[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1401445344.1739.123231649.70E47866@webmail.messagingengine.com>
Date: Fri, 30 May 2014 20:22:24 +1000
From: Alfie John <alfiej@...tmail.fm>
To: fulldisclosure@...lists.org
Subject: Re: [FD] TrueCrypt?
On Fri, May 30, 2014, at 08:02 AM, Justin Bull wrote:
> Closed source and Microsoft is notoriously known to play ball with LEO
> and government. It's an ill-fitting shoe.
The fact that I can go to the Google Play Store on my desktop, click
install on an app, then a couple of minutes later pick up my phone to
see it automagically installed should demonstrate why encryption is
*useless* on a modern operating system. As these days auto-update and
push events are the norm, encryption is a mute point if malware can be
installed on a target machine to record your keys without any effort.
Taken this further, if you are a target activist/journalist/sysadmin
using "modern hardware", you're pretty much pwned.
How much work would it take to go back an do an binary audit of Windows
XP? Since it's closed source, we could at least narrow down the effort
to services that are currently running. To trigger any suspicious code,
maybe install a dated GnuPG and send an encrypted email in a lab network
to see what other libraries are pulled in.
If this was done in under a VM, it could also record what memory
locations and code paths were run. Do this a couple of thousand times
(each under a cleanly installed image) to get a general memory/code
footprint. Next, do the same thing but now:
- On install, set the country to one in the "Axis of Evil"
- Have some suspect words in the plain-text of the message
- Use Arabic or perhaps Russian
Record the memory locations and code paths but this time see if there
were any other branches that were triggers. After removing
translations/locale specific code/data, you would then have a basis for
some interesting analysis.
This may sound like a lot of work, but I'm sure this would be fun side
project for someone on FD.
Alfie
--
Alfie John
alfiej@...tmail.fm
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists