Re: Brilliant attack "bypasses" bitlocker

["Thor (Hammer of God)" <thor () hammerofgod com>]

P.S. - while poking fun at "is" rather than "are," I did not mean for my statements to suggest that Dan had qualified 
the nature of this "attack" as "brilliant."  That was my own language making fun of the attack, and not suggesting that 
Dan or el Reg was somehow making such a comment.

The other attacks not mentioned may very well be l33t, but I found the aforementioned attack funny.  Just wanted to 
make that clear.

T


From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
Thor (Hammer of God)
Sent: Friday, December 11, 2009 1:29 PM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Brilliant attack "bypasses" bitlocker

http://www.theregister.co.uk/2009/12/05/windows_bitlocker_attacks/

This "method" is almost as bad as Dan's grammar ;)

"Among the methods discussed is what they call a "hardware-level phishing attack," in which a target machine is 
replaced with a counterfeit one that provides precisely the same messages and prompts that the original machine would 
have produced. The imposter machine captures user input and relays it to the attacker, who then uses it on the real 
machine."

I love the old, "replace the computer with an exact duplicate while they are not looking and get them to type in their 
passphrase" trick.   Certificates anyone?

t

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/