Do you mean, snag the clear-text version of the user's files? If the user has 500GB of data on their laptop, that could take a while to exfiltrate.
Suppose you are Chinese/US/whatever intelligence. You wish to get the contents of the laptop belonging to a visiting business leader/dignitary/etc. The laptop is protected with Bitlocker or some other FDE technology. If you can trick them into installing this software, then exfiltrate the key, then you can break into the guy's/gal's hotel room, clone the disk, and decrypt it at your leisure. The other alternative, of exfiltrating all the data whilst the laptop is online, might be tedious, not be complete by the time the person leaves, and probably more prone to be uncovered. Cheers Ken -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Sunday, 23 December 2012 12:17 PM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? On Fri, Dec 21, 2012 at 7:20 PM, Ken Schaefer <[email protected]> wrote: > Another option would be to trick the user into installing this > software, or trick the user into somehow giving away access to the > machine (aka these APTs we keep hearing about) and layering this on > top. But if you can do that, why bother with trying to attack the encryption? Just wait for the user to use it, and snag the cleartext version. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
