I am concerned about a false detection rendering data inaccessible. Hopefully, the user can set thresholds and other limits/controls, but I see no reference to that capability. If I (as the actual data owner) accidentally press a key (or two) incorrectly, does the device trigger? What about if a coworker enters my cube while I am getting coffee and deliberately does something to trigger it that he or she could plausibly describe after the fact as relatively benign, or a regretable case of idle curiosity (assuming the person was even detected in the act?) Seems like the potential exists for DOS (DOD?) with no attribution. Given the size, maybe the user could disconnect and slip it into a pocket when leaving the immediate work spot... Also, in today's world, a max data capacity of 480GB is not a lot.

VinnyGMay 7, 2018 7:30 AM

@albert re: Am I correct in assuming that modern laptops, like desktops, have circuits that draw power even when powered down?
What about the LT power adapter itself? Dell LT have adapters that communicate with the computer using a known protocol, in a misbegotten attempt to prevent the user from using a non-Dell replacement adapter. Dell is almost certainly not the only OEM playing similar tricks. If I was trying to construct an EMA, I'd invest some time learning how widespread this "feature" is and whether and how it could be profitably exploited...
Hacking a Dell power adapter — part I
https://hclxing.wordpress.com/2014/02/06/hacking-the-dell-laptop-power-adapter/

VinnyGMay 7, 2018 7:46 AM

@Mark re:Trisquel - The "mini" version might have some appeal, otherwise, I'd stick with Open BSD for a blob-free OS as it has a long and largely vuln-free history. My biggest problem with it is that its resource consumption has ballooned over the years. The biggest issue with complex Open Source Software is that little or no real incentive exists for capable people to take the time to comprehensively audit it. The OSS model pretty much assumes that qualified people will undertake those efforts out of charitible impulses. To a limited extent, that was once so, but has drastically diminished over time, and continues to do so.

albertMay 7, 2018 11:34 AM

@VinnyG,
I was alluding to the fact that 'power-up' detection would be useless in situations where the unit is, in effect, powered all the time..... but however,

What if your honey-pot LT had no battery (better yet, one altered to appear 'dead' and non-functional), just an AC adapter? That AC adapter would be the ideal place to store information. At the very least, the time of power-up and duration. If you managed to hack the code on the computer side, imagine what you could store in a modified AC adaptor.

Thanks for the Dell hack link.
. .. . .. --- ....

@meMay 7, 2018 2:00 PM

Being immoral and or unethical
It's not the same as being illegal
The former two are life's reality
The latter is to control society.

secMay 7, 2018 4:12 PM

I don’t like the idea of calling this experimental laptop as a honeypot.
Honeypots should lure the attacker with some valuable assets. Was that any proof that that laptop might contain any importantly confidential data?

As no one will blindly shot their 0-days at some random targets – the same - no one will take a risk of getting caught by just trying to tamper some random laptops. Yeah – risk management is also in the attackers’ world.
Performing physical attack on someones laptop is expensive operation. No one will do it just to infect your notebook and add it to the botnet (as there are way cheaper ways to get that stuff done).

Btw, some time ago I enjoyed the talk at CCC where there was an idea to use glitter nail polish as seals: https://www.wired.com/2013/12/better-data-security-nail-polish/

echoMay 7, 2018 6:55 PM

I have been meaning to buy metallic nail varnish. I bought some colours plus glitter. Thanks for reminding me! This could go in the handbag along with all the other useful innocent looking stuff. Now you have me looking up survival blankets and emergency kits. You never know do you?

This is a spin on the old techniques popularised in Cold War era thrillers. If you are really picky I suppose modified atmospheres could be used or a tiny dot of UV sensitive paint.

VinnyGMay 8, 2018 7:58 AM

@sec re: "honeypot" - I think you are being overly pedantic. Certain specific lures may attract certain specific pests. I think that there are enough potentially avaricious and/or desperate people in low-level hotel employment to make any laptop left unattended in a guest room an attractive target at some significant rate of probability. Even if the would-be thief does nothing but power on and try a few rudimentary things to gain account and password information, it is an attack. In my example, even if the laptop was unplugged and in its bag, another power adapter could be substituted. Attackers could presumably keep a stock of labels with logos of the 3 or 4 most popular LT OEMs so that a superficially appropriate label could be slapped on the adapter once the LT brand is known. How many of us closely scrutinize our power adapters before plugging our LTs into AC outlet?

@albert I think there is plenty of room in a typical adapter for CPU & SDRAM in addition to power rectification parts. Also, Windows LT typically have a variety of "inactive" states for sleep and unpowered. For many of those states, (some of) the circuitry remains powered. In my experience, many or most non-technical users are incapable of distinguishing between those states. There once was a Dell LT that had a 2nd, Atom-class cpu that ran Linux, and afaik was always powered on.

Clive RobinsonMay 8, 2018 8:30 AM

@ echo,

Now you have me looking up survival blankets and emergency kits. You never know do you?

You would probably need some proffessional help on that score, if you look for "Ham Radio emergency Go Kits" you will find that people have spent time thinking about how to be not just self reliant in a natural or man made disaster, but actually make themselves usefull to survivours and emergancy services.

Whilst a lot of the "go kits" are for just radio kit that assume that generators, shelyer food and water will be made available the more interesting ones include personal "go bags" where you are assumed to "walk in unsuported" and need to survive for two or three days by yourself for power, sheltet, food, water and warmth etc. These "go bags" are in effect "back packs" that are for two to four day wilderness/mountain trecking with "amature radio" as an added weight. There are a couple of Ham radio hobbies which will prepare you these are SOTA and IOTA that stand respectively for "Summits" and "Islands" On The Air. SOTA is generaly just a short day or two duration IOTA can be a week to a month depending on just how remote the island being bagged is.

Some Hams actually go out and test stuff in quite harsh environments have a look at,

http://oh8stn.org/blog/2018/01/15/winter-field-station-qrp-portable/

It will give you a taste of what some people do as effectivly a self employed occupation.

When younger --much younger-- I used to do similar things over Xmas as I found that time of year to be dull in the extream. You would find me camped out in Epping Forrest, or the likes of mountains in South Wales or the Penninines or Scotland.

As I got a bit older I found that "Her Majesty" would pay me to do things like that, but it was kind of a "bit soft" compared to just slinging on a backpack and a couple of panniers on the push bike and just cycling off somewhere to "basher up" for a week.

Some of the most important lessons I learned are a good axe kept sharp will keep you alive and tool making. A good strike and tinder will save you more than time. String --paracord-- is something with worth beyond it's value. Soft toilet paper is not a luxury, and something you should always take good care of, the same with a bottle of whisky. Water weighs less in your stomach than it does on your belt. Salt is something you need more than protein. Learning to sew up your arm or leg can save your life, insulating tape makes a fast and water proof dressing. Practice turns information into not just knowledge that is worth more than it's weight in gold and moral but into an autonomic skill that lets you think on what to do next whilst you are using it.

As they say in the army "Any fool can be uncomfortable in paradise, but it takes a wise man to be comfortable in any environment"

It's something all kids should learn whilst playing, because life skills are best learnt the fun way not the hard way.

echoMay 9, 2018 8:28 AM

@Clive

I did browse a useful looking survival kit (which was available on an individual item basis or a complete set). What you suggest is good advice. Benefiting from others experience is useful.

With this in mind I planned digging into my media archive for a show where an ex SAS solider talked his way through his survival kit choices. Some of the items he picked had multiple uses although some I personally wouldn't have much use for but come in handy generally for those who do. One more innocent example is needle and thread for repairing clothes in an emergency which can also double for injuries. A wire saw for building shelters, and fish hooks and line for food, and antiseptic wipes for medical uses can double up as fire starters. I also found Youtube videos on replicating medieval technology very interesting. You can build quite a cosey home with sticks and mud and a bundle of leaves, and with a decent fireplace with a chimney too! A make up mirror can double as a signalling mirror. As you can imagine I'm thinking of something much smaller which will fit in a handbag (along with a medical kit and space for all the other junk and maybe a pair of roll up pumps). The rest is down to circumstance and imagination. An axe is a heavy lump I don't want to be carrying. If I needed an axe badly enough I would make one out of stone.

I do love adventure in the classic sense, and not just adventure but basic craft skills and experimenting is as you say valuable grounding for children. It's all good fun and doesn't cost much too!

PeaceHeadMay 9, 2018 5:25 PM

About the remote EM (electromagnetic) fault injection stuff.

