BreachExchange mailing list archives

Re: (article) "We recovered the laptop!" ... so what?

From: "Bob Dehnhardt" <bob.dehnhardt () trinet com>
Date: Thu, 15 Feb 2007 16:32:16 -0800

From what I understand, BitLocker requires special hardware - either a

Trusted Platform Module on the motherboard, or a special USB device
plugged in to the system. It also requires a compliant BIOS. None of
these are particularly widespread at the moment, so I don't think
BitLocker will be in common use any time soon.

I think encryption is the second best method of protecting sensitive
info on laptops (the best is to not put it there in the first place, but
that battle was lost before it began). But if I've got your system, odds
are I also have the key (EFS stores it on the system drive, BitLocker
uses the on-board TPM or USB dongle, which would most likely be kept
with the laptop). In that case, any encryption will fail given
sufficient time.

And encryption does not prevent the taking of a bit-level backup or
image of the drive. That's a key tool for the attacker. Once that's been
done, that can freely attack the system with whatever tools they like,
knowing that they can always restore it to a pristine condition if
things get too heavily munged. And running "strings" on a drive image is
a great way of generating a system-specific word list for dictionary
password attacks....

 - Bob

-----Original Message-----
From: dataloss-bounces () attrition org
[mailto:dataloss-bounces () attrition org] On Behalf Of Herve Roggero
Sent: Monday, February 12, 2007 5:54 AM
To: Max Hozven; sawaba; blitz
Cc: dataloss () attrition org
Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so
what?

Hi everyone

This thead is very interesting. All techniques so far deal with reading
data at a low level. Will Windows Vista prevent techniques such as
Symantec Ghost? I understand that Vista performs bit-level encryption
with its BitLocker technology.

Thanks.

Herve Roggero
Managing Partner
Pyn Logic LLC
Visit www.pynlogic.com 

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 148 million compromised records in 576 incidents over 7 years.

Current thread:

Re: (article) "We recovered the laptop!" ... so what?, (continued)
- - - Re: (article) "We recovered the laptop!" ... so what? B.K. DeLong (Feb 16)
    - Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 16)
    - Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 17)
    - Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 19)
    - Re: (article) "We recovered the laptop!" ... so what? Chris Walsh (Feb 13)
    - Re: (article) "We recovered the laptop!" ... so what? security curmudgeon (Feb 13)
    - Re: (article) "We recovered the laptop!" ... so what? Chris Walsh (Feb 13)
    - Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 14)
    - Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 14)
  - Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 14)
  - Re: (article) "We recovered the laptop!" ... so what? Bob Dehnhardt (Feb 15)