Gilles Gravier's rants about things in general... security, open source, privacy, java, music... in particular.
Evil maids attacking? Nothing new. Really!
So, I've been reading Bruce Schneier's blog on the Evil Maid Attack. He's falling to one of the behaviors he usually criticizes. Just a new holywood industry plot for something not really new, not really changing the world.
The thing is... The assumption is that thee attacker has access to your laptop.
Which has always been an issue. Inserting a keylogger into your
hardware (keyboard cable on a desktop, or a bit more subtle on a
laptop, but nothing beyond the capabilities of your typical spooks) and
you get the same access to all keystrokes, including those for the
passwords to the encrypted disks, firefox datastores, and pretty much
anything else.
So appart from having a fancy name... nothing new.
It's like Java... If you let an attacker change your bytecode loader /
verifyer... yeah, they break your system. But then again... it's not
really running java anymore at this point.
Same here... if you let an attacker change the behavior of your machine
(hardware or software) then you're not really running your machine
anymore at this point either.
Sure, multi-factor authentication is the solution. But "Evil Maid Attack" is just a fancy name for something not really new.
Posted at 06:37PM Oct 23, 2009 by gravax in Security | Comments[0]
Today's Page Hits: 53