An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#43800 - 02/28/17 08:26 AM DropBox & Security Concern
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
I am a longtime DropBox user and have generally been quite pleased with it. I have never worried about my data on their servers as I encrypt it before uploading.

But in the past few months, DropBox has adapted a policy/procedure that automatically installs their updates without my permission, let alone my Admin PW. And, as just affirmed by DB, there is no way to disable that feature.

Being somewhere between paranoid and prudent, I fear the consequences if some miscreant hacks DB and then has his/her way with my machine as they could then download and install virtually anything. I presume that is true, but is it? confused

Until I determine my options, I have quit DB and ensured LittleSnitch has blocked all outbound communications with them.

Thus to the question: Have the great & mighty sages here ‘bouts have a suggestion or two that addresses my concern?

Suggested alternatives to DropBox most welcome.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#43804 - 02/28/17 09:24 AM Re: DropBox & Security Concern [Re: Pendragon]
Ira L Offline


Registered: 08/13/09
Loc: California
When I read your post I did a web search to see what other people had to say about the auto-update behavior of Dropbox. It seems that you either accept it or move on.

But there was discussion that the DB config.db file is encrypted and physical contact with the computer would be required before malicious actions could take place. Comments were also made that while other software may allow manual updates, the broad spectrum of encryption may not be comparable to Dropbox, so check out the competition carefully. Regardless, it is not a perfect world.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#43808 - 02/28/17 10:31 AM Re: DropBox & Security Concern [Re: Ira L]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Many thanks, Ira.

I was unaware that the config.db file is encrypted, and that ameliorates things some, though indeed I am still a tad (a quite large tad) antsy, though not so much that I have deleted my DB account.

Alas, I fear it will take a few weeks of homework, re the various cloud options, before making my next move. I'm just looking for a cloud to store ~10 GB of medium encrypted data. Of course, having an iPhone component/app is a plus.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#43819 - 03/02/17 04:07 AM Re: DropBox & Security Concern [Re: Pendragon]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
I have solved my Dropbox problem, at least temporarily, by encrypting my sensitive data and then putting it on a thumb/flash drive. For casual/everyday data, I'm using Google Drive.

Still, I remain confused, e.g., I thought one's Admin PW was always required when installing or modifying files. That Apple allows DB (or anyone else) to do that is indeed a surprise. Or, did I allow that via a User Agreement that I did not throughly read, or is my Apple premise incorrect?

Curious and curiouser... confused
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#43823 - 03/03/17 05:26 AM Re: DropBox & Security Concern [Re: Pendragon]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: Pendragon
But in the past few months, DropBox has adapted a policy/procedure that automatically installs their updates without my permission, let alone my Admin PW. And, as just affirmed by DB, there is no way to disable that feature.

You'd better get used to seeing that "feature". Microsoft kinda spearheaded it awhile ago with Windows updates, and everyone is following suit. Their problem was that too many of their users didn't run updates, and that was creating a target. Look at WordPress and their menagerie of plugins causing hacks of tens of thousands of web servers every month it seems.

Companies aren't employing this change for you, this is for them. These vulnerable products are causing huge bad press for them, and this is the only practical way to fight back.

But it's a double-edged sword. There was a "malwarebytes incident" years ago where they pushed out an automatic definition update one evening that quarantined multiple critical windows system files, rendering THOUSANDS of computers on this campus alone in an unbeatable and unrecoverable state. Maybe 80% of the machines on campus were affected. Took weeks of intense work by the entire IT staff, carting up stacks of machines to be reimaged on a continuous basis until all of them were fixed. (it even took down the servers) This was caused by malwarebytes having a very poor vetting process for their updates before pushing them out. (and NO beta testing) Of course it was fixed on THEIR end in a few hours, but the damage was done, the machines were in an unbootable state. They lost their campus license with us, and will not be back.
_________________________
I work for the Department of Redundancy Department

Top
#43830 - 03/03/17 02:16 PM Re: DropBox & Security Concern [Re: Virtual1]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Many thanks, V1. I did learn a bunch (even if it hurt). Your comments about MalwareBytes indeed gave me pause. I wonder if they have cleaned up their act. That they could push out updates without so much as a Beta has me at a loss for words.

Just curious, do you know if the "incident" spread its filth to connected, but partitioned volumes, external drives, etc.? I ask because having an infection is bad, not having a recovery partition or backup volume is catistrophic.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#43988 - 03/15/17 12:42 PM Re: DropBox & Security Concern [Re: Pendragon]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: Pendragon
Just curious, do you know if the "incident" spread its filth to connected, but partitioned volumes, external drives, etc.? I ask because having an infection is bad, not having a recovery partition or backup volume is catistrophic.

