in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

New Cold Boot Device Developed To Steal Passwords From Disk Encryption Protected Computers

The Register reports that IntelGuardians, a penetration‑testing firm, has built up on the Princeton research that showed how to extract encryption keys from computer memory, RAM.  They’ve created a device and named it “DaisyDukes,” and it plugs into a computer via the USB port.  No word on whether the device comes encased in cut‑offs.  It’s still in beta mode, so anything could happen…  Although, truth be told, I’m guessing they’ve christened the device after the TV character because the bombshell was able to wangle her way into pretty much anything.

 

Based on what I’ve read, it sounds like the new device is very similar to the device the Princeton researchers had showcased last month.  IntelGuardians has a spin on the original device and research, though: they’ve found that passwords, not just encryption keys, remain in RAM as well.  In fact, it turns out that passwords have a distinct signature from one application to another, and these will remain in RAM.  The Princeton researchers had shown that information in RAM decayed gradually, offering a small window of opportunity to steal sensitive data even when a computer is turned off; the new findings increase the type of information that can be compromised, from encryption keys to anything found on RAM.  Intelguardians are talking about seeing if they’d be able to download chat logs with their device, for example.   Among the applications that IntelGuardians has been able to compromise to date include Thunderbird, Outlook, and AOL Instant Messenger, among others.

 

The news, understandably, is not making as much of a splash as the original findings did.  And, just like the original findings, the security breach hinges upon finding a computer that is left unattended and turned on, or left in sleep mode.  Well, that and having the ability to boot off the USB drive.  Because the data in RAM will be overwritten when a computer is turned back on, the researchers boot up the computer from their device and copy the data found in the RAM as is, decreasing the chances of disturbing the original data—and increasing the chances of finding something useful.

 

So, it seems like a particularly effective way of getting around this particular problem—if you do have full disk encryption, like AlertBoot, on your computers—would be to turn off the ability of USB boot ups on your computers.  Someone commented that this is missing the point, since one could use a bootable CD or a floppy disk to get around it.

 

Not quite, I imagine.  Remember, the purpose here is to obtain data residing in RAM.  A bootable CD—you can’t write stuff to it; it’s just the nature of the medium.  As to a floppy disk, yeah, it’s possible.  However, last time I checked, floppy disks have a capacity of less than 2 MB.  When you consider that most RAM capacities on computers are at least 100 times bigger, there’s a less than one percent chance of getting something useful being copied to the floppy disk.  And this is not taking into account the size of the software that will reside on the floppy disk to read and save said data (and the effects of formatting the disk).  Realistically speaking, I’d imagine the available space of a floppy disk would be approximately 1 MB, and most RAM approaches 500 MB on the lower end of the scale (with some going as high as 2 GB), representing a 0.2% change of culling sensitive data at most.

 

If anything, I’d say that the point most people are missing is this: physical security still matters in this day and age.  Computer security products are there as a back up to the vicissitudes of life (and common sense): antivirus software will always take a back seat to not visiting unsafe sites; encryption will always take a back seat to not getting it stolen.

 
<Previous Next>

Stolen Bank Hard Drive Has One Million Customer Records And No Hard Disk Encryption

Prison Loses USB Drive With Data On 3500 Visitors. Disk Encryption Not Used

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.