Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

ALERT: Disk encryption may not be secure enough

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 02-22-2008
jim
 

Posts: n/a
ALERT: Disk encryption may not be secure enough
You may have already heard about or read about this story. If so, this is
not for you.

For those people in positions where privacy can mean the life or death of a
career or even a person, listen up......

"Computer scientists have discovered a novel way to bypass the encryption
used in programs like Microsoft's BitLocker and Apple's FileVault and then
view the contents of supposedly secure files.

In a paper (PDF) published Thursday that could prompt a rethinking of how to
protect sensitive data, the researchers describe how they can extract the
contents of a computer's memory and discover the secret encryption key used
to scramble files. (I tested these claims by giving them a MacBook with
FileVault; here's a slideshow.)

"There seems to be no easy remedy for these vulnerabilities," the
researchers say. "Simple software changes are likely to be ineffective;
hardware changes are possible but will require time and expense; and today's
Trusted Computing technologies appear to be of little help because they
cannot protect keys that are already in memory. The risk seems highest for
laptops, which are often taken out in public in states that are vulnerable
to our attacks. These risks imply that disk encryption on laptops may do
less good than widely believed." "

Read the entire article at
http://www.news.com/8301-13578_3-9876060-38.html?tag=tb or view the video
straight from Princeton at http://citp.princeton.edu/memory/.

jim


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 02-22-2008
Mostly Gizzards
 

Posts: n/a
Re: ALERT: Disk encryption may not be secure enough
The sky is falling!

"jim" <jim@home.net> wrote in message
news:G8Bvj.106956$L%6.17232@bignews3.bellsouth.net ...
> You may have already heard about or read about this story. If so, this is
> not for you.
>
> For those people in positions where privacy can mean the life or death of
> a career or even a person, listen up......
>
> "Computer scientists have discovered a novel way to bypass the encryption
> used in programs like Microsoft's BitLocker and Apple's FileVault and then
> view the contents of supposedly secure files.
>
> In a paper (PDF) published Thursday that could prompt a rethinking of how
> to protect sensitive data, the researchers describe how they can extract
> the contents of a computer's memory and discover the secret encryption key
> used to scramble files. (I tested these claims by giving them a MacBook
> with FileVault; here's a slideshow.)
>
> "There seems to be no easy remedy for these vulnerabilities," the
> researchers say. "Simple software changes are likely to be ineffective;
> hardware changes are possible but will require time and expense; and
> today's Trusted Computing technologies appear to be of little help because
> they cannot protect keys that are already in memory. The risk seems
> highest for laptops, which are often taken out in public in states that
> are vulnerable to our attacks. These risks imply that disk encryption on
> laptops may do less good than widely believed." "
>
> Read the entire article at
> http://www.news.com/8301-13578_3-9876060-38.html?tag=tb or view the video
> straight from Princeton at http://citp.princeton.edu/memory/.
>
> jim
>

Reply With Quote
  #3 (permalink)  
Old 02-22-2008
Richard G. Harper
 

Posts: n/a
Re: ALERT: Disk encryption may not be secure enough
I always, ALWAYS carry a can of compressed air upside down in my pocket just
so I can super cool the memory chips from a PC and steal the data resident
on them. This just goes back to probably the second oldest security rule
there is - "If you don't physically secure your computer, it is no longer
your computer." The oldest, of course, being "If you let someone else run
code on your computer, it is no longer your computer."

--
Richard G. Harper [MVP Shell/User] rgharper@gmail.com
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/


"jim" <jim@home.net> wrote in message
news:G8Bvj.106956$L%6.17232@bignews3.bellsouth.net ...
> You may have already heard about or read about this story. If so, this is
> not for you.
>
> For those people in positions where privacy can mean the life or death of
> a career or even a person, listen up......
>
> "Computer scientists have discovered a novel way to bypass the encryption
> used in programs like Microsoft's BitLocker and Apple's FileVault and then
> view the contents of supposedly secure files.
>
> In a paper (PDF) published Thursday that could prompt a rethinking of how
> to protect sensitive data, the researchers describe how they can extract
> the contents of a computer's memory and discover the secret encryption key
> used to scramble files. (I tested these claims by giving them a MacBook
> with FileVault; here's a slideshow.)
>
> "There seems to be no easy remedy for these vulnerabilities," the
> researchers say. "Simple software changes are likely to be ineffective;
> hardware changes are possible but will require time and expense; and
> today's Trusted Computing technologies appear to be of little help because
> they cannot protect keys that are already in memory. The risk seems
> highest for laptops, which are often taken out in public in states that
> are vulnerable to our attacks. These risks imply that disk encryption on
> laptops may do less good than widely believed." "
>
> Read the entire article at
> http://www.news.com/8301-13578_3-9876060-38.html?tag=tb or view the video
> straight from Princeton at http://citp.princeton.edu/memory/.
>
> jim
>


Reply With Quote
  #4 (permalink)  
Old 02-22-2008
C.B.
 

