> Don't want to bring anyone down regarding TrueCrypt's security
> for whole disk encryption, but I just heard that security
> consultant, Peter Kleissner, in Switzerland has just completely
> cracked TrueCrypt (and other disk level encryption) security by
> revealing a new virus/malware variation called 'BootKit' (no,
> not RootKit - Bootkit) technology that is to be revealed at
> this year's BlackHat conference (or maybe it was DefCon - I
> can't remember).

...

2007 BlackHat covered boot-kit attacks on Vista:
http://www.h-online.com/security/From-root-kit-to-boot-kit-Vista-s-code-signing-compromised--/news/87709

I presume the recent story is showing other applications of
that attack method.

Now Windows is discouraging administrator access for normal
users the attacks are going back to basics. For several years
the main concern has been about attacks via email and websites,
now BootKit is returning to the old faithful of getting access
when the user boots the system and leaves a disk/disc in the
drive.

All this really tells us is what we should already already
know:

Give an attacker physical access to the machine and all bets
are off. Encryption may be able to protect you from losing
data if the attacker steals the drive (or whatever), but if
they install monitoring software or equipment (and you do not
notice) you may lose everything at a later time.

Something like BootKit may be clever but there can be much
simpler ways to compromise a system once you have physical
access. Full operating system boot partition encryption can
offer some help - but you still have to be aware of possible
fake interfaces that can fool you into giving away the keys.

Encryption has to be just part of a larger security system to
be effective.

--
Geoff Worboys
Telesis Computing