Full Disclosure mailing list archives
Re: round and round they go
From: "Jay" <jay.tomas () infosecguru com>
Date: Fri, 22 Feb 2008 13:40:00 -0500
I would think a more realistic scenario might be a person working at an airport shutting their system down then getting it stolen vs a forensic examiner yanking the cord on purpose. Just an observation. ----- Original Message ----- From: matthew wollenweber [mailto:mwollenweber () gmail com] To: lists () datenritter de Cc: full-disclosure () lists grok org uk Sent: Fri, 22 Feb 2008 09:57:55 -0500 Subject: Re: [Full-disclosure] round and round they go I found the article interesting, but I wonder about it's practicality. If you have physical access to the box you never really need to power down the box in the first place and generally if the box is already on, I think most people would prefer to attack a service to get on the system directly. But there are some special cases where these techniques will likely be very useful. For me, I've always disliked the practice of doing live forensic discovery. I'd much rather get a clean disk dump than to poke around on the system first, but losing RAM sucks. Maybe now IR/Forensic guys can get the best of both worlds? They can yank the power to save the disk state and dump memory by using the techniques described in the article. :) On Fri, Feb 22, 2008 at 8:32 AM, niclas <lists () datenritter de> wrote:
http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html(cooling down DRAMs keeps their contents for longer time, even during reboot.) well, this shows how important mechanical security still is, even with all the crypto-stuff out there. if you e.g. just *glued* your RAM modules into your motherboard, the option left would be booting a malicious OS. a BIOS-password might put delays on that. so, if it is really secret put your PC in a locked steel box! as a dircet countermeasure you might as well consider a simple temperature sensor next to your DRAMs, releasing [evil self-destruction hack] when temperatures drop below 0?C. thermite does a good job on destroying HDDs but it's very dangerous. it's probably more easy to use this device then: http://www.wiebetech.com/products/HotPlug.php looking at these two methods, i notice how "they" (whoever) seem to aim not only on physical access but also more and more on surprising the crypto-user. "they" might use the methods mentioned above or just hit you with a flashbang, so you can't press the lock key anymore. this worries me more than any it-related security flaw. i don't want the police to behave like that. n. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Matthew Wollenweber mwollenweber () gmail com | mjw () cyberwart com www.cyberwart.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- round and round they go Elazar Broad (Feb 21)
- Re: round and round they go niclas (Feb 22)
- Re: round and round they go matthew wollenweber (Feb 22)
- <Possible follow-ups>
- Re: round and round they go Jay (Feb 22)
- Re: round and round they go niclas (Feb 22)
- Re: round and round they go Jay (Feb 22)
- Re: round and round they go niclas (Feb 23)
- Re: round and round they go niclas (Feb 22)