World’s Most Used Encryption Technologies, Cracked in No Time with $299 Forensics Too

Discussion in 'other security issues & news' started by TheKid7, Dec 21, 2012.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    World’s Most Used Encryption Technologies, Cracked in No Time with $299 Forensics Tool:
    http://www.hotforsecurity.com/blog/...-in-no-time-with-299-forensics-tool-4901.html
     
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is not about cracking encryption, this is about extracting passwords from memory dumps. Nothing new, really.
     
  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Yeah, you get a hold of the system physically and all bets are off. The media really needs to be a bit more careful about writing their headlines. I really don't understand why they portray so much of this stuff as "breaking" or "new", unless they just don't know enough about these matters, in which case they probably should stick to writing and reporting on more familiar topics.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    The whole article is talking about flaws in encryption for protecting your PC against people that have physical access (HDD encryption) like stolen laptops, so I'm not sure how your comment makes any sense at all. o_O
     
  5. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    The title makes it look like some guy just cracked Truecrypt and its kind, some new, complicated attack that "OMG!!..My encryption is useless now!" would scare the crap out of people who have a habit of jumping on the paranoia bandwagon and not reading s**t properly. When, in fact it's quite the opposite. This stuff hasn't been cracked whatsoever, it uses physical control over a system to do what's been able to be done for years, which is retrieve things from system memory, dump and log files. My comment therefore, and I'll say it again is this, if an attacker has physical control of a system, it's pretty much game over, especially if the system is running at the time. A few fellows from Anonymous can tell you all about that, seeing as that's exactly how they got busted. Does it make sense now? I promise you, I'm not that dumb. :rolleyes:
     
    Last edited: Dec 22, 2012
  6. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    No, the article is talking about extracting keys from 'live' or hibernated systems that the investigator has physical access to.

    Maybe, if you posted less frequently, you would have had the time to read the
    TrueCrypt manual and the steps it prescribes to eliminate this issue and you would immediately have recognized what a fraud that program is !
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Hahahahaha kind of misleading title, when i first read it i really though they could crack the encryption techniques but it was nothing close to that. :D :ninja:
     
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    I believe there is "sleep" which doesn't use hiberfil.sys, "hibernate" which does use it, and then "hybrid sleep" which also uses it. Searching for those three terms will shed more light on related settings and behaviors.

    Minor note while I'm at it for anyone who might not know this... they make computer seizure devices for law enforcement which simplify the task of hot switching a machine running off mains power to running off portable battery power so that a machine can be removed and transported to a lab for analysis without actually interrupting the power it needs. It is surely possible for criminals to get their hands on such devices or simply build their own. It might be unlikely that a criminal will break into your home or business and have one of these. However, be aware of that possibility which would apply even to a non-UPS-driven desktop.
     
Loading...
Thread Status:
Not open for further replies.