Some malware seeks out other partitions, recovery partitions, and even files on network shares that are either public OR that any user on the machine happens to have saved credentials on. Nothing that trusts that machine is safe, be it local hardware or remote peers/servers.
_________________________
I work for the Department of Redundancy Department

Top
#43989 - 03/15/17 01:12 PM Re: DropBox & Security Concern [Re: Virtual1]
MG2009 Offline


Registered: 08/05/09
RE: " . . . DropBox has adapted a policy/procedure that automatically installs their updates without my permission."

------------------------------

Without paranoia, I resigned myself to the fact that anything on my computer can be viewed or manipulated at any time I am connected to the internet. Databases are increasingly being networked with one another and I am taking the position that the security we would like to have is not likely there. The barrage of unsolicited e-mails would be just one case in point.

I presume any e-mails and forum comments I make can be read by anyone/anytime/anywhere on the planet. Also, I do not store on my computer anything that I would not want someone else to see. My confidential and private documents are stored on an external drive not connected to the internet. I disconnect from the internet when I wish to view these items before connecting the EXHD to the computer.

I have not knowingly signed up for iCloud or Dropbox or any other kind of cyberspace storage (that I am aware of) . . . but who knows what may be happening of which I am not aware. I do not do online banking, although I have made online purchases using a credit card. I presume someone somewhere could tap into that info without my knowledge, but (so far) there has been no problem as far as I can tell. (14 years ago, there once were charges that I had not authorized, but I cannot say for sure if that was through access to computer records or manually copied from a paper receipt from a cash register.)

This approach works for me; I sleep well at nights. (For those times when I have a restless night, the computer is never the cause.)

Top
#43990 - 03/15/17 02:03 PM Re: DropBox & Security Concern [Re: MG2009]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: MG2009
Without paranoia, I resigned myself to the fact that anything on my computer can be viewed or manipulated at any time I am connected to the internet. Databases are increasingly being networked with one another and I am taking the position that the security we would like to have is not likely there. The barrage of unsolicited e-mails would be just one case in point.

Have you considered FileVault for both your internal and external drives? If not, I am curious why not? I keep bettering on the edge of using it, but so far I haven't taken the plunge.
_________________________
joemikeb • moderator

Top
#43991 - 03/15/17 04:26 PM Re: DropBox & Security Concern [Re: joemikeb]
artie505 Online


Registered: 08/04/09
Originally Posted By: joemikeb
Have you considered FileVault for both your internal and external drives? If not, I am curious why not? I keep bettering on the edge of using it, but so far I haven't taken the plunge.

My position is similar to MG2009's, except that while I have got critical data on my SSD, it's protected by either a 15 or 25 character password, so I consider it to be safe under virtually all circumstances, and in the rare moments that I think about FileVault I decide that it wouldn't significantly improve my position.

"To FileVault or not to FileVault" really depends on your data, its vulnerability, and your paranoia.

More: I've read on numerous occasions that if you're going to encrypt an SSD you should do it the instant you first use it, so if you were to take the plunge now, wouldn't much of what's on your Mac still be at risk?

I occasionally wonder what will happen if I ever sell my deuced Mac(hina), but as far as I can tell, even a buyer with technical competence won't be able to get to any critical data.

SSDs have very significantly changed the used Mac landscape, but I haven't seen any prominently placed, substantive guidance respecting their down-the-road implications addressed to purchasers of new machines
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#43996 - 03/16/17 07:04 AM Re: DropBox & Security Concern [Re: artie505]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: artie505
I occasionally wonder what will happen if I ever sell my deuced Mac(hina), but as far as I can tell, even a buyer with technical competence won't be able to get to any critical data.

SSDs have very significantly changed the used Mac landscape, but I haven't seen any prominently placed, substantive guidance respecting their down-the-road implications addressed to purchasers of new machines
I don't know if this answers your concerns or not, but with magnetic media there is a ghost or residual magnetic impression that remains through several overwrites that can be read with the proper equipment and sufficient determination. Thus the three and 7 pass secure erase options. There is no residual image with solid state media. So multipass erasing is not only deleterious to SSDs, it is a pointless exercise.

