Hello and welcome to the Thursday, November 17, 2020 edition of the Sands and the Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

I've got an interesting guest post today from Gephard.

Gephardt is proposing a fairly simple and cheap and easy way to fight back against the

evil mate attack.

The evil mate attack comes from the scenario where you are leaving a laptop in a hotel room,

and an evil mate has physical access to the system and is then of course potentially

able to disrupt or compromise the system. We have multiple technical controls for this like various

sort of pre-boot protections or fully encrypted thrives and the like.

But there's, of course, always a chance that some kind of implant is being installed or such,

and that's difficult to defend against.

But Gephardt is proposing is a fairly simple little trick where before you leave your laptop alone,

you are just typing the first letter of your password in the screen.

Has to be the real password, so the first letter of your actual password, not a random letter.

And then the idea is when you come back, you just type the remainder of your password.

If someone got a hold of your system, first of all, they may have just removed that letter

because they rebooted the system or such, and that would be pretty obvious.

But even if they would have seen that you already typed one letter, well, they don't know your

password, so they don't know what the letter is. And yes, they have a one in, whatever, you know,

a 60 or so chance if you're counting lower uppercase special characters and such,

but still a fairly low chance in actually getting the right letter type there.

Interesting proposal and Gaphart is really just looking,

...