Popular posts from this blog Steganography - Passing through the defenses November 22, Steganography is still considered to be a part of the obscure tools of secret agents and corporate spies.
However, steganography tools are widely available, and anyone can use them. Most of these tools are now available online. But a lot of systems currently perform some form of resampling or filtering of images.
This poses an interesting challenge - how survivable is steganography in filters? Since there may be many different steganography alghorithms, the filter system should not try to read such messages. Doing so will require an entire farm of filter servers. Instead, the systems will resort to a much simpler mechanism: Modify all passing images so that the original hidden data is compromised.
Use only minute c. Read more. September 30, I created a simple treasure hunt challenge for young InfoSec enthusiasts and professionals. Researcher James Forshaw from Google Project Zero has not publicly announced any details about the flaws, but said on his Twitter feed that the vulnerabilities got missed in the past and could ditch the security audits and review. Moreover, after TrueCrypt's shutdown, few of the software forks were available such as:.
Both the above-mentioned tools are also freeware and works on the ideologies they have borrowed from TrueCrypt. Further, after the vulnerabilities were detected in TrueCrypt, Veracrypt version 1.
Do you think these flaws were put in intentionally? Found this article interesting? Latest Stories. Please be careful, as choosing a wrong device might result in damaging your hard disk or other media! Also, make sure to use the device representing the whole disk e. On Windows you would need to get a dd-like program, e.
Now, Evil Maid will be logging the passphrases provided during the boot time. To retrieve the recorded passphrase just boot again from the Evil Maid USB — it should detect that the target is already infected and display the sniffed password. The current implementation of Evil Maid always stores the last passphrase entered, assuming this is the correct one, in case the user entered the passphrase incorrectly at earlier attempts. You should always obtain permission from other people before testing Evil Maid against their laptops!
Use this code at your own risk, and never run it against a production system. Invisible Things Lab cannot be held responsible for any potential damages this code or its derivates might cause. If it does, the rest of the code is unpacked using gzip and hooked. We also take care about adjusting some fields in the MBR, like the boot loader size and its checksum. After the hooking is done, the loader is packed again and written back to the disk.
You can get the source code for the Evil Maid infector here. Possible Workarounds So, how should we protect against such Evil Maid attacks? There are a few approaches…. Protect your laptop when you leave it alone Several months ago I had a discussion with one of the TrueCrypt developers about possible means of preventing the Evil Maid Attack, perhaps using TPM see below.
Our dialog went like this reproduced here with permission from the TrueCrypt developer :. We never consider the feasibility of hardware attacks; we simply have to assume the worst.
It is impossible for TPM to prevent hardware attacks for example, using hardware key loggers, which are readily available to average Joe users in computer shops, etc.
Do you carry your laptop with you all the time? TrueCrypt Developer: Given the scope of our product, how the user ensures physical security is not our problem.
Anyway, to answer your question as a side note , you could use e. Joanna Rutkowska: If I could arrange for a proper lock or an impenetrable strongbox, then why in the world should I need encryption?
If you use it, then you will notice that the attacker has accessed your notebook inside as the case or strongbox will be damaged and it cannot be replaced because you had the correct key with you. Plus it means we need to carry a good strongbox with us to any travel we go. I think we need a better solution….
Note that TrueCrypt authors do mention the possibility of physical attacks in the documentation :. If an attacker can physically access the computer hardware and you use it after the attacker has physically accessed it, then TrueCrypt may become unable to secure data on the computer.
0コメント