BreachExchange mailing list archives
Re: (article) "We recovered the laptop!" ... so what?
From: "Bob Dehnhardt" <bob.dehnhardt () trinet com>
Date: Thu, 15 Feb 2007 16:32:16 -0800
From what I understand, BitLocker requires special hardware - either a
Trusted Platform Module on the motherboard, or a special USB device plugged in to the system. It also requires a compliant BIOS. None of these are particularly widespread at the moment, so I don't think BitLocker will be in common use any time soon. I think encryption is the second best method of protecting sensitive info on laptops (the best is to not put it there in the first place, but that battle was lost before it began). But if I've got your system, odds are I also have the key (EFS stores it on the system drive, BitLocker uses the on-board TPM or USB dongle, which would most likely be kept with the laptop). In that case, any encryption will fail given sufficient time. And encryption does not prevent the taking of a bit-level backup or image of the drive. That's a key tool for the attacker. Once that's been done, that can freely attack the system with whatever tools they like, knowing that they can always restore it to a pristine condition if things get too heavily munged. And running "strings" on a drive image is a great way of generating a system-specific word list for dictionary password attacks.... - Bob -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Herve Roggero Sent: Monday, February 12, 2007 5:54 AM To: Max Hozven; sawaba; blitz Cc: dataloss () attrition org Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so what? Hi everyone This thead is very interesting. All techniques so far deal with reading data at a low level. Will Windows Vista prevent techniques such as Symantec Ghost? I understand that Vista performs bit-level encryption with its BitLocker technology. Thanks. Herve Roggero Managing Partner Pyn Logic LLC Visit www.pynlogic.com _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 148 million compromised records in 576 incidents over 7 years.
Current thread:
- Re: (article) "We recovered the laptop!" ... so what?, (continued)
- Re: (article) "We recovered the laptop!" ... so what? B.K. DeLong (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 17)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 19)
- Re: (article) "We recovered the laptop!" ... so what? Chris Walsh (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? security curmudgeon (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Chris Walsh (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 14)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 14)