|
Posted by on February 25, 2008, 5:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Turns out, DHS, which has been spying illegally for some years now,
has found a way to read DRAM data *after powerdown* -- presumably
it would work after normal shutdown or sudden power loss.
http://www.nytimes.com/2008/02/22/technology/22chip.html?_r=2&ei=5087&em=&en=13d01f43eefefaeb&ex=1203915600&pagewanted=print&oref=slogin&oref=slogin
|
|
Posted by Wolfgang Draxinger on February 25, 2008, 6:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
plenty900@yahoo.com wrote:
> Turns out, DHS, which has been spying illegally for some years
> now, has found a way to read DRAM data *after powerdown* --
> presumably it would work after normal shutdown or sudden power
> loss.
>
>
http://www.nytimes.com/2008/02/22/technology/22chip.html?_r=2&ei=5087&em=&en=13d01f43eefefaeb&ex=1203915600&pagewanted=print&oref=slogin&oref=slogin
There's a discussion running about that in the german NG
de.sci.electronics
It boiled down to the following: Most modern Motherboards have an
intrusion switch detector, some MoBos even have intrusion
sensors (LDR, Vibration Switch etc.).
They can trigger actions that go from a simple ACPI event, and
can go up to calling code, that has been installed through EFI
(on boards that have EFI).
Now, all you've to do is using those IDS and unmount all
encrypted volumes if such sensors get triggerd -- and wipe the
keys from memory afterwards. You can also use temperature
sensors, to detect a "chill attack".
And last but not least there's one use for TCPA in the end: One
of the goals of TCPA was/is, that the CPU can have the memory
encrypted transparently. The crypto stuff should happen on the
L1 cache level.
Wolfgang Draxinger
--
E-Mail address works, Jabber: hexarith@jabber.org, ICQ: 134682867
|
|
Posted by Gil Hamilton on February 26, 2008, 11:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Turns out, DHS, which has been spying illegally for some years now,
> has found a way to read DRAM data *after powerdown* -- presumably
> it would work after normal shutdown or sudden power loss.
>
> http://www.nytimes.com/2008/02/22/technology/22chip.html?_r=2&ei=5087&e
> m=&en=13d01f43eefefaeb&ex=1203915600&pagewanted=print&oref=slogin&oref=
> slogin
Go to the original source and read (or just watch the video):
http://citp.princeton.edu/memory/
And no, this work wasn't done by Homeland Security. If it had been DHS, we
would never have heard about it.
GH
|
|
Posted by shimp on February 26, 2008, 4:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
after power is removed. Thats how it works. There is a circuit that
refreshes it every X milliseconds. But it is a big big surprise, at
least to me, that data can recovered up to 10 minutes afterwards!!?
The only real world ramification I can see is that you should completely
powerdown your laptop 10 mins before going through a security
checkpoint. Or unmount crypt stuff and do a memory wipe.
As far as servers sitting alone somewhere, or other scenarios.. if
someone has physical access to a machine there are all kinds of tricks
they can use. I think you need to implement intrusion detection as
another poster said, and rigged to explosives for self destruct. ;)
|
|
Posted by on February 27, 2008, 12:59 am
If you were Registered and logged in, you could reply and use other advanced thread options
| It has been known from the beginning that DRAM holds its state a while
| after power is removed. Thats how it works. There is a circuit that
| refreshes it every X milliseconds. But it is a big big surprise, at
| least to me, that data can recovered up to 10 minutes afterwards!!?
|
| The only real world ramification I can see is that you should completely
| powerdown your laptop 10 mins before going through a security
| checkpoint. Or unmount crypt stuff and do a memory wipe.
So add a RAM wipe right at the end of the halt sequence (in addition to
other security measures like storing keys in unused corners of video
card SRAM).
| As far as servers sitting alone somewhere, or other scenarios.. if
| someone has physical access to a machine there are all kinds of tricks
| they can use. I think you need to implement intrusion detection as
| another poster said, and rigged to explosives for self destruct. ;)
That, too.
How about a low bandwidth LAN over the power lines via tap in the PSU.
Each node can cryptographically authenticate itself. If a configured
set of required nodes can no longer be reached, memory gets wiped on
certain machines with critical data.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-02-26-2351@ipal.net |
|------------------------------------/-------------------------------------|
|
| Similar Threads | Posted | | security software for linux and mac | July 4, 2007, 1:43 pm |
| cp fw-1 ngx: no memory for german umlaute | January 15, 2006, 5:15 am |
| Re: Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability | December 15, 2005, 10:03 am |
| Wipe Outlook Mail Messages | January 22, 2006, 12:41 pm |
| DoD Harddrive Secure Erase Wipe | April 2, 2008, 9:37 pm |
| Software to wipe disk drives on servers and pc | January 30, 2008, 4:11 pm |
| Linux Help | September 27, 2006, 7:23 pm |
| Linux? Which one is the most friendly? | May 1, 2005, 3:37 pm |
| end of linux-nightmares... approachable | June 17, 2005, 11:27 am |
| my linux box is bogged down, could it be a breach? | August 5, 2006, 1:38 am |
|
XML site map