Laptop Security

[Idontwantspam]

remember to change the adminstrator account password i got into a lot of computer with the f8 safe mode trick

Or, if it's Windows XP MCE or Professional, you don't even need to go into safe mode to try the administrator and guest accounts. Some people make it pretty easy to take control of their system. It's always fun if you can access the Administrator account to make a new account and call it HaHa and set the background to a picture of the owner of the targeted computer and then to have it log on automatically, and then forbid them from logging off or shutting down (by editing their policies). Or, to set the logon notice to say "Your computer has been broken into. Consider changing the Administrator password."

Of course, restarting might get you in trouble with the BIOS password. I always rename the Administrator and Guest accounts (And not to Admin or Boss or Control or something like that. More like to ZX681 and C87Y or something random). This can be done from group policy. So much fun to be had... Another thing if you can break into their Administrator account and if they are using EFS, then if you reset their password, they loose all EFS files. Which really sucks for them.

It doesn't matter how darn much security you put on your laptop if someone can get it. Because if they want to, they will eventually get in. If someone has your computer in their hands, they have all the time in the world to get in.

Yes, that is correct but what length of time do you want to spend getting into a system encrypted with SafeGuard Easy? For each incorrectly entered password the length of time until the login appears again is exponential. The user ID or password incorrectly and you will wait an hour after the 4th missed attempt. Now it you want to try and crack AES-256 you could access it directly. If you put the drive in another machine windows will recognize it as a RAW partition. Read it with a disk editor and you get the encrypted data from end to end.

Now if it is incorrectly configured it could be made easier by giving you one piece of the puzzle (login ID) or using XOR encryption instead.

So yes while it would eventually be possible to get the data from the drive, could you do it in a reasonably practical length of time.

Good point. What I was trying to say is that you can never completely trust that your system will never be broken into. It's just that it's possible, and that physical security is important, too. After all, even if they can't get in, neither can you if they have it. Another related tip would be to set the account lockout policy, so that if people enter the wrong logon password too many times, then the targeted account gets locked out for as long as you set, or until an Administrator unlocks it.

[Zxian]

My solution last summer when I needed something like this was to use TrueCrypt with a keyfile that was stored on an SD card that I normally kept in my wallet. Whenever I wanted to mount the volume, I'd have to plug in my SD card first, and then also enter my password.

I kept a copy of my keyfiles on my webhosting as well, in the unfortunate event that the SD card might break or fail.

Even if someone stole my laptop, they'd almost never get into my confidential documents.