Security Basics mailing list archives
Re: FDE and integrity of OS Was: How to Test HDD Encryption
From: jfvanmeter () comcast net
Date: Wed, 14 Nov 2007 21:30:44 +0000
I'm not sure that will work if you have a pre-boot authenication configured for you FDE software and a pass word set on the BIOS. I think if you have post-boot authenication configured, and no password on the BIOS, you could change the boot order then boot a LiveCD that has a utility to reset the administrators password, Change the password, reboot the target and log in. in theory it sounds like it should work anyway. Or maybe boot a livecd mount the drive ( i'm not sure if this will work) dd the mounted drive... restore the dd copy and beat on that all you want. Just my two shiny centavos --John -------------- Original message ---------------------- From: "Mike Hale" <eyeronic.design () gmail com>
"attacker who has temporary physical access to your computer (while it is switched off) changes the system so that attacker's software loads first (the attacker changes boot-sector or reflash BIOS)" Do you have an example of a program that can do this? On 11/14/07, Alexander Klimov <alserkli () inbox ru> wrote:On Tue, 13 Nov 2007, Ansgar -59cobalt- Wiechers wrote:But isn't FDE primarily targeted at protecting data from lost or stolen systems? A bit over 40% of data breaches are due to lost or stolen devices.That's its primary use. However, FDE also protects the integrity of the operating system while the computer is not running.FDE can make tampering with your OS slightly harder but it does not protect OS integrity in any strong sense. Consider the following example (inspired by `Vbootkit' and `Blue Pill'): attacker who has temporary physical access to your computer (while it is switched off) changes the system so that attacker's software loads first (the attacker changes boot-sector or reflash BIOS), this software loads the rest of the system in a virtual environment. For the user the system looks exactly the same as it was (e.g., the system asks for password or a smart card and decrypts the OS), but in reality the attacker has complete control. -- Regards, ASK-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Current thread:
- Re: FDE and integrity of OS Was: How to Test HDD Encryption jfvanmeter (Nov 14)
- Re: FDE and integrity of OS Was: How to Test HDD Encryption steve menard (Nov 15)