Well I can tell you that it will work again active directory accounts HOWEVER when you read the documentation and in your testing what you'll find is that since the credentials entered do not match the active directory network credentials you don't have access to network resources. It would seem to me that what this does is that it will patch the system in memory in order to tell the local system service (or winlogon) that your username did match what was in the LSASS process (or something to that).
Now what I was trying to prove was that it will work when WIL (windows integrated login; meaning no actual password prompt in the FDE/WDE in pointsec is required). now secondly and more interestingly I tested this on an encrypted debian system by entering the decryption password (which is different than root) and it worked! (kon-usr was able to login!). So basically COLD-BOOT attack against LUKS + Kon-Boot on ubuntu/debian will work.... scary. M On Jul 8, 2009, at 10:27 PM, PJ Velasco wrote: > I use PGP Desktop 9.10 full disk encryption on a Windows XP SP3 laptop > and it did not work because I got the PGP prompt to unlock the disk > after the initial KonBoot splash screen. I entered my PGP password to > continue the boot process, but I had to enter my actual Windows > credentials at the Windows login screen to successfully log in, so no > go even if someone knows the PGP password. I also have an Ubuntu 9.10 > laptop running disk encryption and the result was just like the PGP > result. I successfully got it to work on a Debian system (VMware > guest), but not my Fedora Core system (again VMWare guest). Very > sweet tool. I showed all the guys at work and they loved it. > Tomorrow we are going to see if it will work with an Active Directory > account. I have only tested with local accounts. > > On Wed, Jul 8, 2009 at 9:16 PM, mOses<[email protected]> > wrote: >> Just wanted to put my 2 cents on testing for everyone on the list >> interested. >> >> Kon-Boot on a Windows XP SP3 box w/ TrueCrypt WDE (FDE) did not work. >> Gave me an error about the BIOS being to big and that it wanted me to >> change the motherboard(?) >> >> Kon-Boot on a Windows Vista Business running PointSec for PC (server/ >> client edition) with Windows Integrated Login (which I don't enjoy >> having) did not work either. Dies right before the OS loads. >> >> Irongeek USB Boot did not work at all on that box it hung at a place >> before that (loading the Pointsec system). >> >> Anyone else try with Bitlocker or another type of FDE/WDE like PGP >> enterprise? >> >> I think the author can fix these issues or if he opens the source >> someone else may do it, although it was all written in TASM32 so >> probably only those who remember what TSR programs were can do it :) >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