Posts: n/a
Re: ALERT: Disk encryption may not be secure enough


"jim" <jim@home.net> wrote in message
news:G8Bvj.106956$L%6.17232@bignews3.bellsouth.net ...
> You may have already heard about or read about this story. If so, this is
> not for you.
>
> For those people in positions where privacy can mean the life or death of
> a career or even a person, listen up......
>
> "Computer scientists have discovered a novel way to bypass the encryption
> used in programs like Microsoft's BitLocker and Apple's FileVault and then
> view the contents of supposedly secure files.
>
> In a paper (PDF) published Thursday that could prompt a rethinking of how
> to protect sensitive data, the researchers describe how they can extract
> the contents of a computer's memory and discover the secret encryption key
> used to scramble files. (I tested these claims by giving them a MacBook
> with FileVault; here's a slideshow.)
>
> "There seems to be no easy remedy for these vulnerabilities," the
> researchers say. "Simple software changes are likely to be ineffective;
> hardware changes are possible but will require time and expense; and
> today's Trusted Computing technologies appear to be of little help because
> they cannot protect keys that are already in memory. The risk seems
> highest for laptops, which are often taken out in public in states that
> are vulnerable to our attacks. These risks imply that disk encryption on
> laptops may do less good than widely believed." "
>
> Read the entire article at
> http://www.news.com/8301-13578_3-9876060-38.html?tag=tb or view the video
> straight from Princeton at http://citp.princeton.edu/memory/.
>
> jim
>


Jim,

If you write an application to lock down or encrypt your system it is
only a matter of time before someone writes an application to unlock or
unencrypt it. Nothing new. It's the same old cat and mouse game. It will
never stop. I would imagine Microsoft has already provided a back door for
law enforcement agencies anyway.
However, I still choose to encrypt my system in the event an average
Joe decides to steal my computer. I don't worry about it as I have no child
**** or incriminating evidence of any kind on my computers. I am not
suggesting or insinuating that you do so don't respond accordingly.
Government intelligence agencies and military intelligence agencies
will probably be able see everything they wish if they confiscate a
computer. Then again, there is always the extremely intelligent 12 year old
gamer or whizkid who is capable of much more than you could ever realize,
sometimes much more intelligent than the best of the intelligence agents.
1984 has come and gone but will never cease to exist.

C.B.


--
It is the responsibility and duty of everyone to help the underprivileged
and less fortunate among us.

Reply With Quote
  #5 (permalink)  
Old 02-22-2008
Paul Adare
 

Posts: n/a
Re: ALERT: Disk encryption may not be secure enough
On Fri, 22 Feb 2008 16:44:13 -0500, Richard G. Harper wrote:

> I always, ALWAYS carry a can of compressed air upside down in my pocket just
> so I can super cool the memory chips from a PC and steal the data resident
> on them. This just goes back to probably the second oldest security rule
> there is - "If you don't physically secure your computer, it is no longer
> your computer." The oldest, of course, being "If you let someone else run
> code on your computer, it is no longer your computer."


You've missed the point here, which is that most full disk encryption
utilities, Bitlocker included, advertise as one of their benefits, the
ability to protect confidential data in the event your computer is stolen.

With BDE at least, if you use a TPM with a PIN or a USB device with a PIN
and either power off or hibernate your computer, the attack is mitigated.
--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
The generation of random numbers is too important to be left to chance.
Reply With Quote
  #6 (permalink)  
Old 02-23-2008
Mostly Gizzards
 

Posts: n/a
Re: ALERT: Disk encryption may not be secure enough
Memo to users:

Never leave your computer unattended while powered on or in Standby Mode.
If you feel the need to leave your computer on a random park bench, please
ensure that you watch it closely for at least 60 seconds to ensure the
contents of the DRAM have decayed adequately to ensure someone cannot
possibly extract your encryption keys. At that point in time, feel free to
leave the area and frolic about in a carefree fashion - your data is safe.

MG

"Paul Adare" <pkadare@gmail.com> wrote in message
news:18prn5yu3ujqv.1bfvlan32fagt$.dlg@40tude.net.. .
> On Fri, 22 Feb 2008 16:44:13 -0500, Richard G. Harper wrote:
>
>> I always, ALWAYS carry a can of compressed air upside down in my pocket
>> just
>> so I can super cool the memory chips from a PC and steal the data
>> resident
>> on them. This just goes back to probably the second oldest security rule
>> there is - "If you don't physically secure your computer, it is no longer
>> your computer." The oldest, of course, being "If you let someone else
>> run
>> code on your computer, it is no longer your computer."

>
> You've missed the point here, which is that most full disk encryption
> utilities, Bitlocker included, advertise as one of their benefits, the
> ability to protect confidential data in the event your computer is stolen.
>
> With BDE at least, if you use a TPM with a PIN or a USB device with a PIN
> and either power off or hibernate your computer, the attack is mitigated.
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> The generation of random numbers is too important to be left to chance.


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ALERT: Disk encryption may not be secure enough jim microsoft.public.windows.vista.general 3 02-23-2008 00:23
disk encryption Titus Pullo microsoft.public.windows.vista.general 0 01-12-2008 23:09
Off the wire: Secure your email with encryption Steve Security News 0 08-23-2007 15:22
Article: Secure Encryption and Backup with Knox Steve Security News 0 07-17-2007 00:03




All times are GMT +1. The time now is 13:24.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120