I suspect that once it happened to me on a laptop.
It was during a time of my life when my apartment was being broken into multiple times daily by interlopers for almost an entire month! (October-early November of 2016, a horrible year!)... It was when I first was becoming more visible socially as a Peace Supporter and experimenting more with laptops and downloaded OSes.

I was in the midst of reinstalling some fresh OSes in the middle of the night. And everything was going entirely just fine. Everything worked, it was a clean install. No problems whatsoever. Then, during one of the initial test runs to start using it, out of nowhere, something killed it... just knocked it down... it crashed and the power failed for no apparent reason. It was very suspicious. The social environment was very complex then, and I moved out a few weeks before Halloween... (I didn't want some freaky invader coming into my place during halloween wearing a mask and trying to kill me or something).

I left town and didn't come back until election night, after the election was over. But then I had to move elsewhere.

Anyways, I digress, but computerwise, it was odd. It never happened to me before that one time, and never after. The computer stopped working only during that night. Other nights before and after it was fine. But I wiped it just in case. Also, there have been times when half of the RAM gets mysteriously "zapped" and destroyed during travel, but that's not as unusual.

I don't mean to make anybody paranoid, but it's the truth.

PeaceHeadMay 9, 2018 5:29 PM

I forgot to mention... about the laptop... it's not so much that it crashed, it just suddenly lost all power. No shutdown display, no error screen, no BIOS beeps, just suddenly OFF! And then it wouldn't start at all for several hours, and it wasn't the battery since i had the power cord. It was was spooky. That's not why I moved out though, I moved out because of all the breakins and somebody browsing my paper files and laundry and other stuff. At one point they left the stove on hot. I don't even ever use the stove, so I knew right away trouble had been there.

Clive RobinsonMay 10, 2018 1:20 AM

@ echo,

As you can imagine I'm thinking of something much smaller which will fit in a handbag

It depends on the size of your handbag[1].

However the "bare essentials" will fit in two tabbaco tins. The British Army issues them to some special forces and the Royal Air Force to pilots, the general contents are not secret[2]. I still have mine tucked away as reminders of days now long gone.

As for making an axe, don't even think about it, I've tried all sorts of methods in the past and the skills required are immense. I actually have an interest in the practical side of warfare and industrial archaeology, or to be more accurate "how man makes force multipliers" or more simply "tool making". It is an interest that started when I was very young and I learnt how to make "hurdles" from ash sapling, that you then use as the sub frame for making wattle and daub walls. Also how to make lime wash and why it's so important for keeping vermin down and for other health reasons. What often supprises people is the strength of "rammed earth" walls and floors as well as the structural strength of bales of straw (which realy do not burn). I've learned to make charcoal which is one of the first steps to working with metal as well as working with clay to make pots, tiles and bricks.

It's why I know that the axe needs to be made from metal such as bronze or harder but still pliable metals to be efficient in use. Napping flint is a very real skill that is dificult to master and whilst flint can have a very sharp edge, it's way to brittle to use as an effective axe.

echoMay 10, 2018 4:38 AM

@Clive

Oh, Enough to carry a couple of bricks but nothing too large. Yes, all very informative! This is what I found earlier by accident. Most of the things look familiar.

You can make bracelets out of paracord. Oooh, very sneaky.

Clive RobinsonMay 10, 2018 6:26 AM

@ echo,

You can make bracelets out of paracord. Oooh, very sneaky.

Look up the "lanyard knot" and the "monkey fist knot". When feeling a little bored, I make up key ring tags and similar with them.

You can also make "bell pulls" with them, to amuse our host @Bruce, you could use a simple variation to make up a ropework squid or octopus...

I note I forgot to add the foot note in my above so...

