One of the adages of computing is that no hardware is safe when a hacker has physical access to the machine. In an age of booming laptop sales, people haven’t found that reassuring and have frequently turned to disk encryption in an effort to protect their personal data.
A new paper (PDF) by a group of Princeton computer scientists suggests that disk encryption is vulnerable to a hack that will be hard to correct for: data about the encryption can be extracted from the machine’s RAM. Most people know that the contents of RAM are lost when a machine powers down. The paper notes, however, that this process isn’t instantaneous. In their tests, the authors found that various forms of RAM take anywhere from 2.5 to 35 seconds to reach a null state (newer RAM got there faster). That process is temperature-dependent; dropping the RAM to -50°C cut the rate at which memory was lost to 0.1 percent per minute. Researchers crack FileVault, BitLocker with canned air hack
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag