Re: [Full-disclosure] Brilliant attack "bypasses" bitlocker
> > http://www.theregister.co.uk/2009/12/05/windows_bitlocker_attacks/ > > Research grant ideas for 2010: > > 1) Replacing not only the computer, but victim's entire apartment, > with cardboard cutouts to intercept passwords, You know your continued innovation continues to inspire and amaze us. In order to ensure you're properly credited everytime this attack is conducted/referenced, I propose that we should call this Zalewski Complex Jacking. I could totally see DARPA funding this :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brilliant attack "bypasses" bitlocker
I couldn't imagine a method more reliable than thermorectal cryptoanalysis, but you have done it with number 3). however, there is a weak point: if, during the process of universe destruction, an attacker are under constant observation by someone, his psi-function might eventually collapse somewhere he really don't want to be... >> http://www.theregister.co.uk/2009/12/05/windows_bitlocker_attacks/ > > Research grant ideas for 2010: > > 1) Replacing not only the computer, but victim's entire apartment, > with cardboard cutouts to intercept passwords, > > 2) Substituting victim's spouse with a conspicuously German lookalike, > > 3) Destroying all quantum-superposed universes in which the password > is *not* known to the attacker, in order to emerge in one where it is. > > 4) ??? > > 5) Profit. > > /mz > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brilliant attack "bypasses" bitlocker
> http://www.theregister.co.uk/2009/12/05/windows_bitlocker_attacks/ Research grant ideas for 2010: 1) Replacing not only the computer, but victim's entire apartment, with cardboard cutouts to intercept passwords, 2) Substituting victim's spouse with a conspicuously German lookalike, 3) Destroying all quantum-superposed universes in which the password is *not* known to the attacker, in order to emerge in one where it is. 4) ??? 5) Profit. /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brilliant attack "bypasses" bitlocker
/me sheepishly acquiesces to Dan publically. Dan is right, I am wrong. After consulting our resident grammar expert, I have been corrected. My apologies to Dan for incorrectly attributing a grammatical error to his piece. I was going to bet on it too ;) t -Original Message- From: Dan Goodin [mailto:dgoo...@sitpub.com] Sent: Friday, December 11, 2009 2:21 PM To: Thor (Hammer of God) Subject: Re: Brilliant attack "bypasses" bitlocker "Methods" is an object in the sentence. I think what's confusing you is that it comes ahead of the subject, which is "attack." Thor (Hammer of God) wrote: > Sorry, you're wrong on this one. Only if your structure was "The > hardware-level phishing attack" as the object and not "methods" would you be > correct. But it's not The methods "are," not the methods "is." You > might have intended that to be the case, but you didn't write it like that. > > t ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brilliant attack "bypasses" bitlocker
P.S. - while poking fun at "is" rather than "are," I did not mean for my statements to suggest that Dan had qualified the nature of this "attack" as "brilliant." That was my own language making fun of the attack, and not suggesting that Dan or el Reg was somehow making such a comment. The other attacks not mentioned may very well be l33t, but I found the aforementioned attack funny. Just wanted to make that clear. T From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thor (Hammer of God) Sent: Friday, December 11, 2009 1:29 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Brilliant attack "bypasses" bitlocker http://www.theregister.co.uk/2009/12/05/windows_bitlocker_attacks/ This "method" is almost as bad as Dan's grammar ;) "Among the methods discussed is what they call a "hardware-level phishing attack," in which a target machine is replaced with a counterfeit one that provides precisely the same messages and prompts that the original machine would have produced. The imposter machine captures user input and relays it to the attacker, who then uses it on the real machine." I love the old, "replace the computer with an exact duplicate while they are not looking and get them to type in their passphrase" trick. Certificates anyone? t ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/