Comments | footpad: Snippets

footpad

Snippets

Feb 22, 2008 10:01

Via schneier: hard disk encryption can be defeated by chilling RAM chips.

Commentary from the Institute of Physics: the stated motives for shooting down the satellite were implausible, and it's not a decent test for shooting down an ICBM. It's impressive progress in missile defence, but it's not yet time for anyone to crow about it.

news, computer security, space, scraps

Comments 13

sci February 22 2008, 11:15:58 UTC

There seems to be no easy fix for these problems.
Replace the RAM cover on your laptop with non-standard screws? By the time someone digs through their toolkit to find the right driver, the data will be gone.
Or get a small program that overwrites the area of RAM in question with random data before shutdown.

Neither of course stop the situations where the laptop has been aquired in a powered-on state and can be hard-reset, skipping proper shutdown (but then if they have it live, it may well be logged in anyway). Or if they have the cover off in advance of shutdown.

megadog February 22 2008, 11:22:28 UTC

Wonder how long it'll be before someone brings out a computer with a concealed switch that's held open by part of the case?

Try to take the case apart with the computer still powered-up: contact closes and shoves +12V into places-where-there-should-only-be-five, thereby releasing the Magic Smoke™ from the DRAM along with any stored cryptokeys.

footpad February 22 2008, 12:59:18 UTC

Or if they just goosh a pint of liquid nitrogen into the case before breaking it open.

hrrunka February 22 2008, 11:41:03 UTC

stated motives ... were implausible

Yeah, and transparently so. Was the NSA Pentagon really dumb enough to think anyone would believe it?

mut February 22 2008, 20:36:22 UTC

If I'd been China, I woulda nodded seriously at the US claim that it needed to be downed for safety reasons, taken careful note of the time they were going to do it, then knocked it down myself 18 hours earlier.

Fortunately, though, I'm not China and I don't have any big, red buttons.

megadog February 22 2008, 20:56:45 UTC

Why am I now positing the early emergence of a competitive market for downing old satellites....

footpad February 22 2008, 21:48:31 UTC

I am belatedly (and a little bit bamboozledly) facing the possibility that you may be more evil than I had realised.

mut February 22 2008, 23:23:42 UTC

Oh, I'm not _evil_, I just the idea of turning arbitrary rules or arguments back upon themselves.

If I'd been evil I would have suggested shooting down the US anti-satellite missile.

crashworks February 25 2008, 07:25:53 UTC

This attack can be foiled by simply maintaining physical security on the computer for a period of ten minutes after shutting it down.

For example, expose an attacker attempting to gain unauthorized physical access to the risk of serious injury.

footpad February 25 2008, 09:45:35 UTC

All well and good if you employ trigger-happy mercenaries at your remote data centre. (Actually, remembering some of the people who worked out at both my previous jobs...)

crashworks February 25 2008, 09:51:28 UTC

Good point, but at the same time, I would expect physical security to be among the services provided by a remote data centre, much as I expect it to be provided to my safe deposit box by a bank.

I will leave speculation on exactly how many armed employees guard our data centre as an exercise for the reader.

footpad February 25 2008, 10:32:28 UTC

Just one, but trained in some very special simulation environments. :)

On the other hand, the chap who comes to take your computer is typically waving a warrant, and the stakes have to be pretty high before it's worth waving guns back at him. Physical security won't help your average bent accountant or bonsai-kitten-hentai merchant.

Thread 5