01-13-2011, 04:15 PM
| | Re: TrueCrypt hack?
On Thu, 13 Jan 2011 11:48:35 -0500, casperian wrote:
> On 13 Jan 2011 12:18:29 -0000, Happy New Year wrote:
>> On 12 Jan 2011 23:08:11 -0000, Rooster <email@example.com> wrote:
>>>has anyone here taken a look at this website:
>>>"Passware Inc., a provider of password recovery, decryption, and
>>>evidence discovery software for computer forensics, announced that
>>>the latest version of its flagship product, Passware Kit Forensic,
>>>has become the first commercially available software to break
>>>TrueCrypt hard drive encryption without applying a time-consuming
>>>brute-force attack. It was also the first product to decrypt
>> October 23, 2009
>> "Evil Maid" Attacks on Encrypted Hard Drives
>> Earlier this month, Joanna Rutkowska implemented the "evil maid" attack
>> against TrueCrypt. The same kind of attack should work against any
>> whole-disk encryption, including PGP Disk and BitLocker. Basically, the
>> attack works like this:
>> Step 1: Attacker gains access to your shut-down computer and boots it from
>> a separate volume. The attacker writes a hacked bootloader onto your
>> system, then shuts it down.
>> Step 2: You boot your computer using the attacker's hacked bootloader,
>> entering your encryption key. Once the disk is unlocked, the hacked
>> bootloader does its mischief. It might install malware to capture the key
>> and send it over the Internet somewhere, or store it in some location on
>> the disk to be retrieved later, or whatever.
>> You can see why it's called the "evil maid" attack; a likely scenario is
>> that you leave your encrypted computer in your hotel room when you go out
>> to dinner, and the maid sneaks in and installs the hacked bootloader. The
>> same maid could even sneak back the next night and erase any traces of her
>> This attack exploits the same basic vulnerability as the "Cold Boot" attack
>> from last year, and the "Stoned Boot" attack from earlier this year, and
>> there's no real defense to this sort of thing. As soon as you give up
>> physical control of your computer, all bets are off.
>> Similar hardware-based attacks were among the main reasons why
>> Symantecís CTO Mark Bregman was recently advised by "three-letter agencies
>> in the US Government" to use separate laptop and mobile device when
>> traveling to China, citing potential hardware-based compromise.
>> PGP sums it up in their blog.
>> No security product on the market today can protect you if the
>> underlying computer has been compromised by malware with root level
>> administrative privileges. That said, there exists well-understood common
>> sense defenses against "Cold Boot," "Stoned Boot" "Evil Maid," and many
>> other attacks yet to be named and publicized.
> Would Tor help stop this?
NO...Tor would mean you are online and your ram is alive...
Evildoers can then get your keys...
Tech, computer repair specialist (on the side), part time Tech
Pro poster to Wilders Security...home base...On usenet to help noobs