Last week at Black Hat, Peter Kleissner, a young software developer from Vienna,
Austria, showed an interesting variation on a rootkit he
calls Stoned which he said can bypass disk encryption. However, I don’t think any disk encryption product, by itself, claims that it cannot be
bypassed by a keylogger.
Here is the scenario: If you lose your PC and the disk
is encrypted with a quality disk encryption product, you can have a high degree
of confidence that no encrypted information will be disclosed.
However, if the PC is returned to you, you cannot be sure that a root kit and a keylogger have not been installed on the machine. The risk of disclosing information occurs when you boot up the machine and authenticate. At that point the keylogger can capture your credentials and eventually access all the data on the disk (as you would).
Also, the risk of your PC being “rootkitted” (if there is such a word) while browsing increases if you are working on your PC as an Administrator. Clearly organizations have policies against this and are able to enforce it.
