«

blackhat wrote:

>>>>Unless they also had the keys to that encryption, typically a pass
>>>>phrase, which is where a device that captures pass phrases just might
>>>>come in handy. Don'tcha think?
>
> No, if you use the proper encryption program it will take the password
> before the boot and windows loading in, any key logger won't be in
> operation yet... don't cha think? Missed that one did you, lol

Uh, dumbass.... hardware keyloggers don't give a flying **** about
Windows, booting, or what's in or not in "operation" except MAYBE for a
power supply.

And you talk about someone else "missing something"?

<chuckle>

Whata moron!

>>>fair bet they would install a logging device that would capture the keys
>>>to unlock the stolen data with what can only be called "ease".
>
>> They can't install a key logger on an encrypted disk
>
>>>>Did you fail to see the word "device", are you too illiterate to
>>>>comprehend its meaning, or are you just too damned dishonest to admit
>>>>that someone with access to a piece of hardware housing an encrypted
>>>>disk would logically use such a device to circumvent that encryption?
>
> It's usually a fool or a real dishonest troll that starts calling names,

Maybe, but not this time. You're an idiot. An incompetent dimbulb spewing
useless advice when you haven't a single clue, and you just got through
demonstrating that fact with your special brand of practiced deftness for
about the 186,901,271st time.

Even neophytes with a moderate interest in security quickly grasp
basic concepts like software being essentially defenseless against an
attacker with access to the hardware it's running on, but here YOU are
defending the ridiculously indefensible not once, but 3 or 4 times now.
Just like some retarded record player skipping on "I'm a fukwit!".

> anyway as I mentioned there are very capable encryption programs out there
> that can provide protection against loggers and other concerns, but only
> if the logger isn't already on the machine. If it is, it has to be
> detected and removed before any encryption.
>
>>>>Seriously. I'm genuinely curious. You going with blind, dumb, or just
>>>>flat out lying here?
>
> Neither, but I think you are, have a nice day!

I am, believe me. Every time I get the chance to grind one of you addle
minded trolls under my heel it's a dandy day indeed.

Now make it complete by coming back with some more of your head shaking
stupidity. Or better yet, dive head long into some more of your one-line,
third rate attempts at insulting someone. You know it's all you have left,
so dance for me some more...... sockpuppet.

blackhat wrote:
<SNIP>
>
> They can't install a key logger on an encrypted disk
>
I would not bet on this. A number of hardware keyloggers exist. There
are also key hardware keyloggers that can be set inside of laptops.
Desktops are no issue to bug. Some devices exist that just plug into
the keyboard wire, that do not require pc disassemble (desktop). These
can be place on a system in under 10 seconds and in my exp "never"
noticed. Some devices exist where you do not even need to touch the
device, once in place, just get in close proximity to the device to
collect data. The proximity devices are powered by the PC in question
and are extremely difficult to detect even if one happens to actually
open the pc in question and see the device.

There are methods to get software keyloggers on encrypted disk system.
This requires getting code to run on the local device. Multiple methods
exist to accomplish this usually by sending e-mail that compromises user
client or compromising user web communications. Some compromises exist
that exploit the nic card and enter system below the tcp/ip layer
(though direct access to victim network required) Most AV software does
not even flinch at unique code designed to exploit. Code exists that
can compromise both winx and linux systems. Most linux users don't even
run any AV products, they think they are safe. Typically this does
require footprinting the system you wish to monitor activities on, and
typically you retrieve more than just keystrokes.

To offer even more food for thought, the patriot act defines hacking
activities as terrorist activity. In a nutshell, this means a warrant
is not even required for certain peek activities.

Winged

Borked Pseudo Mailed <> wrote in
news: d.net:

....snip...
>> related structures as well as user data). It cannot, of course,
>> protect against compromises in hardware (e.g., hardware keyloggers,
>> compromised BIOS, etc.)
>
> Of course. And in the scenario at hand physical compromise /is/ the
> problem. The OP didn't even really ask about protecting data, except
> as a side effect of recognizing potential physical threat. Encryption
> of any type is essentially useless in that poster's scenario.


It is somewhat harder to physically compromise a laptop than a desktop
computer, particularly if the laptop has some tamper-indicating stickers,
etc. to deter opening the case. This should suffice for light- to medium-
duty security; it is, of course, grossly deficient as protection from
serious adversaries. Full, or at least partial, HD encryption would be a
prudent adjunct to such a strategy.


