- In general law enforcement can't just take your laptop and search it, your rights are protected by the fourth amendment
- If law enforcement does want to search your laptop they need a warrant or you need to fall in a exception category such as: you have a public share on your computer, you're sharing via P2P, you've given consent, there's immediate danger that you might destroy the info, etc.
- You can revoke consent at any time (i.e. if you first let law enforcement look at your laptop, you can change your mind)
- If there are multiple users of a computer, any one of them could give consent, though courts have recognized that this consent only goes so far as the authorizing user has access (though the forensic tools they use make no such distinctions... Beware!)
- All searches that occur at a border are considered reasonable. No suspicion is needed for any searches to occur, nor is a warrant needed (in other words: your rights go out the window!)
- You cannot be forced to give over your encryption keys, courts have found that this is a fifth amendment right, and the gov't hasn't appealed this decision
- Remote Computing Services, e.g. online backup or file sharing (like the very useful Dropbox). It is very easy for the gov't to get this data. They just need a subpoena, sometimes not even. Probably cause isn't required, since searching these cloud-based files often is how the gov't shows probable cause. They're not required to notify you within a reasonable time frame
- Electronic Communication Services, e.g. online mail services like gmail. Your data is only protected for the first 180 days. After that the gov't doesn't need a warrant to get access to this info. However the gov't doesn't think this law applies to emails you've read, drafted, and sent. This is being appealed and the DoJ is fighting it. The EFF, ISPs, and others are trying to get a better law passed, maybe next year (the sooner the better!)
- The EFF's advice: POP your mail, don't leave it in the cloud, and avoid online backups if possible
A is for anthrax, deadly and white.B is for burglars who break in at night.C is for cars that have minds of their ownand accelerate suddenly in a school zone.D is for dynamite lit with a fuse.E is for everything we have to lose.F is for foreigners, different and strange.G is for gangs and the crimes they arrange.H is for hand lotion, more than three ounces;let’s pray some brave agent soon sees it and pounces....
About three years ago I wrote a vulnerability scanner for the Palm OS named AUSTIN. It was just a fun side project and after presenting it at Defcon 11, I forgot all about it.
But recently a few people started asking me for the code. Turns out that the Defcon 11 site has my slides, the audio of my presentation, and even the video! But no code, even though I gave it to the organizers. [I wish defcon didn't use Real media formats, they're so annoying to convert. To do so, grab the RTSP stream with a downloader like Offline Explorer Pro and use SUPER to convert it (See my post on video conversion).]
So without further ado, for anyone interested, here is the code to AUSTIN - a PalmOS Vulnerability Scanner.
If you end up finding it useful, please post a comment below and tell me what you're doing with it...