February 25, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« SOA Security Beyond the Perimeter: A Talk With Anne Thomas Manes | Main | Security Dream Team »

February 22, 2008
Mr. Freeze Unlocks Encrypted Data

First, you only have a few more days to sign up for this Wednesday's ebizQ SOA security roundtable. The roundtable now includes 4 featured speakers, a veritable who's who of security thinkers and doers, and as SOA security is as challenging as security gets, this truly is a can't miss. And all you've got to do is click right here!.

Now for the news: what was once considered fail-safe data protection (disc encryption) has been revealed as quite hackable. According to Science Daily, the attack exploits the fact that information does not disappear from RAM immediately after a machine is shut off. Generally, RAM continues to hold the information from several seconds to a minute after it's been shut down. This process has been slowed down to ten minutes when the chips are cooled using easily availabe "canned" air, which, when turned upside down, issue a freezing blast.

But this method does not even require a deep freeze, it's just the fact that as long as the keys are stored in RAM, those encryption keys can be had. The hack worked even when the attackers only had remote access to the computers network, and worked even after the encryption key has already semi-decayed, as they were able to reconstruct it from multiple derivative keys.

And what machines are at risk? "We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said Alex Halderman, a Ph.D. candidate in Princeton's computer science department. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."

For now, the only true defense is to fully power down your laptop (or desktop, if you've got a suspicious looking Mr. Freeze working a few cubicles away), as computers in the active, sleep, or locked state are all highly vulnerable.


Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3171

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
BPM Basics for Dummies: Getting a Read on BPM
Date: Feb 26, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Roundtable: SOA Security - The Real Deal, or Much Ado About Nothing?
Date: Feb 27, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map