Lennart Poettering wrote:
If you know where stuff is located you can change individual blocks
in
files. You are not going to know what you are changing them to, but
you can change it and traditional files will not detect that you did that.
Then you get unpredictable garbage as the result, which is useless if your
goal (as the attacker) is to plant a trojan horse that steals encrypted data
while it is decrypted. (And of course, you cannot directly decrypt the data
either.) The only way to exfiltrate the data is to attack the system while
it is running (online).
Kevin Kofler