Comment Another HMD on the market *yawn* (Score 1) 153
Call me when they release a VRD
Guessing from my experience to the situation of GP, they will probably end up with B), at least for some time. Maybe they can get away with it, because for a computer that is not on a network a lot of security issues go away.
That may used to be true, however modem day malware frequently will spread via laptops moved in and out of the network (see Conficker) or via usb drives (see Stuxnet). Computers with no network access can still be easily infected.
To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to.
however their privacy agreement still says they will gladly decrypt and give your data to law enforcement
Compliance with Laws and Law Enforcement Requests; Protection of Dropbox's Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.
Thanks, i was looking for that, I wanted to include that in with my OP but I could not find it.
Have you tried to remove a server from a rack without accidentally detaching the power cable? They went with the option that had the lest chance of failure.
They don't need to keep the whole rack powered, just the one machine they are interested in, they could power down the rest of the rack and a off the shelf UPS could run it for plenty of enough time to get it to a truck with a inverter on it.
As for the "magic splicing" it is not hard to do, anyone with a basic understanding of electric circuits can splice two live cables together.
If I keep all of my data in a strongly encrypted container (that does not have a password that is brute force able in a reasonable amount of time), how do you expect to gain anything meaningful "dealing with it as mere data" without the decryption key which was stored in ram till you shut the machine off to clone the drive?
... is they did not want to power down the server.
Law enforcement is trained that if you are seizing a computer, if possible, do not let it be shut down/locked. Forensics can snapshot the RAM and possibly get encryption keys that would be lost if the server was powered down. Worst case there could be a whole drive encryption that needs a password every boot, if you let the computer shut down you lose everything and all you will have is a worthless box without the password.
It is likely there was no way to remove the server from the enclosure while keeping it supplied with power. So what they likely did is they spliced in their own UPS to the cabinet and rolled the whole thing out. to their truck where they could keep it powered till a expert could get in and get a dump of the system state.
<@insomni> it only takes three commands to install Gentoo
<@insomnia> cfdisk
<@insomnia> that's the first one
No, but it was probably just a rookie mistake. You know, like an assignment instead of compare.
Or like not noticing something is VB where they use = as a comparator.
Don't panic.