Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk?

from [gjgowey] Network Security [Permanent Link]
Subject: Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk?
Date: Thu, 20 Sep 2007 23:11:30 +0000 
That's in a hacking scenario.  The best thing that this encryption can do is 
reasonably secure the information when the hard drive is being transported 
elsewhere or disposed of.  Ideally these harddrives should have the equivalent 
of a bios reset jumper to "forget" the key when they're off or defective beyond 
startup.  Removing the key won't lose the data by itself (useful if moving the 
drive from one location to another), but putting another key in and low-level 
formatting the drive then dumping that key will definitely make the drive safe 
for disposal or resale.

Geoff
 
Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: empfour@hotmail.com

Date: 20 Sep 2007 04:16:37 
To:security-basics@securityfocus.com
Subject: Re: Re: Re: Why isn't full disk encryption from manufactures a
 slam dunk?


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1


Well as you know, for example, the US government has now started to require 
companies to publish and inform when electronic breaks-in and theft occur.


While conceptually encryption is secure, it is the implementation of it which 
comes into question.  Realistically when a crypto-cracker starts his work, the 
first thing he is going to do is find out not only what kind of encryption is 
being used, but also what product was used to implement it.  This is to locate 
any vulnerabilities in certain versions of certain products which can be 
exploited to break in.  The next thing he is going to do is run through a list 
of commonly used passwords and perform a dictionary-based attack to take 
advantage of a possibly weak password.  After that, he might start looking into 
aspects of the user(s) who using the security to determine commonly used pieces 
of information such as dates, names of family/friends/pets, and so forth.  If 
this information is not readily available on the Internet, a determined person 
can always "dumpster dive".  Who knows, perhaps the user wrote it down 
somewhere?  As I said, it is the implementation which is the we
 akpoint.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.7 (MingW32)


iD8DBQFG8fVLbewdQwZMkngRAleIAJ0bz8x7LJYiYwB0EhsyNNOyuI6s0gCbBpYS

jBLY1aa/c472li+YnRDcfKM=

=VFYf

-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Network Monitoring, Joe Tran
Next by Date:  RE: Blocking hack attempts from foreign countries..., Murda Mcloud
Previous by Thread:  Re: Re: Re: Why isn't full disk encryption from manufactures a slam dunk?, empfour
Next by Thread:  Re: Re: Re: Why isn't full disk encryption from manufactures aslam dunk?, ganesh mahadevan
Indexes:  [Date] [Thread] [Top] [All Lists]