|
Posted by Bernd Felsche on February 27, 2008, 2:21 am
If you were Registered and logged in, you could reply and use other advanced thread options
phil-news-nospam@ipal.net wrote:
>> It has been known from the beginning that DRAM holds its state a
>> while after power is removed. Thats how it works. There is a
>> circuit that refreshes it every X milliseconds. But it is a big
>> big surprise, at least to me, that data can recovered up to 10
>> minutes afterwards!!?
>> The only real world ramification I can see is that you should
>> completely powerdown your laptop 10 mins before going through a
>> security checkpoint. Or unmount crypt stuff and do a memory wipe.
>So add a RAM wipe right at the end of the halt sequence (in
>addition to other security measures like storing keys in unused
>corners of video card SRAM).
Scrubbing page tables making a good start. Much quicker than the
whole RAM - which could span gigabytes for the well-endowed.
>> As far as servers sitting alone somewhere, or other scenarios.. if
>> someone has physical access to a machine there are all kinds of tricks
>> they can use. I think you need to implement intrusion detection as
>> another poster said, and rigged to explosives for self destruct. ;)
>That, too.
The attack is to boot another (small) operating system to glean the
values.
A custom BIOS/POST would do wonders. Seeing that the classical BIOS
is on the way out, security options can be enhanced on openBIOS or
whatever. e.g. Prevent booting from "unsigned" devices; and forcing
a RAM scrub as part of POST if there's no secure key stored in BIOS.
Not foolproof, but raises the bar a few metres.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | Great minds discuss ideas;
X against HTML mail | Average minds discuss events;
/ \ and postings | Small minds discuss people. -- Eleanor Roosevelt
| 
XML site map