Does checkpoint with that option overwrite the nt boot loader the way PGP and truecrypt does?
On 7/7/09, Dr Adapter <[email protected]> wrote: > Hello > > It appears that this works against Checkpoint FDE with WIL (windows > integrated logon) enabled. I was hoping that the Pre-boot process of > Checkpoint FDE would have wiped out whatever kon-boot was doing in memory > but it appears that it doesn't and allows the kernel patch to go ahead. > Using the pre-boot authentication mode does prevent it if you don't have an > account to access the decryption keys. > > I agree with Mick that this makes an amazing demo...especially when people > make the trade off between usability and security. > > D > > > >> >> >> ---------- Forwarded message ---------- >> From: Michael Douglas <[email protected]> >> To: PaulDotCom Security Weekly Mailing List < >> [email protected]> >> Date: Tue, 07 Jul 2009 09:17:21 -0400 >> Subject: Re: [Pauldotcom] Kon-Boot on a USB >> KON can't do it all, and hard disk crypto seems to be the one thing >> that stops this fun little tool cold. I think from a white hat >> perspective, it makes for an amazing demo of why FDE is needed. >> >> >> > I'll be at DEFCON tho! :D >> > not that anyone cares ;) >> >> BS! we care! :-) be sure to look us up! >> - Mick >> >> >> On Mon, Jul 6, 2009 at 11:44 PM, John Navarro<[email protected]> wrote: >> > That was one of the reasons I wanted to test Kon-boot, however I >> > couldn't >> > take it too far since I was testing it on a work laptop to see if I >> > could >> > defeat the partial disk encryption (with permission of course!). Of >> course I >> > could dump everything from linux anyways, but still couldn't gain access >> to >> > the one encrypted drive :( >> > >> > I'll be at DEFCON tho! :D >> > not that anyone cares ;) >> > >> > On Mon, Jul 6, 2009 at 7:13 PM, Robin Wood <[email protected]> wrote: >> >> >> >> 2009/7/7 Adrian Crenshaw <[email protected]>: >> >> > Ok, tested a few things on my Vista 32 box: >> >> >> >> > 1.Can't access network resources(prompted for password), but that's >> >> > expected. >> >> > 2. I Can dump the real password hashes. >> >> > 3. EFS is not bypassed. >> >> > 4. Could change my password, but had to use MMC because the default >> user >> >> > accounts interface was confused. >> >> > 5. Rebooted into normal mode, logged in with new password but still >> >> > could >> >> > not get to the EFS files. >> >> > 6. Change password back, logged in/out and then could get to my EFS >> >> > file. >> >> >> >> That would be because the EFS couldn't be decrypted when you first >> >> logged in so changing the password on it wasn't possible. >> >> >> >> Robin >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> [email protected] >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: http://pauldotcom.com >> > >> > >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> > >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> > -- Sent from my mobile device _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
