I felt all responsible for having whole-disk encryption on my laptop, but sadly that’s defeatable:
-
-
Twitter Updates
-
2008 02 21
dm-crypt attack based on reading RAM after quick reboot
pebkac thoughts
ID=10T ERROR (tagline not found)
{ 1 } Comments
Well, for you it’s actually not at all true. See this only works if your machine is accessed by someone else while it’s on or in standby mode. I’m not sure how often you leave your machine unattended while it’s on, but in that case they would have access anyways and can install a keylogger or a backdoor (think high ports) or something similar, which is just as bad if not worse. I mean, in those 2 minutes they were able to get the encryption key, but not the data on the disk yet, with a backdoor they have full disk read access whenever it’s on. Ready to find your shadow or passwd file and start jack the ripper to get your passwords, then check what you’ve been ssh’ing and test those passwords there, etc, etc. Scary stuff.
As long as you turn off your machine when not near it you have not to worry and you’re totally secure and safe.
The problem lies mainly with (you guessed it!) windows vista computers. In vista the off button in the start menu defaults to sleep without a prompt, not to actually turning off the machine. (see here) So most people never actually turn off vista machines. In that case a vista machine is vulnerable at any time! Mac users also have the tendency to just close the lid when not using it, –> same vulnerability.
So turn off that acpi crap (just find ways to optimize your boot time and it’s really not all that much time), and always shut your box down when not in front of it, and you are as secure as you always thought you were. Noone with state of the art freezing technlogy will image your ram or hack your disk.
Post a Comment