APFS does not store files in adjacent data sectors thus enormously complicating any recovery effort and rumors are the data will be encrypted by default. Additionally APFS offers encryption at multiple levels and even encryption within encryption. All of that is not fully implimented in iOS 10.3, but it is definitely coming to iOS and MacOS.
_________________________
joemikeb • moderator

Top
#44032 - 03/17/17 10:34 PM Re: DropBox & Security Concern [Re: joemikeb]
artie505 Online


Registered: 08/04/09
You didn't address the issue of data that was stored on an SSD prior to its user's enabling FileVault or, as the case may be, upgrading to a version of macOS that supports APFS.

As I understand it, that pre-existing data remains on the SSD, in the clear, for a knowledgeable user to take advantage of.

Granted that it's apparently a task that very few users have the tools and skill-set to undertake, but the liability exists all the same, and there doesn't seem to be any way around it at the moment other than to encrypt from day one, so for those of us who haven't, the idea of passing on a (wiped-) clean Mac is apparently a thing of the past.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#44065 - 03/20/17 10:04 AM Re: DropBox & Security Concern [Re: Pendragon]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
The "wear leveling" behavior of an SSD sits at a layer between the OS and the media, and can indeed make securely erasing your information difficult. Every time you save a file with different data in it, you can expect the entire file to be stored somewhere else on the SSD. (even though the disk map will insist the file is using the same blocks by their index... the blocks themselves have moved) This is different than a HDD that will normally continue to use the same blocks as long as there are enough of them. (allocating more elsewhere on the drive if the file had grown)

This behavior occurs at a level below that which the operating system is aware, and requires expensive software to get into. There's no telling which blocks the drive was using previously, and in many cases it doesn't matter. The wear leveling has "trimmed" those blocks so they will always return all zeros if you attempt to read them, and their internal index has changed such that they won't get selected again anytime soon. There's usually no history kept of how the blocks are getting shuffled around, other than the order in which they are to be reused, so it would be unlikely to find anything coherent in the free space on an SSD that's been used even a short while. But if all you're interested in are some short pattern matches like SSNs, that's easy to pick out of a pile of random blocks because context isn't too important.

And if you choose to securely erase your drive, it doesn't necessarily get better. Normally when a disk utility erases an SSD, it will call TRIM on the full block range on the drive. This causes the drive to return zeros for all of those blocks, without actually erasing any of them. To you it will look empty, but not to forensics software.
_________________________
I work for the Department of Redundancy Department

Top
#44076 - 03/20/17 06:31 PM Re: DropBox & Security Concern [Re: Virtual1]
artie505 Online


Registered: 08/04/09
Aren't
Quote:
Every time you save a file with different data in it, you can expect the entire file to be stored somewhere else on the SSD.
and
Quote:
...it would be unlikely to find anything coherent in the free space on an SSD that's been used even a short while.
contradictory?

Specifically, if entire files are stored in adjacent blocks (Or is that a bad assumption?), which after being freed up by a newer version of their contents having been stored elsewhere sit idly until their turn to be used again comes up, doesn't the free space on a SSD contain a lot of coherent information?

More: Won't APFS compensate for that, though, by scattering the components of files all over an SSD?


Edited by artie505 (03/20/17 09:39 PM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#44103 - 03/22/17 09:31 PM Re: DropBox & Security Concern [Re: artie505]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
SSDs are strange beasts.

There are a couple of weird things going on with an SSD that are completely non-intuitive and unlike any other form of storage, that really make things muddy when it comes to secure erasing and recovery of erased information.

First, SSDs are bizarre in that writing to them is a long, cumbersome process. You can only write information to an SSD if you first actually erase (set to zero) all the blocks you're writing. Unlike with a hard drive, writing to an SSD means locating the blocks where you want to write information, then writing zeros into all those blocks, then writing the information you intend to record.

And that's not the half of it.

You can only erase those blocks in large pages. If you want to write just one bit, you have to erase the entire page it's stored in, then rewrite the whole page--all the information that used to be in it, plus the one new bit you're storing.

So that means writing means: Locating the blocks where you want to do the write, reading the entire page (all the information stored anywhere near those blocks), erasing the entire page, then re-writing the entire page.

What TRIM does is it tells the drive "No need to read and save the stuff in this particular page." If you delete a file, the drive doesn't know it's deleted, so when it writes information, it reads the page that was already there (the file that has been deleted), then erases the page, then writes the file that was deleted along with the new information you're saving.

If you delete a file and then send a TRIM command, the drive knows the file is deleted. So when you write new information, it just erases the page and writes the new information. It doesn't read the page, then erase the page, then write the old stuff that was in the page plus the new information.

