300 matches found
Authentication flaw
Sophos Disk Encryption SDE 5.x in Sophos Enterprise Console SEC 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen...
CVE-2014-2005
Sophos Disk Encryption SDE 5.x in Sophos Enterprise Console SEC 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen...
CVE-2014-2005
CVE-2014-2005 concerns Sophos Disk Encryption (SDE) 5.x managed via Sophos Enterprise Console (SEC) 5.x, prior to 5.2.2. It allows an unauthenticated, physically proximate attacker to resume from sleep without a login screen, gaining desktop access. Affected: SDE/SEC stack; root cause: failure to...
Sophos Disk Encryption vulnerable to authentication bypass
Overview Sophos Disk Encryption contains an authentication bypass vulnerability. Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is...
JVN#63940326: Sophos Disk Encryption vulnerable to authentication bypass
Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is installed, no authentication is required before operating the PC. Impact An...
Inception - Attacking FireWire Devices
Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock any password accepted and escalate privileges to Administrator/root on almost any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbol...
Android Outlook App Could Expose Emails, Attachments
There are two issues with the way Microsoft’s Outlook application encrypts content on older versions of Android that could expose users’ emails and email attachments. Paolo Soto, a researcher with the security firm Include Security, said his team initially dug up the vulnerabilities in November...
Kali Linux introducing Emergency Self Destruct feature to Full Disk Encryption
Full disk encryption is expected to be the top security technology to be adopted this year. Take a moment to think about the information that is present on your personal computer, i.e. Photos, passwords, emails, Important documents from work or Financial data and trade secrets. Many of us from th...
Research Outlines New Deep Freeze Data Recovery Technique on Android Phone
Hackers and data recovery specialists alike could soon be turning to a new technique that under the right conditions can allow for the harvesting of personal information from phones, even after they’ve been frozen. A group of German researchers from the University of Erlangen-Nuremberg have...
Symantec PGP Whole Disk Encryption本地权限提升漏洞
Symantec PGP Whole Disk Encryption可用于笔记本,台式电脑和服务器提供高性能的完整磁盘加密 Symantec PGP Whole Disk Encryption在处理0x80022058 IOCTL时pgpwded.sys驱动存在一个错误,允许攻击者利用漏洞覆盖任意内核内存,成功利用漏洞可以以应用程序上下文执行任意代码 0 Symantec PGP Whole Disk Encryption 10.x 厂商解决方案 目前没有详细解决方案提供: http://www.symantec.com/whole-disk-encryption define...
Symantec full disk encryption software burst 0day vulnerabilities-vulnerability warning-the black bar safety net
Recently, foreign security research organization Nikita Tarakanov said in Symantec PGP Whole Disk Encryption, full disk encryption software found 0day vulnerabilities, the software kernel driver pgpwded. sys contains a cover of any memory of the vulnerability, execute arbitrary code, The affected...
Zero-Day Vulnerability in Symantec PGP Whole Disk Encryption
Symantec product PGP Whole Disk Encryption which is used to encrypt all the contents on the disk on a block-by-block basis having Zero-Day Vulnerability, according to a pastebin note. Note was posted on 25th Dec by Nikita Tarakanov, claiming that pgpwded.sys kernel driver distributed with Symante...
Zero-Day Vulnerability in Symantec PGP Whole Disk Encryption
Symantec product PGP Whole Disk Encryption which is used to encrypt all the contents on the disk on a block-by-block basis having Zero-Day Vulnerability, according to a pastebin note. Note was posted on 25th Dec by Nikita Tarakanov, claiming that pgpwded.sys kernel driver distributed with Symante...
NGS000193 Technical Advisory: DataArmor Full Disk Encryption Restricted Environment breakout
======= Summary ======= Name: DataArmor Full Disk Encryption - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Release Date: 30 November 2012 Reference: NGS00193 Discoverer: Stuart Passe [email protected] Vendor: Mobile Armor Vendor Reference: KB 1060043...
DataArmor / DriveArmor Privilege Escalation / Decryption
======= Summary ======= Name: DataArmor Full Disk Encryption - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Release Date: 30 November 2012 Reference: NGS00193 Discoverer: Stuart Passe Vendor: Mobile Armor Vendor Reference: KB 1060043 Systems Affected: All version...
Code injection
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of 1 out-of-date credentials and 2 invalid credentials, which allows physically proximate attackers to defeat t...
CVE-2011-5117
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of 1 out-of-date credentials and 2 invalid credentials, which allows physically proximate attackers to defeat t...
CVE-2011-5117
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of 1 out-of-date credentials and 2 invalid credentials, which allows physically proximate attackers to defeat t...
Encrypt!
The EFF are huge proponents of full-disk encryption with strong cryptography on every device you own. This is especially true if you’re concerned about having your mobile device seized at the border. A government forensics expert can easily crack any password or bypass it altogether for example, ...
Is it hard to crack full Disk Encryption For Law Enforcement ?
Is it hard to crack full Disk Encryption For Law Enforcement ? If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a...