|
|
|
|
|
Posted by Monty Solomon on February 29, 2008, 9:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Cold Boot Attacks: Vulnerable While Sleeping
February 26th, 2008 by Ed Felten
Our research on cold boot attacks on disk encryption has generated
lots of interesting discussion. A few misconceptions seem to be
floating around, though. I want to address one of them today.
As we explain in our paper, laptops are vulnerable when they are
"sleeping" or (usually) "hibernating". Frequently used laptops are
almost always in these states when they're not in active use - when
you just close the lid on your laptop and it quiets down, it's
probably sleeping.
When a laptop goes to sleep, all of the data that was in memory stays
there, but the rest of the system is shut down. When you re-open the
lid of the laptop, the rest of the system is activated, and the
system goes on running, using the same memory contents as before.
(Hibernating is similar, but the contents of memory are copied off to
the hard drive instead, then brought back from the hard drive when
you re-awaken the machine.) People put their laptops to sleep, rather
than shutting them down entirely, because a sleeping machine can wake
up in seconds with all of the programs still running, while a fully
shut-down machine will take minutes to reboot.
...
http://www.freedom-to-tinker.com/?p=1258
|
 
| |
Posted by Rick Merrill on March 1, 2008, 7:32 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Monty Solomon wrote:
...
>
> http://www.freedom-to-tinker.com/?p=1258
>
There is some good discussion at the above forum,
but that is not the same as peer-review. While the
research is stimulating, Ed (not Monty) Felten makes a
few small errors. First, anybody knows that clear
code is in RAM if you let the system sleep/stand-by.
No secure system should be permitted to use that state.
Second, as Lazlo Hars points out, no encryption key
should be stored in RAM, but I'll bet a lot of s/w
does exactly that. - RM
|
| Similar Threads | Posted | | Cold Boot Attacks on Disk Encryption | February 23, 2008, 5:24 pm |
| DECT For Local Loop: 'Boot up Time'. | April 2, 2005, 3:22 am |
| Analysts Say ATM Systems Highly Vulnerable | August 3, 2005, 1:25 am |
| Cyberspeak: Boot Camp Will Start Exodus to Windows | April 14, 2006, 2:14 pm |
| Analysts: ATMs Highly Vulnerable to Fraud | August 3, 2005, 10:36 pm |
| Re: Analysts: ATMs Highly Vulnerable to Fraud | August 5, 2005, 7:42 pm |
| Chicago Voter Info Vulnerable to Hackers | October 24, 2006, 5:04 pm |
| Online Banking Industry Very Vulnerable to Cross-Site Scripting | March 15, 2005, 11:53 am |
| Re: Cold Weather and Christmas | December 23, 2005, 2:32 am |
| Plugboard at cold war UK defense site [Telecom] | July 15, 2008, 7:01 pm |
|
|
Home Cabling Guide
Finally, an instantly downloadable book that saves you thousands in home improvement dollars!
Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage
on the real estate market. Whether your cabling is for home office or high-tech
leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!
Learn More
|
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map