http://www.zdnet.com.au/news/hardware/soa/Customs-Vista-PCs-are-safe-from-encryption-attack/0,130061702,339286318,00.htm By Liam Tung ZDNet.com.au 26 February 2008 Despite US researchers showing that hard disk encryption can be easily compromised, Australian Customs say its Vista laptops are safe because data is not stored on them -- but analysts have warned users will find a way around this policy when they need to. Last week, researchers from Princeton University revealed that encryption tools, such as Microsoft's Bitlocker, do not completely mitigate the risk of data theft from lost or stolen laptops. The researchers showed they were able to access encryption keys used in such programs from the computer's RAM by booting it up from a USB or network drive and then scanning the system for encryption keys. However, the Australian Customs Service, which has one of the first and largest Vista rollouts in Australia -- 6,000 PCs, including 2,400 laptops -- claims it is safe from the attack because very little information is actually stored on the laptops. "We believe this is a very low risk threat," Customs director of desktop services John Rodgers told ZDnet.com.au. Customs laptops typically contain very little data, said Rodgers, because information relating to traveller processing is accessed remotely from its mainframe computers in Sydney and Canberra. "That's all accessed remotely and the information is not stored locally," he said, adding that the agency uses CMOS to prevent the possibility of booting a laptop off another device or USB. And, should the hackers get past this stage, the keys in Bitlocker are automatically destroyed Rodgers said. However, security analysts say that just because information is accessed remotely, it doesn't mean that mobile workers will not store access on their laptops -- particularly in areas that lack Internet access. "People will find a way of doing what they want to do and if that means storing a copy of data locally, that's what they will do," said IBRS analyst James Turner. "If you fire up a laptop on a plane or train, you're not guaranteed Internet access. So, if you want to work, then you need to work with data locally," he added. The agency is also exploring the possibility of using remote hard disk destruction technology, to allow it to wipe information on a hard disk in the event it is lost or stolen. This type of technology could prove useful if Customs again faces the situation it did in 2003, where two men posing as EDS staff -- then Customs' sole IT outsourcing contractor -- duped agency staff into giving them access to their mainframe computers at Sydney International Airport, two of which they then removed. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Feb 26 2008 - 00:16:33 PST