Archive for November, 2009

Evil Maid, another nefarious trojan attack..

November 17, 2009 2 comments

Last month Joanna Rutkowska posted a very interesting article showing a practical “Evil Maid” attack against the open-source TrueCrypt FDE product.  The attack is reasonably simple, subvert the pre-boot authentication engine of the full-disk encryption product in question to add a password-sniffing routine, then wait for the unsuspecting user to authenticate to their machine and then retrieve the credentials at a later stage.

Evil Maid is simply hooking the pre-boot code of TrueCrypt and adding a routine to store the users password. Because the TrueCrypt code is quite simple, it’s a relatively easy thing to do, but the attack is theoretically valid regardless of this fact, just the effort to make the hook code increases with the sophistication of the pre-boot environment. Read more…


“Are Youse guys responsible for bleeding Anti Virus 2010?”

November 16, 2009 Leave a comment

For those who know me, know I am a great lover of Google Voice – if you don’t know the service I advise you check it out, it has amazing features like call announcement and voice mail transcription. I use it to keep the marketeers away.

But tonight, I got a very interesting call from a nice guy called Andy from Queens, NYC, who in a traditional movie star accent which I can’t do justice to asked me “Are youse  guys  responsible for Anti Virus 2010?” Read more…

European Data Protection Law a possibility?

November 16, 2009 Leave a comment

The Register recently reported that the European Commission is considering passing EU-wide laws on data breach notification, along the lines of those in place in the USA already. Viviane Reding, the Information Security Commissioner said

The Telecoms Reform has put the issue of mandatory notification of personal data breaches firmly on the European Policy agenda.

The committee formed from Europe’s national data protection watchdogs (The Article 29 Working Party) has apparently also backed the idea. Read more…

Mwa Ha Ha! Crack your 10 char password for under $3,000

November 3, 2009 Leave a comment

A recent article from  David Campbell also published on The Register reminded us that there’s a lot of computing power available for rent at the moment. Using a pretty standard brute force password cracker as a benchmark, and Amazon’s EC2 computing platform cost of $.30 per hour, he came up with some surprising, but perhaps unexpectedly low figures for how much money it takes to crack various strength passwords. Read more…

McAfee launches new Community Portal…

November 3, 2009 Leave a comment

This week on the 4th November McAfee will go live with the new community forum ( . Designed to give customers a voice to discuss McAfee products, and to interact with each other and informal advisers within McAfee, the forum has grown to be quite dynamic over time. So much so that it was recently moved onto the excellent Jive platform, giving a lot more capacity and a greater feature set. The community does not replace the official support processes, but it’s a great way to discuss ideas and problems with your peers.

I’m the moderator for the Data Protection communities at the moment, so, if it’s of interest to you I’d love to see you on there – sign up is free for all. Launch date is the 4th November.