Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"it's good one "
on SanDisk taps McAfee for USB drive security
by khanbhai | Nov 22, 2008 9:00 PM
 
"when i login to face book it tells me i am cookies enabled what does this mean"
on Ads on Facebook serving up adware
by celeste | Nov 21, 2008 5:15 PM
 
"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
on Yahoo and Microsoft take aim at lottery scams
by Rodney Churchyard | Nov 20, 2008 6:13 PM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
on Shavlik Technologies to broaden its patch management offerings
by eric | Nov 20, 2008 8:15 AM
Corporate Data

DRam crack breaks encryption software

  • Email a Friend
  • Print Page
Related Articles
By Shaun Nichols
Feb 25, 2008 9:39 AM
Tags: DRam | crack | breaks | encryption | software
Disk encryption software used on many systems can be circumvented using what researchers referred to as "simple non-destructive techniques".

A report from researchers at the Electronic Frontier Foundation, Princeton University and Wind River Systems concluded that many current consumer disk encryption programs can be compromised via a computer's DRam.

The problem is that data can remain in stored in memory even after the system is shut down. By cold-booting the system, an attacker could access data from the DRam and retrieve encryption keys.

"Most experts assume that a computer's memory is erased almost immediately when it loses power, or that whatever data remains is difficult to retrieve without specialised equipment," said the researchers.

"Ordinary DRam typically loses its contents gradually over a period of seconds, even at standard operating temperatures.

"Even if the chips are removed from the motherboard, the data will persist for minutes or even hours if the chips are kept at low temperatures."

The researchers claimed that laptops are at particular risk because an attacker could use the tactic to break into a system even if screen locks are in place.

To counter the attacks, the researchers suggested that system builders take measures to make data on memory chips decay more rapidly or block the use of memory-dump software used to retrieve data from memory chips.

However, the researchers concluded that the problem will not be easy to solve.

"Unlike many security problems, this is not a minor flaw; it is a fundamental limitation in the way these systems were designed," said Princeton researcher J. Alex Halderman.

"We have broken disk encryption products in exactly the case when they seem to be most important these days."

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
 
Breaches & Exposures Whitepapers
 
Popular Tags
disk encryption enterprise google isc lieberman packaged pgp quantum random recession rogue secrecy secret server software target thycotic webmasters whole