SECCONF: Hackers fail to break into Via’s StrongBox

Hackers at a security conference in Malaysia failed to break into Via Technologies Inc.’s StrongBox security application during a competition, Via officials said Friday, but the company gathered some valuable feedback from participants.

The Taiwanese microprocessor vendor offered a US$5,000 prize to any hacker that could break into StrongBox, which is a secure virtual hard drive of up to 40G bytes designed to protect data from computer intruders.

Announced on Tuesday, the application is made using a combination of hardware-based SHA-1 and 256-bit AES encryption.

The company ignored a one-hour time limit rule it had in place for the contest, and allowed conference attendees as much time as they wanted to try to break into StrongBox.

One useful piece of advice Via took away from the show was regarding the password login. The software asks users to choose how many failed password attempts it should accept, with a maximum of five, before freezing a user out for an unspecified period of time.

But one hacker pointed out he could figure out a way to set the number at zero, giving a potential data thief unlimited tries to guess the correct password. Without such a limit, someone could use a custom CD with every word in the dictionary and word/number combinations to find the right password. Such CDs take only a few minutes to run.

Tim Brown, a marketing manager at Via, said the value of the contest was in the feedback and the publicity.

“These are very knowledgeable people, with a unique way of thinking,” he said.

Via’s contest gambit was risky. Hundreds of hackers had gathered at the Hack in the Box Security Conference to share information and learn more about security. It’s the kind of show that attracts participants wearing T-shirts that say “I read your email,” and one who boasted it took him just minutes to get the hosting hotel’s name and room number list — which enabled him to get a key to a room that was not his (it was a friend’s), and bill hotel Internet usage charges to his friend’s room, for fun.

He insisted he would pay the friend back.

The StrongBox security application is designed for computers based on Via’s C7 and C7-M processors that have the company’s PadLock Security Engine. The company used a new Twinhead Corp. laptop, the Efio!12BL, which uses a Via C7-M 1.5GHz mobile processor, for the contest.

StrongBox was developed to showcase the hardware encryption capabilities of the C7 and C7-M processors and to offer a secure means of protecting information stored on a notebook computer in the event of loss or theft, according to the company.

Related links:

Hackers breach LexisNexis, grab info on 32,000 people

Hackers for hire

Hackers value dollars most

Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now