Full Disclosure mailing list archives

Re: TrueCrypt?

From: Alfie John <alfiej () fastmail fm>
Date: Fri, 30 May 2014 20:22:24 +1000

On Fri, May 30, 2014, at 08:02 AM, Justin Bull wrote:

Closed source and Microsoft is notoriously known to play ball with LEO
and government. It's an ill-fitting shoe.


The fact that I can go to the Google Play Store on my desktop, click
install on an app, then a couple of minutes later pick up my phone to
see it automagically installed should demonstrate why encryption is
*useless* on a modern operating system. As these days auto-update and
push events are the norm, encryption is a mute point if malware can be
installed on a target machine to record your keys without any effort.
Taken this further, if you are a target activist/journalist/sysadmin
using "modern hardware", you're pretty much pwned.

How much work would it take to go back an do an binary audit of Windows
XP? Since it's closed source, we could at least narrow down the effort
to services that are currently running. To trigger any suspicious code,
maybe install a dated GnuPG and send an encrypted email in a lab network
to see what other libraries are pulled in.

If this was done in under a VM, it could also record what memory
locations and code paths were run. Do this a couple of thousand times
(each under a cleanly installed image) to get a general memory/code
footprint. Next, do the same thing but now:

  - On install, set the country to one in the "Axis of Evil"
  - Have some suspect words in the plain-text of the message
  - Use Arabic or perhaps Russian

Record the memory locations and code paths but this time see if there
were any other branches that were triggers. After removing
translations/locale specific code/data, you would then have a basis for
some interesting analysis.

This may sound like a lot of work, but I'm sure this would be fun side
project for someone on FD.

Alfie

-- 
  Alfie John
  alfiej () fastmail fm

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Re: TrueCrypt?, (continued)
- - - Message not available
    - Re: TrueCrypt? Justin Bull (May 29)
    - Re: TrueCrypt? Mike Cramer (May 29)
    - Message not available
    - Re: TrueCrypt? Michael Cramer (May 30)
    - Re: TrueCrypt? uname -a (May 30)
    - Re: TrueCrypt? Jeffrey Walton (May 30)
    - Re: TrueCrypt? Jeffrey Walton (May 30)
    - Re: TrueCrypt? Not EcksKaySeeDee (May 30)
    - Re: TrueCrypt? Justin Bull (May 30)
    - Re: TrueCrypt? Not EcksKaySeeDee (May 31)
    - Re: TrueCrypt? Philip Cheong (May 30)
    - Re: TrueCrypt? Alfie John (May 30)
- Re: TrueCrypt? James Healy (May 29)
- Re: TrueCrypt? Jeffrey Walton (May 29)
- Re: TrueCrypt? Michael Cramer (May 30)
  - Message not available
    - Re: TrueCrypt? Mike Cramer (May 30)