Attacking Full Disk Encryption



Hello all,

I received a notebook for doing some black box testing on it (no login
credentials available). All I know is:

- It runs WinMagic SecureDoc Full Disk Encryption
(latest version I guess, could not find out until now).
- It does pre-boot authentication using username and password
- It has open port listeners on TCP/111 and TCP/684, both rpcbind.

I would like to investigate, in what ways such a system could be
attacked or to what risks such a system is exposed.

Regarding the open ports I did not find anything useful, except the
possibility to do potential DoS attacks. I am not used to RPC-related
stuff and therefore would highly appreciate some hints. Does anybody of
you use SecureDoc? Unfortunately I couldn't find out what these ports
are used for. But I know, that the notebook tries to contact a SecureDoc
Enterprise Server while authenticating. It also has a local key file,
which it uses, when no local SecureDoc Enterprise Server is available, I
think.

Regarding FDE in general, I found the so-called "evil maid attack",
which is an attack to bypass variuos FDE solutions I think. See [1] or
[2] for more details.

Constructive inputs from your side is highly appreciated.

Thank you very much in advance.

André



[1]
http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
[2] http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------