Greatings to Packetknife (PK), Acidius, Electr0n, Jofny, Setuid, Maetrics, Jen, Scottderr, Ac0lyte & the unmentioned crew at Violating.US!
Love you all!


Dealing with Sensitive Documents
I thought I'd share one way of dealing with sensitive documents. By 'sensitive,' I mean any file that contains information about secret things, but I am not referring to anything so urgent as to involve national security, or life and death- just secret enough to handle carefully.

Personally, I keep my files off line for the most part. My files live on removable USB drives. Generally I recieve one or two files to work on at a time. The are sent using symmetrical encryption.

The files are saved directly to USB drive and reencrypted with a single key that only I know. As I work on them, I make it a point to save them across 2-3 separate USB drives. This way I always have a close copy on another drive. I use 2 if the document is short. 3 if it is longer and more tedius.

USB drives are not dependable - they just die on you, or you jump in the shower and forget one is around your neck. Word crashes, and flat sucks but is kindy enough to make up for it. It pays to have a backup. Also, one has to think about the possibility of power outtage. IF a file is in the middle of a save when the power goes out, it can be corrupted. It pays to have a backup.

After each session of working on the documents, the files are reencypted, again with a key only known to me.

When I am working on a document, I keep the firewall pretty locked down. I generally don't surf and work unless I need to look up something. When it is ready to be sent back - its sent encrypted. After that I delete all my copies.

Working in this manner covers my butt insofar as at least I have made an effort.

Its not perfect- keyloggers, programs like VNC or Remote viewing trojans, MIM, and forensics tools could recover documents from any machine that had been used for working on them.

I use abi-coder to encrypt my files locally. It offers good encyrption. Abi-coder is free, its not solid, but its good for encrypting single files. I have discovered that it does seem to have some timing problems. Its important to use a very strong key with it.

Whisker is a great utility to generate really random strong keys. I always keep a copy of it on my usb drives. You can find it online.

Winzip is also good if you want to send a document without using a public key encryption scheme. It offers AES and a few other choices. I generally use AES, but I like blowfish as well, depending on the key length. Make sure if using winzip for encryption (more than compression,)that you change the titles of your files. You could also change the extentions if need be.

If you want to store documents online, a paid hushmail account is one solution, or really if they are well encypted, one can rename them and stick them almost anywhere. I would not rely on hushmail's encryption. Be aware that if you save a document file as a .jpg, or .psd files, a scanning of the server using strings to look at the headers will show a conspicuous absence the typical picture ( or other file) headings.

Of course, just how far you go to protect something depends on just how sensitive it is and the ramifications of its publication or sale.

Bill Maher is on...I have to go...he has Bob Barr on there tonight. Bob is a conservative, but I like his stance on civil liberties. He does listen to people, and he does think. (He's maybe on of tne of the few conservatives that do.)