One option would be to debug via a FW port.
Another option would be to trick the user into installing this software, or
trick the user into somehow giving away access to the machine (aka these APTs
we keep hearing about) and layering this on top.
Cheers
Ken
-Original Message-
From: Dav
On Fri, Dec 21, 2012 at 1:54 PM, David Lum wrote:
> Anyone know how one might scan for cloud-based storage software on 500 users
> PC’s? Skydrive, iCloud, Dropbox, etc…how would you find these without having
> to know the name of the provider?
>
> David Lum
> Sr. Systems Engineer // NWEATM
> Offic
I hear the hoofbeats of whitelisting approaching...
On Fri, Dec 21, 2012 at 1:54 PM, David Lum wrote:
> Anyone know how one might scan for cloud-based storage software on 500 users
> PC’s? Skydrive, iCloud, Dropbox, etc…how would you find these without having
> to know the name of the provider?
>
Not past the screensaver as such, but many/most/all machines with
firewire ports are vulnerable.
http://www.forensicswiki.org/wiki/Tools:Memory_Imaging
So, turn off firewire in the BIOS, I guess.
On Fri, Dec 21, 2012 at 1:01 PM, David Lum wrote:
> Simple to get past the screensaver password then
Simple to get past the screensaver password then?
-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, December 21, 2012 12:59 PM
To: NT System Admin Issues
Subject: RE: Disk encryption killer: Anyone see this?
Its not hard to get a memory dump from a PC that
Its not hard to get a memory dump from a PC that is running, and you
have the tools and the appropriate skilset. If the box is open and
running, then have a field day...
Z
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org
-Original Me
So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless*
it's hibernation file is unencrypted (read, no full disk encryption)? A fully
encrypted disk that has a screen saver password is going to be pretty secure?
"You'll thus need to get a memory dump from a running PC (loc
Sensationalist tech press is sensational?
On Fri, Dec 21, 2012 at 2:47 PM, Ben Scott wrote:
> On Fri, Dec 21, 2012 at 2:38 PM, Andrew S. Baker
> wrote:
> > You could unlock my safe if I gave you the keys as well, which is all
> that is happening here.
> > Even the bit about using the hibernati
On Fri, Dec 21, 2012 at 2:38 PM, Andrew S. Baker wrote:
> You could unlock my safe if I gave you the keys as well, which is all that is
> happening here.
> Even the bit about using the hibernation file is not worthy of the headline
> they provided...
> It's not like they're *cracking* the encypt
What Steve said...
You could unlock my safe if I gave you the keys as well, which is all that
is happening here.
Even the bit about using the hibernation file is not worthy of the headline
they provided...
It's not like they're *cracking* the encyption.
*ASB
**http://XeeMe.com/AndrewBaker*
Alright, that's what I thought and I was wrestling with the question. Am I
crazy or missing something here?
I know, yes and yes. Still...
On Fri, Dec 21, 2012 at 1:58 PM, Steve Kradel wrote:
> I don't find this alarming at all: it requires access to the key data,
> and is useful if you have
I don't find this alarming at all: it requires access to the key data,
and is useful if you have a memory dump or a cleartext hibernation
file (hiberfil.sys is going to be *encrypted* on a hibernating machine
with whole-disk encryption). This tool appears to be a good
time-saver, given a memory du
I'm no security expert.
But I do assume that if the physical machine is compromised, then the data it
holds is as good as compromised as well, no matter what level of encryption you
have.
--Matt Ross
Ephrata School District
- Original Message -
From: Ziots, Edward
[mailto:ezi...@life
This tool seems to have some serious caveats, like you have to have access
to a running system and it's memory dump.
On Fri, Dec 21, 2012 at 9:57 AM, Ziots, Edward wrote:
> I would say off the record no, if you used popular encryption software and
> a repeatable process, but when you lose physic
I would say off the record no, if you used popular encryption software
and a repeatable process, but when you lose physical security of an
asset, given a reasonable amount of time and effort the encryption will
be cracked and data will be obtained.
Z
Edward E. Ziots, CISSP, Security +, Net
Yes and Pgpcrack also is another tool to crack PGP encryption.
Z
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org
From: David Lum [mailto:david@nwea.org]
Sent: Friday, December 21, 2012 12:29 PM
To: NT System Admin
Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and
it's encrypted. Will they still say it's a HIPAA violation?
From: David Lum [mailto:david@nwea.org]
Sent: Friday, December 21, 2012 12:29 PM
To: NT System Admin Issues
Subject: Disk encryption killer: Anyone see this
17 matches
Mail list logo