[Dataloss] (article) "We recovered the laptop!" ... so what?

sawaba sawaba at forced.attrition.org
Wed Feb 14 21:22:25 EST 2007 

No, Vista will have no significant impact, for several reasons:

1. As mentioned somewhere down this thread, Vista's disk encryption option 
only comes with the more expensive versions of Vista.

2. Owners of this version are a much smaller percentage of total Vista
owners. A small percentage of people that buy these versions will a) know
it is there b) care that it is there, or c) know how to use it properly
even if they do know about it and are interested in using it.

3. The people using disk encryption in Vista are likely to be doing it 
with their personal PCs. We're mostly interested in large entities and 
corporations using disk encryption to protect our sensitive, valuable data 
while in their care. These companies, if they are using disk encryption at 
all, are most likely to be using a commercial disk encryption product with 
enterprise deployment/management features.

Bottom Line: Vista's new encryption features will most likely see the most 
use in the hands of the individual consumer, not the enterprise.

Caveat: This is not to say that Vista's disk encryption features do not 
work! When and where they are PROPERLY used, they will be effective in 
protecting data from compromise.

--Sawaba


On Mon, 12 Feb 2007, Herve Roggero wrote:

> Hi everyone
>
> This thead is very interesting. All techniques so far deal with reading data at a low level. Will Windows Vista prevent techniques such as Symantec Ghost? I understand that Vista performs bit-level encryption with its BitLocker technology.
>
> Thanks.
>
> Herve Roggero
> Managing Partner
> Pyn Logic LLC
> Visit www.pynlogic.com
>
> -----Original Message-----
> From: "Max Hozven" <mhozven at tealeaf.com>
> To: "sawaba" <sawaba at forced.attrition.org>; "blitz" <blitz at strikenet.kicks-ass.net>
> Cc: dataloss at attrition.org
> Sent: 2/12/07 1:27 AM
> Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so  what?
>
> Or boot up on a Symantec Ghost boot disk, then blast the data over to a
> network drive or a connected USB drive.
>
> -Max
>
> -----Original Message-----
> From: dataloss-bounces at attrition.org
> [mailto:dataloss-bounces at attrition.org] On Behalf Of sawaba
> Sent: Sunday, February 11, 2007 9:09 PM
> To: blitz
> Cc: dataloss at attrition.org
> Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so
> what?
>
> You don't even have to mess with mirroring it. You can create a Linux
> boot
> disk, specifically set up with scripts that search for juicy data, and
> then upload them to your server over Wi-Fi. On a fairly new laptop, you
> should have data (if there's any data to be had) within 30 minutes.
> You'll
> be done in an hour or two unless there is a huge amount of data you want
>
> to grab.
>
> And because you are mounting the Fat32 or NTFS volume read-only, no
> dates
>

More information about the Dataloss mailing list