http://www.tower-net.de:80/blog/tags/theinvisiblethings/ Frenzied programming..., tech..., climbing..., sports..., mountain..., nature... and futile notes en Markus Kolb Wed, 20 Jul 2011 18:43:00 GMT Pebble (http://pebble.sourceforge.net) http://backend.userland.com/rss http://www.tower-net.de/blog/favicon.ico http://www.tower-net.de:80/blog/ http://www.tower-net.de:80/blog/2009/10/18/1255819020000.html The harddisk encryption is only defense against simple theft.<br /> A spy can install a tool on Alice's unattended computer and get to know the password for her encrypted disk.<br /> Afterwards the spy Bob knows the password and can boot Alice's computer with its encrypted harddisk or can copy all the unencrypted disk data.<br /> The so called &quot;<a href="http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html">Evil Maid Attack</a>&quot; by Joanna Rutkowska replaces the boot code on disk to sniff Alice's password and continues with boot afterwards.<br /> If the boot is protected by BIOS, Bob has to connect the encrypted disk to an own computer to install the tool.<br /> If the encryption is hardware based there might be possibilities to hack the BIOS for a password sniffer. But this kind of encryption is much safer because Bob has to know a lot specifics about Alice's computer. Bob might run out of time doing his work without getting nabbed by Alice.<br /> Mmh. I've to check the laptop of our team. I'm interested in how safe its encryption is ;-) tech http://www.tower-net.de:80/blog/2009/10/18/1255819020000.html#comments http://www.tower-net.de:80/blog/2009/10/18/1255819020000.html Sat, 17 Oct 2009 22:37:00 GMT