[FDE] Hardware-based encryption gains most innovation of '07

Allen netsecurity at sound-by-design.com
Thu Jan 3 22:25:04 MST 2008 


Ali, Saqib wrote:
> New types of technologies that emerged in 2007 addressed data leakage
> at the endpoint and helped reduce the problem of data simply walking
> out the door. "In five years, we probably won't sell encryption
> software," said Malte Pollman, Utimaco vice president of products, but
> key and other management services for Intel, Seagate and any other
> hardware encryption companies.

So the castle wall will be so high, so thick and so chink free 
that nothing will get out without going through the proper 
gateways with the approval of the guardians, right?

Somehow I just don't believe it. Besides, that is not the only 
way to do serious damage.

What about those who consume the unprotected grain stored in the 
warehouse, the unprotected wine stored in the cellars and the 
unprotected pies cooling on the racks for their own purposes?

Let's posit that corporate infighting for power is going on amid 
the day to day affairs. How could I use data, that does not have 
an in depth defense in place, against my target as I climb the 
corporate ladder? Not being a very experienced corporate 
infighter I don't have a lot of ideas but I am sure they are 
there waiting to be used by those whose ethics got checked at the 
door.

Here is one idea that is strictly dirty pool but might work. 
Access the HR records of your enemies and see where the chinks 
might be in their CV. Go home and research them and their 
relatives. Remembering the old saw about all of us being only a 
generation or so from horse thieves, create rumors and postings 
on the Internet alleging that the reality is that your target had 
a wild youth with drugs, has a cousin up the river for drugs, 
check kiting and they helped them, or whatever might fit into the 
gaps that are present in almost anyone's CV. Add to that one of 
the US Supreme Court Justice's dictum: "He who has not been 
arrested for committing a felony by age 21 is already in jail for 
a misdemeanor, in a hospital or mental institution, or dead." 
(Approx - can't find the exact wording. I think it was either 
Hugo Black or Learned Hand.)

Now spread the word via TOR to all kinds of sites so it can be 
found by Google. Then send an e-mail to HR via TOR telling them 
to look it up on the net. Given the number of urban legends that 
get repeated even though Snopes and other sites debunk them, 
don't you think it might have an effect of your target's career?

There are many examples of this sort of dirty tricks in politics, 
  why would you not expect them inside the corporate LAN?

However if the data were encrypted..., well that would at least 
add one more layer of protection.

Best,

Allen

More information about the FDE mailing list