Here is yet another example of how the “good guys” are figuring out ways to subvert security to “help” us:
Basically Peter Kleissner, a young and clearly very smart university student, has figured out how to inject a bootkit in front of TrueCrypt (an excellent and free encryption product) to subvert its protections.
While I understand that “security by obscurity” is ultimately a flawed paradigm, I really don’t think the bad guys need any help. While some claim the bad guys would ultimately figure this stuff out, I’m not convinced. A lot of the malign stuff out there has at it’s basis attacks developed by “good guys”.
While I entirely support the right to do and publish such work (unlike a number of large corporations that have sued to keep these hacks quiet), I do feel in many cases the publishing of these exploits is an act of ego and narcissism, a sort of destructive “showing off”.
Anyway, down goes another.