Attacking Full Disk Encryption
- From: André Gasser <andre.gasser@xxxxxx>
- Date: Sun, 13 Nov 2011 18:02:58 +0100
Hello all,
I received a notebook for doing some black box testing on it (no login
credentials available). All I know is:
- It runs WinMagic SecureDoc Full Disk Encryption
(latest version I guess, could not find out until now).
- It does pre-boot authentication using username and password
- It has open port listeners on TCP/111 and TCP/684, both rpcbind.
I would like to investigate, in what ways such a system could be
attacked or to what risks such a system is exposed.
Regarding the open ports I did not find anything useful, except the
possibility to do potential DoS attacks. I am not used to RPC-related
stuff and therefore would highly appreciate some hints. Does anybody of
you use SecureDoc? Unfortunately I couldn't find out what these ports
are used for. But I know, that the notebook tries to contact a SecureDoc
Enterprise Server while authenticating. It also has a local key file,
which it uses, when no local SecureDoc Enterprise Server is available, I
think.
Regarding FDE in general, I found the so-called "evil maid attack",
which is an attack to bypass variuos FDE solutions I think. See [1] or
[2] for more details.
Constructive inputs from your side is highly appreciated.
Thank you very much in advance.
André
[1]
http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
[2] http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
- Prev by Date: [Announcement] ClubHack 2011 Hacking and Security Conference
- Next by Date: Web site defacing
- Previous by thread: [Announcement] ClubHack 2011 Hacking and Security Conference
- Next by thread: Web site defacing
- Index(es):