> The only exception I might see is OTFE with some sort of "smart card"
> or ephemeral authentication. I could ALMOST go along with a solution
> where an authentication stream couldn't be duplicated. Not just a
> "keys on thumb drive" scenario because they too can be "logged".

What is wanted is a challenge-response dialogue between the computer and
hardware token (e.g., USB drive) that is different each time before the key
is transmitted. Surprisingly, many so-called security devices fail to
authenticate themselves to the computer and vice-versa. (For instance, many
biometric devices, such as fingerprint readers, suffer from such defects.
It makes circumventing the protection trivial.)

Regards,

PS Because ultimately the key must be stored in memory, any computer
where there has not been continuous physical security or which has not been
revalidated as "known-good" both in hardware and software, is, at least in
principle, vulnerable to having the in-memory key sniffed and leaked.

"blackhat" <> wrote in
news: oups.com:

>>>>Unless they also had the keys to that encryption, typically a pass
>>>>phrase, which is where a device that captures pass phrases just
>>>>might come in handy. Don'tcha think?
>
> No, if you use the proper encryption program it will take the password
> before the boot and windows loading in, any key logger won't be in
> operation yet... don't cha think? Missed that one did you, lol


While off-the-shelf software keyloggers are not available to sniff an OTFE
password at bootup, it is, at least in principle, possible to patch the
unencrypted MBR and "stub" of the OTFE program (or even the BIOS!) to
capture the password while letting the encrypted HD boot. Continuous
physical security obviates this danger; another somewhat less satisfactory
alternative is to "verify and validate" the MBR/stub/BIOS(s) from known-
good media (e.g., a bootable CD) before letting the machine boot from the
HD.

Regards,

blackhat wrote:

>>>>Unless they also had the keys to that encryption, typically a pass
>>>>phrase, which is where a device that captures pass phrases just might
>>>>come in handy. Don'tcha think?
>
> No, if you use the proper encryption program it will take the password
> before the boot and windows loading in, any key logger won't be in
> operation yet... don't cha think? Missed that one did you, lol

Uh, dumbass.... hardware keyloggers don't give a flying **** about
Windows, booting, or what's in or not in "operation" except MAYBE for a
power supply.

And you talk about someone else "missing something"?

<chuckle>

Whata moron!

>>>fair bet they would install a logging device that would capture the keys
>>>to unlock the stolen data with what can only be called "ease".
>
>> They can't install a key logger on an encrypted disk
>
>>>>Did you fail to see the word "device", are you too illiterate to
>>>>comprehend its meaning, or are you just too damned dishonest to admit
>>>>that someone with access to a piece of hardware housing an encrypted
>>>>disk would logically use such a device to circumvent that encryption?
>
> It's usually a fool or a real dishonest troll that starts calling names,

Maybe, but not this time. You're an idiot. An incompetent dimbulb spewing
useless advice when you haven't a single clue, and you just got through
demonstrating that fact with your special brand of practiced deftness for
about the 186,901,271st time.

Even neophytes with a moderate interest in security quickly grasp
basic concepts like software being essentially defenseless against an
attacker with access to the hardware it's running on, but here YOU are
defending the ridiculously indefensible not once, but 3 or 4 times now.
Just like some retarded record player skipping on "I'm a fukwit!".

> anyway as I mentioned there are very capable encryption programs out there
> that can provide protection against loggers and other concerns, but only
> if the logger isn't already on the machine. If it is, it has to be
> detected and removed before any encryption.
>
>>>>Seriously. I'm genuinely curious. You going with blind, dumb, or just
>>>>flat out lying here?
>
> Neither, but I think you are, have a nice day!

I am, believe me. Every time I get the chance to grind one of you addle
minded trolls under my heel it's a dandy day indeed.

Now make it complete by coming back with some more of your head shaking
stupidity. Or better yet, dive head long into some more of your one-line,
third rate attempts at insulting someone. You know it's all you have left,
so dance for me some more...... sockpuppet.

on 1/25/2006 4:49 AM Winged said the following:
> blackhat wrote:
> <SNIP>
>
>>
>> They can't install a key logger on an encrypted disk
>>
> I would not bet on this. A number of hardware keyloggers exist. There
> are also key hardware keyloggers that can be set inside of laptops.
> Desktops are no issue to bug. Some devices exist that just plug into
> the keyboard wire, that do not require pc disassemble (desktop). These
> can be place on a system in under 10 seconds and in my exp "never"
> noticed. Some devices exist where you do not even need to touch the
> device, once in place, just get in close proximity to the device to
> collect data. The proximity devices are powered by the PC in question
> and are extremely difficult to detect even if one happens to actually
> open the pc in question and see the device.

