Last week at Black Hat, Peter Kleissner, a young software developer from Vienna,
Austria, showed an interesting variation on a rootkit he
calls Stoned which he said can bypass disk encryption. However, I don’t think any disk encryption product, by itself, claims that it cannot be
bypassed by a keylogger.

Here is the scenario: If you lose your PC and the disk
is encrypted with a quality disk encryption product, you can have a high degree
of confidence that no encrypted information will be disclosed.

However, if the
PC is returned to you, you cannot be sure that a root kit and a keylogger have
not been installed on the machine. The risk of disclosing information occurs
when you boot up the machine and authenticate. At that point the keylogger can
capture your credentials and eventually access all the data on the disk (as you
would).

Also, the risk of your PC being “rootkitted” (if there is such a word) while browsing increases if you are working on your PC as an Administrator. Clearly
organizations have policies against this and are able to enforce it.

02. August 2009 · Comments Off on The most severe breaches result from application level attacks · Categories: Application Security, Breaches, Risk Management, Security Management · Tags: , , , , ,

Last week, I highlighted the Methods of Attack data from the Verizon Business 2009 Data Breach Investigations Report. Today, I would like to discuss an equally important finding they reported about Attack Vectors (page 18).

The surprise is that only 10% of the breaches were traced to network devices. And network devices represented only 11% of the actual records breached. The top vector was Remote Access and Management at 39%. Web Applications came in second at 37%. Even more interesting is that 79% of all records breached were the result of the Web Application vector!

Clearly there has been a major shift in attack vectors. While this may not be a total surprise, we now have empirical evidence. We must focus our security efforts on applications, users, and content.