Bootkit Bypasses TrueCrypt Encryption

mattOzan writes with this excerpt from H-online: "At Black Hat USA 2009, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. The bootkit uses a 'double forward' to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt."

Much as we hate TPM here on /.

[Wrath0fb0b]

TFA has a very good point -- unless you (cryptographically) trust the components of your system all the way down to the hardware itself, you can get pwned by an attack like this. You can regularly do all-the-way-to-the-firmware scrubs of your machine as damage-control, but the only real prophylactic is some form of trusted computing.

Of course, I'm not really dying to jump on the TPM bandwagon, given the sponsors, but it sure would be nice if there was an openly-audited trusted computing module.

Re:Do I need to prepare?

[khayman80]

You're absolutely right. Strangely, none of those links led to Peter Kleissner's web page.

Check out the comments. Some of the visitors are flaming him pretty hard, but he's just a kid with amazing skills and (understandably) very little historical knowledge. Luckily, Christian politely points out that his attack serves to "... alert many people who think they made their PC secure by installing TrueCrypt and still keep working with an admin account where they should not. You prove that a security policy is indispensable, because admin privileges will give malicious software the ability to tamper with the installed security software."