[ISN] Customs: Vista PCs are safe from encryption attack

From: InfoSec News (alerts@private)
Date: Tue Feb 26 2008 - 00:12:23 PST


http://www.zdnet.com.au/news/hardware/soa/Customs-Vista-PCs-are-safe-from-encryption-attack/0,130061702,339286318,00.htm

By Liam Tung
ZDNet.com.au
26 February 2008

Despite US researchers showing that hard disk encryption can be easily 
compromised, Australian Customs say its Vista laptops are safe because 
data is not stored on them -- but analysts have warned users will find a 
way around this policy when they need to.

Last week, researchers from Princeton University revealed that 
encryption tools, such as Microsoft's Bitlocker, do not completely 
mitigate the risk of data theft from lost or stolen laptops.

The researchers showed they were able to access encryption keys used in 
such programs from the computer's RAM by booting it up from a USB or 
network drive and then scanning the system for encryption keys.

However, the Australian Customs Service, which has one of the first and 
largest Vista rollouts in Australia -- 6,000 PCs, including 2,400 
laptops -- claims it is safe from the attack because very little 
information is actually stored on the laptops.

"We believe this is a very low risk threat," Customs director of desktop 
services John Rodgers told ZDnet.com.au.

Customs laptops typically contain very little data, said Rodgers, 
because information relating to traveller processing is accessed 
remotely from its mainframe computers in Sydney and Canberra.

"That's all accessed remotely and the information is not stored 
locally," he said, adding that the agency uses CMOS to prevent the 
possibility of booting a laptop off another device or USB.

And, should the hackers get past this stage, the keys in Bitlocker are 
automatically destroyed Rodgers said.

However, security analysts say that just because information is accessed 
remotely, it doesn't mean that mobile workers will not store access on 
their laptops -- particularly in areas that lack Internet access.

"People will find a way of doing what they want to do and if that means 
storing a copy of data locally, that's what they will do," said IBRS 
analyst James Turner.

"If you fire up a laptop on a plane or train, you're not guaranteed 
Internet access. So, if you want to work, then you need to work with 
data locally," he added.

The agency is also exploring the possibility of using remote hard disk 
destruction technology, to allow it to wipe information on a hard disk 
in the event it is lost or stolen.

This type of technology could prove useful if Customs again faces the 
situation it did in 2003, where two men posing as EDS staff -- then 
Customs' sole IT outsourcing contractor -- duped agency staff into 
giving them access to their mainframe computers at Sydney International 
Airport, two of which they then removed.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Feb 26 2008 - 00:16:33 PST