Of Encrypted Hard Drives and "Evil Maids" 376
Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."
At the next defcon... (Score:5, Funny)
And that's the lesser evil (Score:5, Funny)
You could have found the evil bartender.
You leave your laptop at the hotel and you go out to take a beer. There, you meet the evil bartender, who because of a common past becomes your friend and starts inviting you to more and more beer. Then he closes the bar and you both go to a strip club where you meet the evil bartender's girlfriend and her friend who we shall call "Foxette".
The next morning, you wake up in an unknown appartment with Foxette and a guy you don't even know. You quickly get out of there and go to work, with such a massive headache than when asked about the laptop's full disk encription, you answer is "the what?".
Re:At the next defcon... (Score:2, Funny)
Re:My bootloader is on USB (Score:2, Funny)
Its funny the levels kiddy porn file sharers have to go to these days to stay 1 step ahead of the police.
Re:And that's the lesser evil (Score:5, Funny)
"Has anyone seen my kidney?"
Re:Bucket List (Score:5, Funny)
And some day I'd like to be hit by the attack you invent, because saying that I've been hit by an "all-knowing frog" attack would simply be cool.
Cheers,
Ian
Re:At the next defcon... (Score:5, Funny)
Re:My bootloader is on USB (Score:4, Funny)
If someone wants your information that bad, they just need a pair of pliers to succeed with the attack.
1) Step one: apply pliers to target's scrotum.
2) Ask them once to access the laptop.
3) If any resistance is given, squeeze the pliers just a tad.
Now, leave it to a bunch of nerds to come up with technical workarounds and miss the real point.
Re:Fine line between security and paranoia (Score:1, Funny)
High class hotel in Paris perhaps. There have been numerous occasions when Americans bidding on multi-million dollar/euro contracts in France have been underbid by pocket change. The French secret service is notorious about helping French companies compete!
Re:Bucket List (Score:5, Funny)
The hypnotoad security tool protects against the all-knowing frog attack, but comes with its own drawbac--ALL GLORY TO THE HYPNOTOOL.
Re:Bucket List (Score:4, Funny)
saying that I've been hit by an "all-knowing frog" attack would simply be cool.
That's rather a rude way to describe being beaten by the French.
Re:My bootloader is on USB (Score:5, Funny)
Workaround 1) Make sure only women have the information.
Workaround 2) Preventative castration
Workaround 3) Shoot anyone with pliers who comes within 10 feet
Workaround 4) Duress code which releases false information. (this one's likely practical but only as a delaying tactic; it's going to hurt a lot when the interrogator finds the information doesn't verify)
Re:surprise (Score:3, Funny)
You forgot Lizard-Spock
Re:Trojans still work (Score:2, Funny)
Re:At the next defcon... (Score:2, Funny)
Re:surprise (Score:3, Funny)
No no no, the suprise is that -hotel maids- are teh 1337 haxorz.
I guess it couldn't be TOO bad, whenever I forget to put the "do not disturb" sign on my hotel room when I leave, the maids usually don't steal my stuff, they just neatly organize it. If they sneak into my computer, they'd probably defrag the hard drive and that's about it.