Simple to get past the screensaver password then? -----Original Message----- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, December 21, 2012 12:59 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this?
Its not hard to get a memory dump from a PC that is running, and you have the tools and the appropriate skilset. If the box is open and running, then have a field day... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -----Original Message----- From: David Lum [mailto:david....@nwea.org] Sent: Friday, December 21, 2012 3:39 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? "You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.." >> Ok how easy is it to get a memory dump from a running PC? "Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off" >> If the hiberfil.sys is encrypted, how do they get to it? Dave -----Original Message----- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross <mr...@ephrataschools.org> wrote: > I'm no security expert. > > But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: Ziots, Edward > [mailto:ezi...@lifespan.org] > To: NT System Admin Issues > [mailto:ntsysadmin@lyris.sunbelt-software.com] > Sent: Fri, 21 Dec 2012 > 09:57:51 -0800 > Subject: RE: Disk encryption killer: Anyone see this? > > >> I would say off the record no, if you used popular encryption >> software and a repeatable process, but when you lose physical >> security of an asset, given a reasonable amount of time and effort >> the encryption will be cracked and data will be obtained. >> >> >> >> Z >> >> >> >> Edward E. Ziots, CISSP, Security +, Network + >> >> Security Engineer >> >> Lifespan Organization >> >> ezi...@lifespan.org >> >> >> >> From: Chinnery, Paul [mailto:pa...@mmcwm.com] >> Sent: Friday, December 21, 2012 12:37 PM >> To: NT System Admin Issues >> Subject: RE: Disk encryption killer: Anyone see this? >> >> >> >> Oh, great. I wonder what view CMS will take if a laptop is >> stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? >> >> >> >> From: David Lum [mailto:david....@nwea.org] >> Sent: Friday, December 21, 2012 12:29 PM >> To: NT System Admin Issues >> Subject: Disk encryption killer: Anyone see this? >> >> >> >> Comments anyone? Looks like bad news... >> >> http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- >> cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ >> >> >> >> David Lum >> Sr. Systems Engineer // NWEATM >> Office 503.548.5229 // Cell (voice/text) 503.267.9764 >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