That matters because if you TRIM the whole drive, then write random information to it, the SSD erases the whole drive and writes the random information. That wipes out everything, no getting it back. There's no need to do multipass writes.

The other thing that makes is weird is that unlike hard drives, SSDs store information scattered all across the surface of the drive. All files are fragmented and may continue to be fragmented however they are written. The computer has no idea where, physically, the information is on the drive; only the drive knows that.

This is done deliberately. An SSD can only be written to a certain number of times. Each time you write a cell, you damage that cell. After a certain number of writes, that cell is destroyed.

So the SSD does "wear leveling." That is, it scatters information across the cells to prevent you from repeatedly writing the same cell again and again.

Say you have a 256-GB SSD that has 10 GB of data on it. If you keep rewriting that 10 GB over and over, the first 10 GB of cells will wear out, but the rest of the drive is untouched.

You don't want that. So as you write that same 10 GB over and over, the SSD keeps a map of how many times the cells have been written, and it moves information all over the surface of the drive. If you delete a file and re-save it and delete it and re-save it on a normal hard drive, it writes to the same spot on the drive again and again. On an SSD, it is constantly moved, so that all the cells wear evenly.

When you combine those two things--you have to erase a whole page at a time to write information, and the drive is constantly changing the cells the files are stored in--it makes recovering information from an SSD a nightmare.

Yes, it can (in theory) be done, as long as the pages haven't been erased (as far as I know, once a page is erased, that's it--there's nothing that can recover it, because unlike a magnetic drive, it doesn't leave behind a magnetic "trace"), but the fact that the SSD constantly scatters contents all over the cells in a way that looks random to anything but the SSD's controller really complicates things.

Of course, if it's a concern, OS X now includes built-in full drive encryption, and it's lightning fast. If you turn it on, it rewrites every file with an encrypted version. And TRIm means the pages that the old, plaintext files were stored on are wiped without being rewritten as the new encrypted files are written, so that makes life difficult even for a nation-state actor.

One of the things we learned from the big Wikileaks CIA dump is even nation-state actors like the CIA and FBI are stymied by Apple hardware if they can't plant malicious software on the computer while it's running.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#44115 - 03/23/17 09:19 PM Re: DropBox & Security Concern [Re: tacit]
artie505 Online


Registered: 08/04/09
Thanks for the SSD tutorial; I think it goes a long way, if not all the way, towards answering my questions, but I'm still digesting it...and likely will be for a bit. smile laugh
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#44116 - 03/24/17 05:28 AM Re: DropBox & Security Concern [Re: tacit]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
This will be mainly for Tacit's benefit, but others may find it either interesting or confusing.

An SSD leaves behind an "afterimage" just the same as a hard drive. But it's a bit trickier to get at. HDD storage and IO hardware are distinct, and you can pull the platters and put them into a different apparatus that has improved heads and purpose-built firmware that is designed to detect this afterimage. (lets consider single cell storage, not in use anymore really but the idea works the same) When you write to a cell, it sets its value. Not as you might expect, it's not a 0 or a 1. It's more of a "from 0 to 999" sort of thing, it's not really completely digital, it's actually still analog. If all the cells started out with no field (degaussed) then you might expect writing a "0" to produce a 0 in the range. It's more of a statistic though, maybe producing between 3 and 25, with say 14-18 being the most likely. Still, when read back, the head will detect close to the value written. Say if you actually wrote a 15, the head may read anywhere from a 13 to a 17, but since that's far below the halfway point of 500, it will call it a zero. Note that this isn't necessarily linear, the even distribution of a "0" may be 0-200, and a 1 to be 201-999, or vice, versa. So much of this really depends on the hardware. And if conditions aren't optimal, it may read back a 75, which it will still consider to be a "0". But in any case you can see it's not really digital at the hardware level. It's just analyzed by the low hardware and "simplified" into a digital format for the computer to use. Under ordinary conditions the computer totally doesn't care what's on the drive, it just wants the bit that's being represented.

