Comments on: Ram dumping to defeat disk encryption. Pedophiles and drug czars beware!

By: El Di Pablo

El Di Pablo — Mon, 25 Feb 2008 19:20:18 +0000

I got your comment. Yours does that to me too. If you refresh the page after you see that error, you will see your comment. Makes sense though, Intense Debate is still in beta.

By: AskTheAdmin

AskTheAdmin — Mon, 25 Feb 2008 19:14:25 +0000

I went to leave you a comment Paul and it didn't work out for me. The ID timed out trying to save my comment. I was in FF 2. What I wanted to say was:

Thanks for the link and your 2 cents! :)

By: El Di Pablo

El Di Pablo — Mon, 25 Feb 2008 19:06:15 +0000

So I reposted this here: http://tinyurl.com/yuhknc “>http://tinyurl.com/yuhknc

You ask what do we use to lock down our systems, well on my work desktop I have the new Truecrypt installed, which is one of the apps tested in the video. I also used to use Compusec (http://tinyurl.com/25shro) “>http://tinyurl.com/25shro) on my personal laptop, but did away with that when I switched to Ubuntu. I guess it doesn't matter what we use anymore huh ;-)

By: El Di Pablo

El Di Pablo — Mon, 25 Feb 2008 19:06:15 +0000

So I reposted this here: http://tinyurl.com/yuhknc “>http://tinyurl.com/yuhknc

By: El Di Pablo

El Di Pablo — Mon, 25 Feb 2008 17:19:56 +0000

Let me know how it turns out.

-EDP
http://www.bauer-power.net “>http://www.bauer-power.net

By: El Di Pablo

El Di Pablo — Mon, 25 Feb 2008 17:19:56 +0000

Let me know how it turns out.

-EDP
http://www.bauer-power.net “>http://www.bauer-power.net

By: AskTheAdmin

AskTheAdmin — Mon, 25 Feb 2008 16:06:24 +0000

Ram dumping tools are available on the web! If you can boot to ubuntu or a live distro you can use the tools on the machine to drop the encryption code (sometimes) Maybe the app that these guys built can do it better but once you have the info dumped from the ram you do not have a time limit @ all!

We will be giving this a try in the next week over @ AtA labs. Stay tuned loyal readers!

By: El Di Pablo

El Di Pablo — Mon, 25 Feb 2008 15:49:49 +0000

Damn Karl, you scooped me. I was going to blog about this today! I read about this on Friday. Watching the video, it still doesn't get me too worried. In order for someone to do this, they will have to do it close, and will not have much time to do it, even if they froze your ram with the air duster, that only gives them what 10 – 20 minutes of time to hack your stuff? That includes getting your laptop to a secluded spot to do the hack, freezing your ram, then booting up with their boot disk. Someone will have to go through a lot to do it. Besides, the researchers haven't released the source code, or the software for their hacking software. It doesn't look likely to be a wide spread problem yet.

By: PD

PD — Mon, 25 Feb 2008 12:44:22 +0000

Changing the boot order and protecting the BIOS are a good idea, but the attack also allows for physically removing the RAM and putting it in another machine, so changing the BIOS won't help there.

While these kinds of attacks are interesting, I think if you are facing an adversary who would go to this length, or one where you would seriously consider needing Truecrypt's plausible deniability feature, you are really in a whole different league from most encryption users. That's a situation where the attacker has targeted YOU and/or YOUR data. That is a much rarer occurrence than an attack that is random or someone just looking to steal the hardware.
In those cases any level of encryption would be enough.

It's similar to car theft. Any type of alarm or protection will generally protect you against random shopping mall attacks because there is always going to be an easier target. But if the thief is a professional who has a reason to steal YOUR car or the specific type of car you drive, there's not a whole lot you can do unless you want to spend a huge amount of money and effort.