• United States



by Paul Kerstein

Hackers Fail to Break Into Via’s StrongBox

Sep 30, 20053 mins
CSO and CISOData and Information Security

Hackers at a security conference in Malaysia failed to break into ViaTechnologies Inc.’s StrongBox security application during acompetition, Via officials said Friday, but the company gathered somevaluable feedback from participants.

The Taiwanese microprocessor vendor offered a US$5,000 prize to anyhacker that could break into StrongBox, which is a secure virtual harddrive of up to 40G bytes designed to protect data from computerintruders. Announced on Tuesday, the application is made using acombination of hardware-based SHA-1 and 256-bit AES encryption.

The company ignored a one-hour time limit rule it had in place for thecontest, and allowed conference attendees as much time as they wantedto try to break into StrongBox.

One useful piece of advice Via took away from the show was regardingthe password login. The software asks users to choose how many failedpassword attempts it should accept, with a maximum of five, beforefreezing a user out for an unspecified period of time.

But one hacker pointed out he could figure out a way to set the numberat zero, giving a potential data thief unlimited tries to guess thecorrect password. Without such a limit, someone could use a custom CDwith every word in the dictionary and word/number combinations to findthe right password. Such CDs take only a few minutes to run.

Tim Brown, a marketing manager at Via, said the value of the contest was in the feedback and the publicity.

“These are very knowledgeable people, with a unique way of thinking,” he said.

Via’s contest gambit was risky. Hundreds of hackers had gathered at theHack in the Box Security Conference to share information and learn moreabout security. It’s the kind of show that attracts participantswearing T-shirts that say “I read your email,” and one who boasted ittook him just minutes to get the hosting hotel’s name and room numberlist — which enabled him to get a key to a room that was not his (itwas a friend’s), and bill hotel Internet usage charges to his friend’sroom, for fun.

He insisted he would pay the friend back.

The StrongBox security application is designed for computers based onVia’s C7 and C7-M processors that have the company’s PadLock SecurityEngine. The company used a new Twinhead Corp. laptop, the Efio!12BL,which uses a Via C7-M 1.5GHz mobile processor, for the contest.

StrongBox was developed to showcase the hardware encryptioncapabilities of the C7 and C7-M processors and to offer a secure meansof protecting information stored on a notebook computer in the event ofloss or theft, according to the company.

By Dan Nystedt – IDG News Service (Taipei Bureau)