HackersOnBoard asked:
Daniel Selifonov August 1st–4th, 2013 Rio Hotel & Casino • Las Vegas, Nevada.
Advertisement
Share →
Looking for something?
Use the form below to search the site:
Still not finding what you're looking for? Drop us a note so we can take care of it!
Visit our friends!
A few highly recommended friends...
Archives
All entries, chronologically...
Set your Twitter account name in your settings to use the TwitterBar Section.
Sadly, I do not know how to apply most of what he spoke of onto my own
system.
For the future, though, I want to learn.
I already had to bypass IBM BIOS’ password and fail for the first time due
to an EPROM called ‘security chips’. That’s why i’m using Lenovo at the
moment. I also use RAM and HDD encryption running Linux on AES Capable CPU.
I guess anyone to decrypt my laptop… well except attacking me with a gun,
it’s almost impossible!
45 mins and not once did he mention a gun to the head is the best way to
break encryption of all kinds.
There is a practical matter. If an attacker is sufficiently powerful,
there are no steps that you can take to secure your data. It is more
practical to secure a device physically than to expect the encryption to
overcome a physically insecure system. Because, even if you do everything
this guy wants you to do, whoever broke into your computer might simply
have replaced the CPU. They’ve got a special one that acts just like a
normal one, except that it saves the contents of the debug registers so
that they can have your key. Let’s face it. If your adversary is that
powerful, you are already sunk. If you can’t trust that your RAM is
secure, if you think it is being imaged, then you might as well not even
try. It is easier to watch you type in your password when you think no one
is watching than to pull something like that off.
What about hw hd encryption, like the samsung 840 pro ssd series? This
video might have covered that, but I’m not proficient enough to understand
if it did.
His google glass might make him look a bit douchey, but my god hes hawt.
When you have your disk in a strongbox you still need encryption for when
the feds get it out :p
is he related to mootles
he looks like a relative
Turned it off after he stated physical security was the responsibility of
the encryption program, and not the user.
It’s incredible how wearing a pair of Google glass can make you look like a
douchebag.
Yes you could encrypt memory and combine that with address space layout
randomization, but the weakest link in all security will always be humans.
Also it would eat up system resources, and finally wouldn’t fix the more
common hacks like sql injection etc.
Turned it off after he stated physical security was the responsibility of
the encryption program, and not the user.
Pushing TPM??? FEDFEDFED!!!!!!!
I really wonder if Truecrypt has a backdoor built in…I think it does, but
that is just my opinion. Others are working on taking it all apart after
cash was donated to researchers to support the project. They have gone
very quiet lately.
In the UK if the police technical staff are unable to decrypt files/hard
drives, they send them off to GCHQ – who will decrypt the files/drives and
return them. That’s why I suspect it’s another case of “RSA”! Even
BeCrypt has a backdoor, a generator program takes a challenge code and
gives you another one to bypass the original password and reset it. That’s
definitely one to avoid.
Warto obejrzeć, dlaczego szyfrowanie dysku hasłem jest niewystarczającym
zabezpieczeniem.
what is with the all the pinks in the power point. My eyes HURT.
I didn’t even noticed these were Goggle glasses until I had a look at the
comment section, but I find it a bit weird that someone that promotes full
disk encrytpion would wear these, just by principle 😉 Regardless this got
to be one of the best Defcon talks ever
Cool Idea to use GGlasses for notes or similar stuff