physical security
DefCon 16, Day 1
Having finished up with the BlackHat briefings, it was time to go on to DefCon. While many of the speakers from BlackHat stay on for DefCon, there’s also a lot of DefCon-only presentations, usually with a more attack-oriented focus (in keeping with DefCon’s nature as a hacker convention rather than a security conference like BlackHat.)
The [...]
Whole-Disk Encryption Cracked
Early this week, some researchers at Princeton University’s Center for Information Technology Policy released a fascinating video of whole-disk encryption being cracked quite quickly and easily.
Whole-disk encryption products — such as PGP Whole Disk Encryption, TrueCrypt System Encryption, and Windows Vista’s BitLocker — work by encrypting the entire hard disk with a symmetric key, save [...]
Semi-Electronic Bank Robbery
The AP has a story about an electronic bank robbery foiled when a bank employee pulled the plug on the robbers’ network connection. Apparently the robbers had gained physical access to the employee’s workstation at some point, and installed “advanced technical equipment” underneath the desk to remotely control the computer.
I would guess that the “advanced [...]
Social Engineering For Hire
There’s an article in PC Magazine about a company called TraceSecurity that performs audits of physical security via social engineering. Essentially, companies hire them to steal data, and they do so by simply talking their way into the facility and getting unrestricted physical access to the servers.
If a skilled attacker has unrestricted physical access to [...]
Steal Cars Electronically
At Crypty 2007 in August, Eli Beeham, et. al. presented a paper called “How to Steal Cars,” describing how they have bypassed the KeyLoq remote keyless entry system — the system used in the majority of the remote keyless entry key fobs. These systems are supposed to be secure — they use a 32-bit [...]
