Want to break into a computer's encrypted hard drive? Just blast the machine's memory chip with a burst of cold air.
That's the conclusion of new research out of Princeton University demonstrating a novel, low-tech way hackers can access even the most well-protected computers, provided they have physical access to the machines.
The Princeton report shows how encryption, long considered a vital shield against hacker attacks, can be defeated by manipulating the way memory chips work. The researchers say the ease of their attack raises fears about the security of laptop computers increasingly used to store sensitive information, from personal banking data, to company trade secrets, to national security documents.
Freezin a dynamic random access memory, or DRAM, chip, the most common type of memory chip in personal computers, causes it to retain data for minutes or even hours after the machine loses power, the report found. That data includes the keys to unlock encryption. Without freezing, the chip loses its contents within seconds.
Hackers can steal information stored in memory by rebooting the compromised machine with a simple program designed to copy the memory contents — before the computer has a chance to purge sensitive data, according to the study.
Laptops left in hibernation or sleep mode, or simply not turned off at all, are the most vulnerable to the new type of attack.
"These risks imply that disk encryption on laptops may do less good than widely believed," according to the report, which was published this week by researchers from Princeton, the Electronic Frontier Foundation digital rights group, and Wind River Systems software company. "Ultimately, it might become necessary to treat DRAM as untrusted, and to avoid storing sensitive confidential data there, but this will not be feasible until architectures are changed to give software a safe place to keep its keys."
Researchers have known since the 1970s that cooled DRAM chips can retain their contents long after power to them is extinguished, but the researchers said they believe their study is the first security paper to focus on the phenomenon. National security agencies may also have been aware that the types of breaches outlined in the study are possible, the researchers said, but added they weren't able to find evidence of that in any publications.
Complete article here.
Sunday, February 24
Sunday, February 17
'Friendly Worms' to help Spread Software Fixes Faster
"Microsoft researchers are working out the perfect strategies for worms to spread through networks. Their goal is to distribute software patches and other friendly information via virus, reducing load on servers. This raises the prospect of worm races — deploying a whitehat worm to spread a fix faster than a new attacking worm can reach vulnerable machines."
A good idea, isn't it? (Though the concept is quite old) but still it is worth a consideration. Imagine infecting yourself purposely by a worm and feeling good about it. :)
A good idea, isn't it? (Though the concept is quite old) but still it is worth a consideration. Imagine infecting yourself purposely by a worm and feeling good about it. :)
The laptop repair that triggered a sex scandal
There are some very good reasons why it's a sensible idea to back up the contents of your hard disk and either erase or encrypt all the stuff you won't want others to see when handing in a PC or laptop for repairs.
You never know if the system could end up getting lost as was the case with the hapless Raelyn Campbell who is now suing Best Buy for $54 million after it happened to her. Or worse still, it could end up getting posted on the Internet for all the world to see as with the even more hapless Edison Chen, a popular singer and actor in Hong Kong.
Chen, who is a relative unknown in the U.S., is scheduled to appear in Christopher Nolan's "The Dark Knight", the next installment in the Batman series scheduled to be released later this year. He has been making headlines in Hong Kong recently after a series of racy pictures of himself in the company of several other Hong King celebrities were published all over the Web (yes, including on YouTube). The photos, about 1300 of them actually, came from the hard disk of a computer belonging to Chen that was handed in for some sort of repairs.
While servicing the computer, the technicians apparently stumbled on to a cache of photos of the star in some rather compromising situations. But instead of just leaving them there, which would of course have been the polite thing to do (OK, maybe after a peek or two), the folks at the service center decided to post them on the Net.
I've never been to Hong Kong, so I don't know if the people there are really as ravenous for this sort of news, as media reports insist they are. But apparently, l'affaire Chen has become the hugest sex scandal to have hit Hong Kong's celebrity circuit in a while, with photos of the star's dalliances with other celebrities being splashed all over the place. Apparently it has reduced Chen's carefully cultivated "nice guy" image to a shambles. It has also tarnished the reputations of about six other celebrities including actress Cecilia Chung and singer Gillian Chung, according to reports.
You never know if the system could end up getting lost as was the case with the hapless Raelyn Campbell who is now suing Best Buy for $54 million after it happened to her. Or worse still, it could end up getting posted on the Internet for all the world to see as with the even more hapless Edison Chen, a popular singer and actor in Hong Kong.
Chen, who is a relative unknown in the U.S., is scheduled to appear in Christopher Nolan's "The Dark Knight", the next installment in the Batman series scheduled to be released later this year. He has been making headlines in Hong Kong recently after a series of racy pictures of himself in the company of several other Hong King celebrities were published all over the Web (yes, including on YouTube). The photos, about 1300 of them actually, came from the hard disk of a computer belonging to Chen that was handed in for some sort of repairs.
While servicing the computer, the technicians apparently stumbled on to a cache of photos of the star in some rather compromising situations. But instead of just leaving them there, which would of course have been the polite thing to do (OK, maybe after a peek or two), the folks at the service center decided to post them on the Net.
I've never been to Hong Kong, so I don't know if the people there are really as ravenous for this sort of news, as media reports insist they are. But apparently, l'affaire Chen has become the hugest sex scandal to have hit Hong Kong's celebrity circuit in a while, with photos of the star's dalliances with other celebrities being splashed all over the place. Apparently it has reduced Chen's carefully cultivated "nice guy" image to a shambles. It has also tarnished the reputations of about six other celebrities including actress Cecilia Chung and singer Gillian Chung, according to reports.
Subscribe to:
Posts (Atom)