Laptop Backup via Rsync + iPod

My previous post talked about using rsync to backup securely to another computer over the Internet. What if you want a local spare backup or do not have Internet?

Here is what I did on my mac powerbook.

Set your iPod so you can use it as a removable drive. iPod has to be set to “Enable Disc Use”.

Create an Encrypted Sparse Disc Image on the iPod. You can just follow the directions over on

hdiutil create -size 5g -encryption -type SPARSE -fs HFS+ Backup

That creates an encrypted sparse image file named Backup that maxes out at 5GB. We open the image once, and rename the Drive name label to EncryptBackup. That will be what shows if we look at the mounted volumes.

Now all you have to do is use a nice rsync command to backup your documents into the mounted encrypted Spare Image.

rsync -avg –exclude “Documents/browseback/” ~/Documents /Volumes/EncryptBackup

That will sync our Documents folder over into the Encrypted Backup image file on the iPod just as if it were its own drive. Note the –exclude option. I have a program called BrowseBack for the Mac. It caches copies of everything I browse there so I can find previous content again via web, send to pdf, email etc. But I don’t want to backup all that cached data.


Modified the script I have on my iPod to mount, backup then dismount the image.

hdiutil attach /Volumes/iPod/Backup/Backup.sparseimage
rsync -avg –exclude “Documents/browseback/” ~/Documents /Volumes/EncryptBackup
hdiutil detach /Volumes/EncryptBackup

Then an Automator saved as an application onto the iPod and its an easy double click. If you save your image’s password in your keychain you won’t have to enter that either.


Begging to be a presentation at Black Hat.

The other day a public relation email was sent to the Certified Computer Examiner mail list. This email talked about a new secure USB flash drive. That is pretty brave to send such an announcement to forensics professionals. The drive is called the Flash Padlock from Corsair.

I will start with disclosing I have not seen this device in person. My opinions here are strictly based on the vendor documentation from their own web site materials. I did email back to the sender of the announcement that I wouldn’t mind reviewing the drive for the In the Trenches Podcast. Days later and I have yet to receive a reply. But I was still curious. I started reading the materials on the Corsair web site.

The device looks to be very interesting. It is using a combination lock with indicator leds showing the status of the drive. Since the combination is physically entered it is compatible with any computer (Windows, Mac etc) that can recognize flash drives. Corsair provides an online site where you can register the pin you set for your drive. Handy if you forget it. Any computer will let you look it up from their systems. The pin can be up to ten digits in length. No software component is required. This all makes it pretty much impossible to brute force the drive. At least until some enterprising hacker figures out a way to wire up the entry mechanism to a custom interface on a laptop. Another interesting feature is that it locks when the drive is removed from the computer automatically. This is a nice design idea. Makes it less likely anyone will get into the contained data.

They have an interesting PDF White Paper. I see a couple of interesting things in this paper.

  • Page 4 – “A PIN…is not stored anywhere that is accessible from the computer.” Makes you wonder where the pin is stored. Is it hashed, plain text etc? Could someone pull it straight from the flash chips?
  • Page 4 – Read the part about Two Factor Authentication. They claim it is two factor because you have to have the Flash Padlock and know the PIN. I find this debatable. This is like saying a bank vault is using two factor authentication. You have to have possession of the safe and know the combination. To me it is only two factor authentication if the two factors actually authenticate the proper user. Possessing the lock does not mean the lock requires two items of proof of valid access. In my opinion and this is my personal opinion only, this consists of one factor of authentication. So at this point I am starting to get skeptical on this device being the wonder affordable security flash drive.
  • I found no reference of encryption in the white paper at all relating to the Padlock. In fact unless I am blind I find only encryption references in the comparison to other device protection types. So I began to wonder if this PIN is only protecting read access. If some clever security researcher could read the data straight from the flash memory and present it at Black Hat. At the bottom of page 4 there is a reference that the DataLock(tm) technology has been licensed from a company called ClevX. They even nicely provide a link to

Finally, I find the last thing that makes me nervous about this device. I needed only look at ClevX’s page on Datalock. Do you see the words that make every security professional cringe? “Proprietary on-board encryption…” At least the data does not sound like it is in plain text.

So seems to me this device would make some skilled security researcher a wonderful paper for Black Hat. I would still love to play with one of these devices and compare it from a usability frame of reference to the Kingston DataTraveller Elite that comes fully encrypted using non-proprietary 256-bit hardware-based AES encryption.


Storage Sanitization – Starting Place

I put together some guidelines for our IT groups at work. Here is the central part of what I wrote. Keep in mind we just do manufacturing and distribution and currently have minimal processes in place. So I wanted something to start with to get everyone heading the same direction. Of course if we ever need major efforts rather than just a process to cover occasional wiping we can just send our stuff over to Data Killers.

Recommended Sanitization Tools

  1. Software Wiping Tools

Choose a wiping solution and develop a local process document.

2. Drive Carriers

Obtain USB drive carriers to house hard drives for wiping.

Process of Sanitization

All storage media to be disposed of, given to a non-Company entity or returned to a vendor after use within the Company must be securely wiped. The number of overwrites is dependent on the user/function of the storage device.

  • One Pass Overwrite Required: Any storage used for regular production department use, floor workstations etc.
  • Three Pass Overwrite Required: Any storage that has handled employee personal, financial or medical information. HR, Payroll and Finance would be examples.
  • Three Pass Overwrite Required: Any storage belonging to security, information technology, senior management.
  • Three Pass Overwrite Required: Any storage contained within a digital copier/fax machine.

At minimum one PC station in each IT department should be designated as a wiping station.

In the case of media that is unreadable in full or part. One attempt to format and wipe the media with the tools must be made. If the storage met the requirements for a three pass overwrite the media must be physically destroyed this is because an overwrite on media with a physical error may not be 100% complete.

Example: PGP Free Space Overwrite

A laptop being used by HR to be reassigned to another user.
1. Perform a factory reset of the laptop storage.
2. Load any desired software. These first two steps overwrite a large portion of the storage drive.
3. Remove the storage drive from the laptop
4. Place the drive in a USB carrier
5. Attach to a PC with PGP installed
6. Perform a free space wipe of the drive
7. Replace sanitized drive into the laptop and re-issue