Date: Sun, 24 Feb 2008 12:51:38 -0500 From: Bill Moran <wmoran@collaborativefusion.com> To: Christopher Arnold <chris@arnold.se> Cc: hackers@freebsd.org Subject: Re: Security Flaw in Popular Disk Encryption Technologies Message-ID: <20080224125138.b56cab48.wmoran@collaborativefusion.com> In-Reply-To: <20080224165956.X34646@localhost> References: <47C06E1F.5020308@thedarkside.nl> <760775.85636.qm@web50306.mail.re2.yahoo.com> <20080223203316.GC38485@lor.one-eyed-alien.net> <a2b6592c0802231328y73da9605ybd3f5353ee32aa01@mail.gmail.com> <20080224100924.c8e08776.wmoran@collaborativefusion.com> <20080224165956.X34646@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Arnold <chris@arnold.se> wrote: > > > > On Sun, 24 Feb 2008, Bill Moran wrote: > > > Or laptop vendors could make "secure" laptops that always lose memory > > on shutdown. > > > That dosn't really change anything, just don't shutdown the laptop. It reduces the risk greatly when combined with other measures. For example, alter the sysctls so the lid switch powers the laptop off instead of putting it to sleep. This changes the scene a good bit, as it's guaranteed to be powered off when in storage and transport, which is when it is most likely to be stolen. > Cut an opening in the case and attach a probe to monitor memory access and > wait for the key being accessed. That attack only works if you can steal the laptop when it's powered on. With a unit known to be a security risk, it's going to be monitored while powered on, so it's less likely to be stolen at that time. As far as mitigation is concerned, there's not 1 or 0. But smart deployment can reduce the risks. -- Bill Moran Collaborative Fusion Inc. wmoran@collaborativefusion.com Phone: 412-422-3463x4023
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080224125138.b56cab48.wmoran>