Full Disclosure mailing list archives
Re: TrueCrypt?
From: Alfie John <alfiej () fastmail fm>
Date: Fri, 30 May 2014 20:22:24 +1000
On Fri, May 30, 2014, at 08:02 AM, Justin Bull wrote:
Closed source and Microsoft is notoriously known to play ball with LEO and government. It's an ill-fitting shoe.
The fact that I can go to the Google Play Store on my desktop, click install on an app, then a couple of minutes later pick up my phone to see it automagically installed should demonstrate why encryption is *useless* on a modern operating system. As these days auto-update and push events are the norm, encryption is a mute point if malware can be installed on a target machine to record your keys without any effort. Taken this further, if you are a target activist/journalist/sysadmin using "modern hardware", you're pretty much pwned. How much work would it take to go back an do an binary audit of Windows XP? Since it's closed source, we could at least narrow down the effort to services that are currently running. To trigger any suspicious code, maybe install a dated GnuPG and send an encrypted email in a lab network to see what other libraries are pulled in. If this was done in under a VM, it could also record what memory locations and code paths were run. Do this a couple of thousand times (each under a cleanly installed image) to get a general memory/code footprint. Next, do the same thing but now: - On install, set the country to one in the "Axis of Evil" - Have some suspect words in the plain-text of the message - Use Arabic or perhaps Russian Record the memory locations and code paths but this time see if there were any other branches that were triggers. After removing translations/locale specific code/data, you would then have a basis for some interesting analysis. This may sound like a lot of work, but I'm sure this would be fun side project for someone on FD. Alfie -- Alfie John alfiej () fastmail fm _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: TrueCrypt?, (continued)
- Message not available
- Re: TrueCrypt? Justin Bull (May 29)
- Re: TrueCrypt? Mike Cramer (May 29)
- Message not available
- Re: TrueCrypt? Michael Cramer (May 30)
- Re: TrueCrypt? uname -a (May 30)
- Re: TrueCrypt? Jeffrey Walton (May 30)
- Re: TrueCrypt? Jeffrey Walton (May 30)
- Re: TrueCrypt? Not EcksKaySeeDee (May 30)
- Re: TrueCrypt? Justin Bull (May 30)
- Re: TrueCrypt? Not EcksKaySeeDee (May 31)
- Re: TrueCrypt? Philip Cheong (May 30)
- Re: TrueCrypt? Alfie John (May 30)
- Message not available
- Re: TrueCrypt? Mike Cramer (May 30)