Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] [Rival] Cold-booting Bitlocker-bypassing source code published

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____/ Homer on Tuesday 22 July 2008 16:00 : \____

> Verily I say unto thee, that The Ghost In The Machine spake thusly:
>> http://news.cnet.com/8301-13578_3-9995579-38.html?tag=nefd.top
>> 
>>     A team of computer scientists has published source code
>>     that can in some circumstances bypass encryption used
>>     in Microsoft's BitLocker and Apple's FileVault and be
>>     used to view the contents of supposedly secure files.
>> 
>> [The general idea is to dump RAM and then tease out the
>> encryption/decryption keys.  It is possible that Linux is
>> vulnerable to similar attacks, though I'd frankly have
>> to look at the loop device code.  At least with Linux,
>> I can...]
> 
> It probably is. These cold boot attacks have been discussed before. All
> it would take to secure against this attack is to wipe RAM with a random
> pattern (a la DBAN) before shutdown.

just don't seed it using Windows [1]. Use something like a Linux CD.

___
[1] Duh! Windows Encryption Hacked Via Random Number Generator

,----[ Quote ]
| GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
| Pinkas from the Department of Computer Science at the University of Haifa
| succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
| operating system. The significance of the loophole: emails, passwords, credit
| card numbers, if they were typed into the computer, and actually all
| correspondence that emanated from a computer using "Windows 2000" is
| susceptible to tracking. "This is not a theoretical discovery. Anyone who
| exploits this security loophole can definitely access this information on
| other computers," remarked Dr. Pinkas.        
|
| Editors Note:  I believe this "loophole" is part of the Patriot Act, it is
| designed for foreign governments.  Seriously, if you care about security,
| privacy, data, trojans, spyware, etc., one does not run Windows, you run
| Linux.  
`----

http://www.linuxelectrons.com/news/general/14365/duh-windows-encryption-hacked-via-random-number-generator


- -- 
                ~~ Best of wishes

Roy S. Schestowitz      | "Quote when replying in non-real-time dialogues"
http://Schestowitz.com  |  GNU is Not UNIX  |     PGP-Key: 0x74572E8E
      http://iuron.com - proposing a non-profit search engine
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkiGLJMACgkQU4xAY3RXLo7h7gCgpFZYj7x4UbiaAJoD7mXdJGfQ
cyMAniBQHaFC05fLRZcUebCuXbUv6+3t
=Ybv+
-----END PGP SIGNATURE-----

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index