Of Encrypted Hard Drives and "Evil Maids"

Posted by kdawson on Friday October 23, 2009 @01:37AM from the take-the-second-factor-with-you dept.

Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt. "The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."

4 of 376 comments (clear)

Min score:

Reason:

Sort:

Re:Trojans still work by JustOK · 2009-10-23 02:03 · Score: 0, Offtopic

am or pm? Plus, that sounds like you still use TV for news. How...quaint. We heard that people used to do that. And, I'm not on your lawn.

--
rewriting history since 2109
Re:surprise by Crudely_Indecent · 2009-10-23 02:27 · Score: 0, Offtopic

So, if I'm paranoid enough to use whole disk encryption, why am I not paranoid enough to log out of my session when I'm away or have a screen saver password?

--

"Lame" - Galaxar
Re:Just another good reason... by poofmeisterp · 2009-10-23 03:28 · Score: 0, Offtopic

Just another good reason to take your bootloader with you on a thumb drive or other type of removeable media.
Someone mod this up.
Re:Trojans still work by poofmeisterp · 2009-10-23 03:30 · Score: 0, Offtopic

H1N1 will end the world. The TV said so, and the news doesn't lie!!!
</sarcasm>