

Bootkit bypasses hard disk encryption  - edw519
http://www.h-online.com/security/Bootkit-bypasses-hard-disk-encryption--/news/113884

======
MikeW
The news item is not where the interesting discussion is happening, the
comments on <http://peterkleissner.com/?p=11> are worth reading.

TrueCrypt encryption is not bypassed in the sense that you can taken a offline
drive and get access to the data without the key, but just like all good MBR
worms, the TC loader can be patched (from both within Windows with Stoned, and
from an offline system) to do whatever malware you want to do as soon as the
TC key is entered.

I guess one takeaway from this is the same as we all should know from the past
- even with full disk encryption, don't behave pooly by running potential MBR-
patching malware as an administrator.

------
jrockway
Now when Customs seizes your encrypted laptop, they can get your data the
first time you boot it when you get it back. No need to deal with that pesky
Fifth Amendment.

~~~
pyre
I dunno, I have to agree with the judge's ruling in that case. The guy opened
up the drive and _showed them_ images that were (or were likely) child porn.
At that point, there is no doubt as to whether or not there is something
suspicious on there. Had the guy _not shown anything_ to the customs officer,
but the judge forced him to cough up the key anyways... I would have _a lot_
more sympathy. As it stands, the guy was an idiot that showed the
customs/border patrol officer his illegal stash and is trying to cover his ass
up after the fact.

~~~
jrockway
I am not referring to a specific case.

