On Sat, Aug 08, 2009 at 03:26:14PM +0200, Heinz Diehl wrote: > Hi, > > did just read this article on a vulnerability of the Windows programm > "Truecrypt": > > http://www.h-online.com/security/Bootkit-bypasses-hard-disk-encryption--/news/113884 > > It doesn't affect me, since I'm not using Windows at all, but would such > also be possible on a LUKS/dmcrypt encrypted Linux machine? E.g. GRUB in > the MBR, /boot unencrypted, the rest encrypted and decrypting via > a specially crafted initrd which ask for the passphrase at bootup time? > > Could also somebody steal my encrypted Laptop, install such a programm into the > MBR, boot the machine and read my data (when the Laptop is not powered on)? No, and they cannot do that on windows either. What they do is to install this and then have you open the crypto container. Then they can read. It is more sophisticated than a keyboard sniffer reading your password, but not that different. But on windows, it hides well. On Linux, the attack would possibly involve changing the kernel. You would still have to open the crypto-container once after the modification. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