When you erase a disk, say to all zeros, you attempt to set the values to all 0, but as described above, that doesn't actually happen. You move the values closer to 0, but you have to fight the current state, which may be a "1" (represented in say the 900-999 range) Those values will not change as easily, and instead of getting a result of 3-25 as above, a cell with a pre-existing "1" (900-999) may only achieve a 40-70 when the head tries to push it down to 0. Cells with a pre-existing "0" (3-25) will be much more willing to move, and you'll get maybe 1-15 as a result. These will all be returned as "0" when read back into the computer, but careful examination of the actual analog readings at the head level will reveal the previous state of the cell. Writing a "0" again to the same cell may cause the cell to move down further to an analog value of between 0-7 or 15-30, and you can see this is rapidly stating to approach the error rate of the read head with only two passes. THIS is why multi-pass writing with random values is important. Each write pass stirs the soup a bit more and makes it exponentially more difficult to figure out, and any useful hint quickly drops out of sight into the noise, becoming statistically impossible to determine regardless of what resources you have available.

Now apply this same idea to SSD storage. Instead of storing a magnetic field, it stores an electrical charge. Cells behave sort of like little capacitors if you're familiar with electronics. Instead of reading gauss in a range of 0-999, they read charge (voltage) that can also for example be mapped to 0-999. Then everything above basically applies identically. The difference comes when you take the platter out and chuck it up into a diagnostic assembly with special read heads and firmware. The SSD's io and storage hardware is one in the same, and can't so easily be separated because it's all on the same chip. The simplest thing to do is replace the firmware. If they have deep pockets they can decap the chip, cut the communications traces between the onboard controller and storage bus, and connect in an external controller. (or they may be able to re-flash the firmware, or jack into the firmware storage the same way as they might get into the storage/control lines) Either way, they get alternate control over the read hardware. They will be limited by the capabilities of the hardware though, and so probably won't be able to get as high of a precision of analog value on their reads as they might from a diagnostic head. (a HDD diagnostic head is much better, where instead of reading a 15 as somewhere between 13-17, they might be able to read between 145-155, in a range of 0-9,999 - a MUCH higher resolution AND precision)

So, recovery from an SSD is going to be less reliable because you are forced to use hardware that wasn't made for the purpose. And unless you have a handy way to flash the firmware on the controller, there's going to be quite an increase in cost and time. But it's still quite doable. The whole moral of the story is "make it not worth their effort", both in terms of your habits of data security and of course in terms of your behavior that makes them want to take your drive to a lab! (this is also the same theory that applies to encryption) Also due to the hardware not being designed for analog recovery, it may be extremely slow, requiring 10x more time per unit of data to try to recover than via read heads, which users may find counter-intuitive when comparing SSD and HDD performance.

There are some additional issues with SSDs, specifically drives that are much more likely to "look empty" when they still contain a lot of your data in very easy to read format. The other issue as Tacit pointed out above is the need to erase in pages. I'd add a little detail to that by noting that you can't erase to a 1. Erases set all 1's back to 0. You can set 0's to 1 all day long without wearing out the cell. It's the reset back to all 0's that physically wears out the cell. Erasing an entire page back to 0's is the only way to set any cell in the page back to 0, that's why you need to do it. But except in special-built systems, this is difficult to take advantage of. I've actually written a controller for data logging to EEPROM that does this, to allow continuous datalogging without continuous wear. But it will always be less efficient in terms of storage capacity.

A good analogy of flash cells describes a book of blank pages. You can only write in pen. You can write as much as you like, but once you have written something on a page, you can't just erase or change a word. All you can do is carefully dip the entire page in bleach - a slow, slightly destructive process. Then the page can be used again, but you've lost everything on the page. So changing a single word on the page involves making a copy of the entire page, bleaching it, and writing back down everything from your backup, with the change applied. (whereas a HDD you write in soft pencil, and have an eraser at your disposal that can erase one line at a time) You can also see that it's MUCH faster to read a page than to erase and change what's written on it. Depending on the durability of the paper, you can do this some fixed number of times before you start wearing holes in the paper or tearing it, at which point you have to stop using that page. A page like the table of contents, where changes are expected frequently, will quickly wear out unless you change which page you are using for the table of contents periodically. (this is "wear-leveling") After too many pages are damaged beyond reuse, the book is rendered worthless and needs to be replaced.
_________________________
I work for the Department of Redundancy Department

Top
#44117 - 03/24/17 06:20 AM Re: DropBox & Security Concern [Re: Virtual1]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
I have been on DoD projects where securely erasing rotating rust drives required the use of an industrial grinder reducing the media to dust. I bet that would work with SSDs and would be 100% reliable.
_________________________
joemikeb • moderator

Top
#44119 - 03/24/17 07:31 AM Re: DropBox & Security Concern [Re: joemikeb]
MacManiac Online
Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
Tactical thermonuclear erasing device?
confused crazy shocked
_________________________
Freedom is never free....thank a Service member today.

