Archive

Posts Tagged ‘FDE’

Improving Security On Solid State Drives

March 9, 2011 7 comments

This post originally placed on my McAfee Blog – http://blogs.mcafee.com/corporate/cto/improving-security-on-solid-state-drives

Well, One week into the Intel/McAfee relationship and I am pleased to say it’s already bearing fruit. Over the last few days I’ve been reaching out to all my Intel peers, making the connections with people which were simply impossible while the deal was going through all the evaluations.

I had an interesting discussion with Knut Grimsrud in the Intel storage division today about “clever” things we can do to improve performance and security on the Intel SSD hard disks. Read more…

Advertisements

Evil Maid, another nefarious trojan attack..

November 17, 2009 2 comments

Last month Joanna Rutkowska posted a very interesting article showing a practical “Evil Maid” attack against the open-source TrueCrypt FDE product.  The attack is reasonably simple, subvert the pre-boot authentication engine of the full-disk encryption product in question to add a password-sniffing routine, then wait for the unsuspecting user to authenticate to their machine and then retrieve the credentials at a later stage.

Evil Maid is simply hooking the pre-boot code of TrueCrypt and adding a routine to store the users password. Because the TrueCrypt code is quite simple, it’s a relatively easy thing to do, but the attack is theoretically valid regardless of this fact, just the effort to make the hook code increases with the sophistication of the pre-boot environment. Read more…

Is Encryption enough? Why just encrypting data doesn’t solve today’s information security concerns.

September 3, 2009 7 comments

“But if it’s encrypted, why do I need to login?” the customer across the desk asks me with incredulity.

I realise that I’m about to get into a discussion which boarders on theological and raises passion in both security and business leaders alike. A discussion that I’ve had many times over the last two years, and will have many more times in the near future.

“Because, without authentication, there’s no point to encryption”. I reply, knowing full well that this isn’t an answer that’s wanted, or understood.

With a stifled sigh I start to explain.. Read more…