Well, I don't see why it matters whether the keylogger is hardware or
software. What matters is where the logged info is stored pending
retrieval.

I assume that the for a hardware device the logged info is kept in the
device's flash memory? If it needs to be saved to the HD, then it gets
encrypted with everything else.

Of course, if you have a remote retreival (any type of wireless will do)
then all you have to do is wait for the user to unlock the door for you.
As long as the OS treats the drive transparently when logged in . . ..

JH

John Hyde wrote:
> on 1/25/2006 4:49 AM Winged said the following:
>
>> blackhat wrote:
>> <SNIP>
>>
>>>
>>> They can't install a key logger on an encrypted disk
>>>
>> I would not bet on this. A number of hardware keyloggers exist.
>> There are also key hardware keyloggers that can be set inside of
>> laptops. Desktops are no issue to bug. Some devices exist that just
>> plug into the keyboard wire, that do not require pc disassemble
>> (desktop). These can be place on a system in under 10 seconds and in
>> my exp "never" noticed. Some devices exist where you do not even need
>> to touch the device, once in place, just get in close proximity to the
>> device to collect data. The proximity devices are powered by the PC
>> in question and are extremely difficult to detect even if one happens
>> to actually open the pc in question and see the device.
>
>
> Well, I don't see why it matters whether the keylogger is hardware or
> software. What matters is where the logged info is stored pending
> retrieval.
>
> I assume that the for a hardware device the logged info is kept in the
> device's flash memory? If it needs to be saved to the HD, then it gets
> encrypted with everything else.
>
> Of course, if you have a remote retreival (any type of wireless will do)
> then all you have to do is wait for the user to unlock the door for you.
> As long as the OS treats the drive transparently when logged in . . ..
>
> JH
Disk encryption password prompts typically come up before software
keyloggers are effective. Once you have the disk encryption password,
everything on the device is typically open.

Hardware has some advantages over software and software loggers have
different advantages over hardware. Depends what is needed.

Winged

>Uh, dumbass.... hardware keyloggers don't give a flying **** about
>Windows, booting, or what's in or not in "operation" except MAYBE for a
>power supply.

We weren't talking about a hardware keylogger fool, but if that's how
simple you see things, open your eyes and have a look in and around
your computer and see what you find, it seems every time you post
something you miss the real point, you're a waste of time, just open
your eyes unless your blind as a bat!

John Hyde wrote:

> Well, I don't see why it matters whether the keylogger is hardware or
> software. What matters is where the logged info is stored pending
> retrieval.

As you guessed, with a hardware device it's typically stored in the device
itself. The operating system, hard drive, and essentially anything at all
that has to do with the "target" is purposefully isolated from any direct
activity because that would be contrary the reasons for using a separate
piece of hardware in the first place.

blackhat wrote:

>>Uh, dumbass.... hardware keyloggers don't give a flying **** about
>>Windows, booting, or what's in or not in "operation" except MAYBE for a
>>power supply.
>
> We weren't talking about a hardware keylogger

<snip juvenile imbecility>

Sure we were. That's what "devices" are. And as nemo pointed out in some
cases it wouldn't even matter. It certainly IS possible for a software or
"firmware" key logger to defeat whole disk OTFE. Physical security is by
far the most logical and trusted defense against the attack the OP
described. OTFE may enhance that, but without physical security it's
potentially useless. Worse than useless in fact, if you consider "false
sense".

Someone at your "skill" level, for instance, might think that because
their data is encrypted they're safe from the sort of attack the OP
described. In fact you've pretty plainly stated you believe you would be.
Trusting that incorrect assertion might lead them to be rather lax when it
comes to house cleaning and simply not storing unnecessary sensitive data
on a physically insecure machine. Consequently, if they are compromised
they're far more likely to loose more data, of a more sensitive nature.

That is exactly the sort of thing your misinformed arguments are
advocating and enabling. Not just this go-round either, most of the
"advice" you spew is counter productive, and sometimes flatly dangerous.
Truth is I can't seem to remember you ever getting anything right, but
that might just be a side effect of you being so wrong, so often.

People have tried to explain your folly to you using every tact from
polite to prick and back, but you just can't see to wrap that tiny
little brain of yours around the fact that you're NOT the sort of person
that should be dishing out advice about how to keep data and personal
information safe. You're either too immature or too dense to learn that
lesson.

So... you just go on with your funny self and keep screeching about how
you're right, and everyone who knows anything at all about something is
wrong. It's now become amusing as hell, and gives us something to play
with until a real challenge comes along.