Security Basics mailing list archives
Attacking Full Disk Encryption
From: André Gasser <andre.gasser () gmx ch>
Date: Sun, 13 Nov 2011 18:02:58 +0100
Hello all, I received a notebook for doing some black box testing on it (no login credentials available). All I know is: - It runs WinMagic SecureDoc Full Disk Encryption (latest version I guess, could not find out until now). - It does pre-boot authentication using username and password - It has open port listeners on TCP/111 and TCP/684, both rpcbind. I would like to investigate, in what ways such a system could be attacked or to what risks such a system is exposed. Regarding the open ports I did not find anything useful, except the possibility to do potential DoS attacks. I am not used to RPC-related stuff and therefore would highly appreciate some hints. Does anybody of you use SecureDoc? Unfortunately I couldn't find out what these ports are used for. But I know, that the notebook tries to contact a SecureDoc Enterprise Server while authenticating. It also has a local key file, which it uses, when no local SecureDoc Enterprise Server is available, I think. Regarding FDE in general, I found the so-called "evil maid attack", which is an attack to bypass variuos FDE solutions I think. See [1] or [2] for more details. Constructive inputs from your side is highly appreciated. Thank you very much in advance. André [1] http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html [2] http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Attacking Full Disk Encryption André Gasser (Nov 14)