![]() Some products consider "physical presence" as sign of ownership and allow full rights to the person in front of the machine. Physical presence of an attacker is the hardest to defend against. PDTA: after the first incident, I formatted my hard drive and I haven't been in the office since vacations. It would be that easy? Am I missing something here? Should ill be worry ?Īnd what would you recommend to avoid this? the files are decrypted with some tool.the hibersys file is uploaded later to the attackers server as well as the target folders.the windows account password is captured.I leave the room, the account isn’t blocked, the attacker sees the opportunity and install the Trojan/keylogger.The time that the attacker has psychically alone with the laptop to perform the attack could be around 3 -5 minutes. I have an antivirus installed but as we know that sometimes isn’t enough. Also, even I set my screen saver to lock the windows account after 5 mins of inactivity, the attacker could move the pad mouse to keep it active after I leave the room. Weakness : Even tho I try to lock the windows screen every time I leave a shared room, some few times I’ve forgot it (for example if I need to do something outside in a hurry and ill back later). This is, installing a Trojan/keylogger having physical access to the laptop to later use it to steal the info. The true crypt volume with the protected data folder will be usually mounted while i'm in that room.Ī planed attack combining local and remote methods is highly likely. The chances of stealing the laptop is low due to security checkins. We usually work in the same “conference room” with only one table so the physical access to the laptop is easy. The context is an office working environment, with some co workers willing (and waiting for) to copy valuable and personal information from my laptop. I’m not an expert so I have doubts about how easly can this be cracked. I want to try using truecrypt for the sensitive files folder plus EFS for the files in that partition. Therefore Im looking for methods to encrypt my data. Please do sound off and let us know if you can make it by 8 tomorrow.I suspect some info was subtracted in the past months from my laptop. This will give time to discuss network plans, ![]() (and by the way - amazing stuff that we now have the truecrypt files etc.) There's a lot of stuff in that volume, and I'll wait for a full report. Real spook of a friend at the NSA who contributed. Have to brute-force the truecrypt - that would be a fun exercise)ġ. Info (hopefully not on the trucrypt volume. ![]() Well as copies of the docs), and of course if there is any other malware We will need to decide how far we'll want to dig into this server in terms of hours, because it sounds like we could exceed our allotted 12 pretty easily.Īlso all the titles of any documents would be great (as Have a report from them, but the server contains XXXX, and unfortunately, a TrueCrypt volume. I'll wait to provide more details until I XXXX from XXXX has some preliminary results from 'XXXX' refers to names and irrelevant information that have been removed by me. They are internal emails by a company that is hired for data forensics. The emails have been leaked into the public domain and can easily be searched for. I've removed all identifying information, as that's likely a infraction of rules here. I realize they may have simply guessed or discovered the password so no proof at all that truecrypt can be hacked. Unfortunately there are no details at all, except that the truecrypt volume was opened. Here are some emails relating to cracking truecrypt. To convert that to years, we multiply by 31556952. Therefore, multiply 1 billion GPU's by 2 billion passwords. Let's say you had a cluster of a billion of these GPU's. We know from benchmarks that the fastest of these GPU's can calculate about 2 billion passwords per second (depending on the hash used). And I am not so sure that 30 gigawatts is accurate - I think it would take a lot more energy than that to brute-force a 256 bit key, much more energy in fact.įor instance, let's say you had a cluster of GPU's (like an Nvidia Tesla or Fermi). 30 gigawatts of power, as used in the example above, is equivalent to about 30 nuclear power plants being dedicated to cracking a single key. This means that no matter how fast computers become in the future, they will still require lots of energy to brute force a cipher and/or passphrase. Since no one has invented reversible computing yet, we are bound by the Landauer Limit.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |