Home page logo
/

basics logo Security Basics mailing list archives

Attacking Full Disk Encryption
From: André Gasser <andre.gasser () gmx ch>
Date: Sun, 13 Nov 2011 18:02:58 +0100

Hello all,

I received a notebook for doing some black box testing on it (no login
credentials available). All I know is:

- It runs WinMagic SecureDoc Full Disk Encryption
  (latest version I guess, could not find out until now).
- It does pre-boot authentication using username and password
- It has open port listeners on TCP/111 and TCP/684, both rpcbind.

I would like to investigate, in what ways such a system could be
attacked or to what risks such a system is exposed.

Regarding the open ports I did not find anything useful, except the
possibility to do potential DoS attacks. I am not used to RPC-related
stuff and therefore would highly appreciate some hints. Does anybody of
you use SecureDoc? Unfortunately I couldn't find out what these ports
are used for. But I know, that the notebook tries to contact a SecureDoc
Enterprise Server while authenticating. It also has a local key file,
which it uses, when no local SecureDoc Enterprise Server is available, I
think.

Regarding FDE in general, I found the so-called "evil maid attack",
which is an attack to bypass variuos FDE solutions I think. See [1] or
[2] for more details.

Constructive inputs from your side is highly appreciated.

Thank you very much in advance.

André



[1]
http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
[2] http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Attacking Full Disk Encryption André Gasser (Nov 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]