Hackers fail to break into Via's StrongBox

IDG News Service - KUALA LUMPUR, Malaysia -- Hackers at a security conference here failed to break into Via Technologies Inc.'s StrongBox security application during a competition, Via officials said today, but the company gathered some valuable feedback from participants.
The Taiwanese microprocessor vendor offered a $5,000 prize to any hacker who could break into StrongBox, a secure virtual hard drive of up to 40GB designed to protect data from computer intruders. Announced on Tuesday, the application uses a combination of hardware-based SHA-1 and 256-bit AES encryption (see "Hack in the Box has a prize inside").
The company ignored a one-hour time-limit rule it had in place for the contest and allowed conference attendees as much time as they wanted to try to break into StrongBox.
One useful piece of advice Via took away from the show was regarding the password log-in. The software asks users to choose how many failed password attempts it should accept, with a maximum of five, before freezing out a user for an unspecified period of time.
But one hacker pointed out he could figure out a way to set the number at zero, giving a potential data thief unlimited tries to guess the correct password. Without such a limit, someone could use a custom CD with every word in the dictionary and word/number combinations to find the right password. Such CDs take only a few minutes to run.
Tim Brown, a marketing manager at Via, said the value of the contest was in the feedback and the publicity.
"These are very knowledgeable people, with a unique way of thinking," he said.
Via's contest gambit was risky. Hundreds of hackers had gathered at the Hack in the Box Security Conference to share information and learn more about security. It's the kind of show that attracts participants wearing T-shirts that say, "I read your e-mail," and one attendee who boasted it took him just minutes to get the hosting hotel's name and room number list, which enabled him to get a key to a room that was not his (it was a friend's) and to bill hotel Internet usage charges to his friend's room, for fun.
He insisted he would pay the friend back.
The StrongBox security application is designed for computers based on Via's C7 and C7-M processors that have the company's PadLock Security Engine. The company used a new Twinhead Corp. laptop, the Efio12BL, which uses a Via C7-M 1.5-GHz mobile processor, for the contest.
StrongBox was developed to showcase the hardware encryption capabilities of the C7 andC7-M processors and to offer a secure means of protecting information stored on a notebook computer in the event of loss or theft, according to the company.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.