Slashdot Mirror

← Back to Stories (view on slashdot.org)

Of Encrypted Hard Drives and "Evil Maids"

Posted by kdawson on from the take-the-second-factor-with-you dept.

Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."

16 of 376 comments (clear)

  1. At the next defcon... by purpledinoz · · Score: 5, Funny

    I'm imagining a bunch of geeks dressed up in maid outfits.

    1. Re:At the next defcon... by Anonymous Coward · · Score: 2, Funny

      Damn you... I have an over active imagination, that made me throw up in my mouth. Just for that look at this horrifying thing.

    2. Re:At the next defcon... by Anonymous Coward · · Score: 5, Funny

      Holy crap slashdot, you scare me! That was not sold out when I posted it.

    3. Re:At the next defcon... by laejoh · · Score: 2, Funny

      Just like my dear papaaaa!

  2. And that's the lesser evil by Thanshin · · Score: 5, Funny

    You could have found the evil bartender.

    You leave your laptop at the hotel and you go out to take a beer. There, you meet the evil bartender, who because of a common past becomes your friend and starts inviting you to more and more beer. Then he closes the bar and you both go to a strip club where you meet the evil bartender's girlfriend and her friend who we shall call "Foxette".

    The next morning, you wake up in an unknown appartment with Foxette and a guy you don't even know. You quickly get out of there and go to work, with such a massive headache than when asked about the laptop's full disk encription, you answer is "the what?".

    1. Re:And that's the lesser evil by JustOK · · Score: 4, Funny

      "Has anyone seen my kidney?"

      --
      rewriting history since 2109
  3. Re:My bootloader is on USB by Viol8 · · Score: 2, Funny

    Its funny the levels kiddy porn file sharers have to go to these days to stay 1 step ahead of the police.

  4. Re:Bucket List by mccalli · · Score: 4, Funny

    Someday I want to invent an attack, but only because I want the privilege of naming it.

    And some day I'd like to be hit by the attack you invent, because saying that I've been hit by an "all-knowing frog" attack would simply be cool.

    Cheers,
    Ian

  5. Re:My bootloader is on USB by MyLongNickName · · Score: 3, Funny

    If someone wants your information that bad, they just need a pair of pliers to succeed with the attack.

    1) Step one: apply pliers to target's scrotum.
    2) Ask them once to access the laptop.
    3) If any resistance is given, squeeze the pliers just a tad.

    Now, leave it to a bunch of nerds to come up with technical workarounds and miss the real point.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  6. Re:Fine line between security and paranoia by Anonymous Coward · · Score: 1, Funny

    High class hotel in Paris perhaps. There have been numerous occasions when Americans bidding on multi-million dollar/euro contracts in France have been underbid by pocket change. The French secret service is notorious about helping French companies compete!

  7. Re:Bucket List by Gulthek · · Score: 5, Funny

    The hypnotoad security tool protects against the all-knowing frog attack, but comes with its own drawbac--ALL GLORY TO THE HYPNOTOOL.

  8. Re:Bucket List by dkleinsc · · Score: 3, Funny

    saying that I've been hit by an "all-knowing frog" attack would simply be cool.

    That's rather a rude way to describe being beaten by the French.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  9. Re:My bootloader is on USB by russotto · · Score: 5, Funny

    If someone wants your information that bad, they just need a pair of pliers to succeed with the attack.

    1) Step one: apply pliers to target's scrotum.
    2) Ask them once to access the laptop.
    3) If any resistance is given, squeeze the pliers just a tad.

    Now, leave it to a bunch of nerds to come up with technical workarounds and miss the real point.

    Workaround 1) Make sure only women have the information.
    Workaround 2) Preventative castration
    Workaround 3) Shoot anyone with pliers who comes within 10 feet
    Workaround 4) Duress code which releases false information. (this one's likely practical but only as a delaying tactic; it's going to hurt a lot when the interrogator finds the information doesn't verify)

  10. Re:surprise by Abreu · · Score: 2, Funny

    You forgot Lizard-Spock

    --
    No sig for the moment.
  11. Re:Trojans still work by Megahard · · Score: 2, Funny

    So the Evil Maid comes into your room and uses a Trojan?

    --
    I eat only the real part of complex carbohydrates.
  12. Re:surprise by interkin3tic · · Score: 2, Funny

    No no no, the suprise is that -hotel maids- are teh 1337 haxorz.

    I guess it couldn't be TOO bad, whenever I forget to put the "do not disturb" sign on my hotel room when I leave, the maids usually don't steal my stuff, they just neatly organize it. If they sneak into my computer, they'd probably defrag the hard drive and that's about it.