Attacking Full Disk Encryption

Hello all,

I received a notebook for doing some black box testing on it (no login
credentials available). All I know is:

- It runs WinMagic SecureDoc Full Disk Encryption
(latest version I guess, could not find out until now).
- It does pre-boot authentication using username and password
- It has open port listeners on TCP/111 and TCP/684, both rpcbind.

I would like to investigate, in what ways such a system could be
attacked or to what risks such a system is exposed.

Regarding the open ports I did not find anything useful, except the
possibility to do potential DoS attacks. I am not used to RPC-related
stuff and therefore would highly appreciate some hints. Does anybody of
you use SecureDoc? Unfortunately I couldn't find out what these ports
are used for. But I know, that the notebook tries to contact a SecureDoc
Enterprise Server while authenticating. It also has a local key file,
which it uses, when no local SecureDoc Enterprise Server is available, I

Regarding FDE in general, I found the so-called "evil maid attack",
which is an attack to bypass variuos FDE solutions I think. See [1] or
[2] for more details.

Constructive inputs from your side is highly appreciated.

Thank you very much in advance.



Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442f727d1