"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl...
> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message
> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...
>> Juan I. Cahis wrote:
>>>
>>> To be able to install a keylogger, the user should be logged in with
>>> Administrator features, and I supposed that the user didn't leave the
>>> computer unattended *and* powered on *and* logged in, did you?
>>
>> If the hacker has physical access to the computer, all bets are off. He
>> can boot from a CD or pendrive and install whatever the heck he likes on
>> the laptop.
>
>
> If the laptop fully supports bitlocker and bitlocker is used, physical
> access won't help you gain access to the contents of the hard drive.

With physical access to a machine, what prevents you from adding
option rom and re-initializing the TPM? I assume by "fully supports"
you were referring to boot axis validation through the TPM.

Otherwise, as the thread is about keylogging (and possible rootkit)
the contents can be had. The TPM feature puts up quite a roadblock
though.

http://www.ngssoftware.com/research/...CI_Rootkit.pdf