* Posts by Justin

2 publicly visible posts • joined 9 Aug 2007

Bitlocker hack is easily prevented, Microsoft says

Justin

Maybe I misunderstand how bitlocker/the hack works, but.....

"According to Humphries, the hack is easily prevented. Users can configure BitLocker to prevent a PC from booting, or resuming from hibernation without confirmation of a password or a second key contained on a USB stick."

I'm confused, isn't bitlocker a software solution? Therefore it requires booting off the HDD internal to the laptop that contains the bitlocker boot-time software.

My understanding of the hack was that you plug a USB drive into the laptop, then reboot the laptop and have it boot off the USB drive.

If this is the case, the bitlocker software would never be executed, as the old boot drive that contains the software is not booted off of, thus bitlocker would never start and wouldn't be able to prevent the laptop from booting.

Or do I misunderstand how bitlocker or the hack works?

Websites could be required to retain visitor info

Justin

RE: "Stored" up for debate

James wrote:

nor is it "a medium from which it can be retrieved and examined"

It can be retrieved and examined.

While it is not something I do regularly, I have had occasion as a sysadmin to load up a debbuger and read from active memory, modifying Solaris kernel parameters on the fly for performance tuning.

If memory was not "a medium from which it can be retrieved and examined" then I would not have been able to read the current in-memory kernel settings and modify them.

I guess a way around this issue that TorrentSpy (or anyone else) has would be to setup an anonymous SSL proxy server that removes any header information from the request (referrer, browser info etc, I have done this before with corporate proxy servers) owned by a separate corporate identity. Therefore any court orders to supply data would only include the proxy servers address as the originator. I guess the court could always issue a separate court order to the company owning the proxy server, but then you could always locate the proxy in a third country. And this is the reason for using SSL, as if the proxy was in the US for example, all the court order would get are the addresses, not the content of the data, or of the server was in the US, then they'd just get the data and not the originator.

The proxy server (hell, the routers/gateways too) would also have to add small random latencies to traffic to make traffic analysis attacks harder.