Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8

from [thesinoda] Network Security [Permanent Link]
Subject: RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
Date: 26 May 2006 22:01:00 -0000 
Firstly, we appricate truecrypt team comments but on the other hand we do not 
agree on some.

--Adonis Comment--
I do not agree with some of truecrypt comments specially the quoted text below.

What if you had  created a virtual disk  and give that to  someone. That someone
use it as his/her own disk and  decided to change the password because they  own
the disk  now (You  give them  to them  with the  pass). So  they did change the
passowrd, but the originator  can still access that  disk if he/she replace  the
passphrase  bytes in  the binary  file. So  I consider  this an  attack on  data
INTEGRITY and  data AVAILABILITY since the legitimate user will be denied access
to the disk after replacing the passphrase bytes.

-- End Comment--

====================================================================
"In conclusion, this is not a "security bug", but design/feature. Also,
to exploit the design, the adversary would have to know your password
first (or have your keyfiles). That means, for example, that he would
capture it using a keystroke logger. If that was the case, then all
security would be practically lost on that machine."
====================================================================

Peace
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING, thesinoda
Next by Date:  Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., visitbipin
Previous by Thread:  Re: RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., ahariri
Next by Thread:  Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt., visitbipin
Indexes:  [Date] [Thread] [Top] [All Lists]