[1] Many years ago I had occasion to be traveling back from the USA and had sufficient bit's of new technology with me to warrant going through the customs channel. In the que in front of me was an American lady with a shoulder bag large enough to smuggle a small bear in. A young inspector calls her over for a baggage inspection and he indicates he wants to look through her bag. She quite chearfully put her bag on the counter in front of him, and I would be prepared to say it bowed under the weight. So this young customs officer starts in archeology mode taking things out layer by layer. The American lady says to him "No no honey that'll take all day" and promptly up ends the bag onto the counter. There is a cascade of objects that built quickly like a small mountain, when suddenly one made a bid for freedom. It was like the "my poor meatball" of the song as it skittered across the floor of the customs hall. With a sudden alacrity of movement you would not have expected from a cat, the lady shot after and pounced on the object and came back to the bewildered young customs officer with a hugh smile on her face, where she promptly anounces with deep joy "I've been looking for that for months". Needless to say the customs officer gave up at this point, with the pretence of a search he gave the mountain a cautious poke or two befor alowing the lady to put it all back in the bag. It gave me an insight to life I had not up untill that time I had ever thought about. It was a story I told Terry Pratchett and his wife at a weekend house party in Oxford, and he in return told me a story about another American lady who had a large tartan pull along case that appeared to have a life of it's own as it appeared to lunge at other travelers in the airport as it followed her. It was only later I found out he had used the insights it had given him to come up with "The Luggage" that belonged to the Tourist in the "Colour of Magic".

echoMay 10, 2018 7:56 AM

@Clive

It was crossing my mind how a bracelet might be repurposed as something else. I have a semi-obsession with things like this.

I daresay you could make some fancy things out of rope like a squid! If Bruce wants to pretend to be a human 3D printer you could send him a virtual christmas present! Maybe we could have a competition? You can make necklaces out of paracord too! Imagine what you could do with kevlar.

Speaking of which I've also been considering having a go with short stories as an exercise. Technical issues are all very good and I follow as much of them as I can (and have the idea I like reading some peoples comments even if they make me go cross eyed with jargon as a matter of respect if nothing else) and there is such a paucity of exciting thrillers and adventure stories which breath life into the topic. I'm ok with concepts but lack the structure and tonal texture. It's been a lifelong frustration. I don't know. It would have to be a crime fighter or something. Lots of action without hurting anyone or being horrible. I don't know. Maybe something else will come to mind.

Yes! I did discover things I had forgotten I even had in my handbag. They were very useful the other week. Speaking of which I cannot for the life of me find my big kitchen scissors.

Clive RobinsonMay 11, 2018 4:20 AM

@ echo,

Speaking of which I cannot for the life of me find my big kitchen scissors.

As long as they don't turn up on Crime Watch...

Several years ago I caught some low life from up north london way --by the accent-- breaking into my house. In the ensuing fight I got stabbed in the head by his accomplice with a screwdriver and ended up in hospital amongst other things having me ear glued back together with super glue... Head X-Rays showed that I also had bits of skull scraped off. I was lucky in that the blow glanced off rather than penetrated.

Any way one returning home I found that various kitchen knives were missing from the block on the work top. I reported them as stolen, and I had a natural concern that the thieves would use them on someone else as two of them where Sabatier with very carefully honed edges. I used them for making up center piece roasting joints and boning out etc, thus they cut through boar hide with no trouble what so ever...

It turns out they were not stolen, the civilian scene of crime officer when visiting to take finger prints etc said they had probably not been stolen but put around the house, in case the burglers got disturbed. Sure enough they had been hidden upstairs one in the "office" one in the "dead tree cave". Thus it was just luck I had disturbed them when they were still setting up...

The scene of crime officer, indicated that these burglars almost certainly were of a certain "career type" as there were clear indications they had been wearing gloves. But that they would also think nothing of using the knives etc and that they would almost certainly be back in the area the following day or so on "travel cards"...

I warned the neighbours a few doors either side, however a few days later there was a report that a lady a hundred yards or so up the road had disturbed burglars and got badly injured...

Hopefully they got caught at some point but I guess that they will have got away with many more crimes and violence.

These days I keep the cooking knives etc in a chef's roll, locked in a cupboard in the pantry that also has a lock on it's door...

echoMay 11, 2018 9:35 AM

@Clive

Oh, I'm sure they will turn up. I've likely had my share of luck too but certainly not as much bother as others.

I have found living in a place with defensive architecture and a security door with two locks and bolts top and bottom helps. It's not quite on the grand scale as some of the larger houses near the City but of a similar principle. The most valuable things are my laptops (which are design classics i.e. big and boring and heavy) and innocuous boxes of makeup and cheap jewellery and a silk corsetted evening dress off Ebay. Good luck to any thief making sense of the junk in my kitchen drawer. As you can guesss the opportunity/threat model is assymetrical and quite by accident not design I can assure you.

It's a good job most thieves don't have good taste or judgment otherwise they would have made off with your kitchen knives and half your kichen and you may have been none the wiser until morning by the sound of it.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.