Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Clearing or Encrypting Page File?
New Posts  All Forums:Forum Nav:

Clearing or Encrypting Page File? - Page 4

post #31 of 34
Thread Starter 
Quote:
Originally Posted by Spooony;13349240 
its the same as bitlocker. its not cracking it while the system is still running aren't you concerned that someone takes your drive or access it offline and then viewing it? If shadow copy and ms shadow copy provider is disabled and if your busy using windows they it can't be accessed because its locked. Only way to access it is offline either by a 2nd os on your pc, a boot disk or putting the drive in another pc. If you have a vm around you load linux up and try to access or copy the pagefile over to the vm and see if your manage to do it.

The best option will be to encrypt the entire drive using truecrypt or bitlocker or whatever app you want use. Do not encrypt only a part of it. You might want to enable efs in windows aswell if its not enabled already.

and yes truecrypt has been cracked its old news as truecrypt don't guarantee your data against malware
http://www.truecrypt.org/docs/?s=malware

Remember the mbr is not encrypted. A bootkit and then the attacker waiting for you to log on stealing your password can be done. Bitlocker don't have this security hole luckily.
But that must be some desperate sod to go thru all that effort or you must have secrets of the deepest nature on your pc in the line of who killed JFK etc lol

Just google truecrypt cracked the net is full of it. Been done in 2008 already.

Truecrypt replaces the MBR with it's own. The only way it can be cracked is if the attacker has access to the computer while it is booted or can access the HDD to install the malicious bootkit and then put the HDD back without the user noticing AND then the user logs into the malicious bootkit. They're basically just keyloggers. These scenarios are unlikely to take place without the user noticing when they are security conscious enough to be using a program like Truecrypt.
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
post #32 of 34
Quote:
Originally Posted by LastBucsfan;13353420 
Truecrypt replaces the MBR with it's own. The only way it can be cracked is if the attacker has access to the computer while it is booted or can access the HDD to install the malicious bootkit and then put the HDD back without the user noticing AND then the user logs into the malicious bootkit. They're basically just keyloggers. These scenarios are unlikely to take place without the user noticing when they are security conscious enough to be using a program like Truecrypt.

are you sure?
http://www.stoned-vienna.com/downloads/TrueCrypt%20Encryption%20and%20RawFS.txt
post #33 of 34
Thread Starter 
Quote:
Originally Posted by Spooony;13358133 
are you sure?
http://www.stoned-vienna.com/downloads/TrueCrypt%20Encryption%20and%20RawFS.txt

I think so....
Quote:
The "Stoned" bootkit, an MBR rootkit presented by Austrian software developer Peter Kleissner at the Black Hat Technical Security Conference USA 2009,[24][25] has been shown capable of tampering TrueCrypt's MBR effectively bypassing TrueCrypt's full volume encryption.[26][27][28][29][30] (but potentially every hard disk encryption software is affected too if it does not rely on hardware-based encryption technologies like TPM, or—even if it does—if this type of attack is made with administrative privileges while the encrypted operating system is running).[31][32]

Two types of attack scenarios exist in which it is possible to maliciously take advantage of this bootkit: in the first one, the user is required to launch the bootkit with administrative privileges once the PC has already booted into Windows; in the second one, analogously to hardware keyloggers, a malicious person needs physical access to the user's TrueCrypt-encrypted hard disk: in this context this is needed to modify the user's TrueCrypt MBR with the Stoned's one and then place the hard disk back on the unknowing user's PC, so that when the user boots the PC and types his/her TrueCrypt password on boot, the "Stoned" bootkit intercepts it thereafter because, from that moment on, the Stoned bootkit is loaded before TrueCrypt's MBR in the boot sequence. The first type of attack can be prevented as usual by good security practices, e.g. avoid running non-trusted executables with administrative privileges. The second one can be successfully neutralized, by the user if he/she suspects that the encrypted hard disk might have been physically available to someone he/she doesn't trust, by booting the encrypted operating system with TrueCrypt's Rescue Disk instead of booting it directly from the hard disk and restoring boot loader in MBR

Source
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
post #34 of 34
^that's was just for interest sake btw as I mentioned earlier someone really got to be desperate to get to your data to go thru all that effort by using bootkits etc. Just mention it to show it is crackable so the fbi that couldn't do it probably was pre 2008. You can use it or bitlocker and you'll be good to go. Just make sure there's no malware on your system when doing it. Do a full ofline scan from a boot disk and run a antirootkit just to make sure.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Clearing or Encrypting Page File?