Thursday, July 30, 2009

TrueCrypt Hacked at Blackhat Conference

If you’ve been following the news today, some 18 year old genius has supposedly hacked TrueCrypt.  After reading how has hack works, I’m not all that concerned.   The attack runs as a shim between the OS and the TrueCrypt interrupt request.  To get that installed on a box you need either physical access or admin rights on the machine…both of these are needed while the machine is running.’use me… but if you give someone admin rights or physical access to your PC while it’s running THEY OWN YOUR BOX ANYHOW!!!!!  Come on guys this isn’t an attack!?!?  It’s somewhat concerning that this code is out there but it seems to me that simple precautions like antivirus, malware protection, XP’s firewall, etc..  all severely limit how effective this attack would be in the real world.

On to some real news….did you see that the project manager for  CentOS is MIA?  That concerns me more then this hack…

1 comment:

Cullen said...

Generally, the user running the machine grants themselves admin rights. Convincing a user to run "one-million-dollars-free.exe" is not terribly difficult.