Top
#44121 - 03/24/17 07:59 AM Re: DropBox & Security Concern [Re: MacManiac]
artie505 Online


Registered: 08/04/09
I've never opened up a SSD to look at what's inside, but judging from its weight relative to that of a HDD, you could probably satisfactorily destroy one in a Cuisinart.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#44128 - 03/26/17 11:35 PM Re: DropBox & Security Concern [Re: Virtual1]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
My understanding (which may be mistaken) is that modern MLC and TLC SSD cells for all intents and purposes are binary; while they may have some small analog charge-holding ability, the controller compensates for this, and you can't separate the chips from the controller and try to read them in an analog fashion (because the block map is held by the controller, so once the chips are parted from the controller their contents might as well be random).

And some SSDs have a function called "DZAT," or "Deterministic Zeroes After TRIM"--basically, the controller always returns 0 for any page that's been cleared by TRIM and not rewritten. It doesn't even attempt to read the cells, so even if a ghost or residue of the old data are still in the pages, it doesn't matter. (The opposite, DRAT or Deterministic Read After TRIM, will have the controller attempt to read TRIMmed pages anyway, so if they haven't been physically reset by the controller's garbage collect you may still get some remnant of the old data.)

And, of course, zeroing the page resets that ghost anyway, so once the garbage collector has been by, again my understanding is even forensic software can't recover anything useful.

Of course, this assumes TRIM is implemented properly. Some SandForce SSD controllers are known for buggy TRIM, and these drives may indeed leave traces of information on "unused" blocks because the garbage collect doesn't properly sanitize TRIMmed pages.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#44130 - 03/27/17 08:08 AM Re: DropBox & Security Concern [Re: tacit]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: tacit
My understanding (which may be mistaken) is that modern MLC and TLC SSD cells for all intents and purposes are binary; while they may have some small analog charge-holding ability, the controller compensates for this, and you can't separate the chips from the controller and try to read them in an analog fashion (because the block map is held by the controller, so once the chips are parted from the controller their contents might as well be random).

Correct on all counts. The "afterimage" is very faint, relative to the current image, it's a bit like a very light watermark. Getting your claws in between the storage and the front-line hardware that converts analog to digital is tricky indeed. Unlike with a hard drive where you unsolder a ribbon cable and swap in a new onboard controller card.

Originally Posted By: tacit
And some SSDs have a function called "DZAT," or "Deterministic Zeroes After TRIM"--basically, the controller always returns 0 for any page that's been cleared by TRIM and not rewritten. It doesn't even attempt to read the cells, so even if a ghost or residue of the old data are still in the pages, it doesn't matter. (The opposite, DRAT or Deterministic Read After TRIM, will have the controller attempt to read TRIMmed pages anyway, so if they haven't been physically reset by the controller's garbage collect you may still get some remnant of the old data.)

That one's irrelevant when you're accessing the memory modules directly, they can be thrown into debug mode and always hand you the current contents of the cell, and you can specify THE block to read, not "the block that's currently acting as this block"

Originally Posted By: tacit
And, of course, zeroing the page resets that ghost anyway, so once the garbage collector has been by, again my understanding is even forensic software can't recover anything useful.

That's the problem of getting "the block". The mapping gets complex very quickly through the course of use. Just another level of indirection to contend with.


It looks more like a good way to get yourself a lot of work on your plate than to actually get any useful information out if it. Does nicely to follow the rule of "yes they can DO it, but yes you can also make it so difficult it's not worth their while to try unless they REALLY want you bad". (at least not on a dragnet scale)

I think that's what really has them angsty over encryption. It's not stopping them from investigating individuals, but it's definitely making it difficult to dragnet the public.
_________________________
I work for the Department of Redundancy Department

Top
#44294 - 04/10/17 12:24 AM Re: DropBox & Security Concern [Re: tacit]
artie505 Online


Registered: 08/04/09
I just reread your SSD tutorial, it was much more easily digestible the second time around, and I'm now satisfied that I'm safe enough with my drive unencrypted to leave it that way.

Thanks, again.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#44295 - 04/10/17 12:35 AM Re: DropBox & Security Concern [Re: Virtual1]
artie505 Online


Registered: 08/04/09
Thanks for your input on this fascinating subject; although it's less digestible than tacit's, it augments it nicely.

By George, I think I've got it!
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top

Moderator:  alternaut, dianne, dkmarsh