Ahhh that has a bad sound to it. I can just hear the news stories from the incident now...

Ack! Cool.. Game... Runs... on... Linux... Must... Resist...

There should be some sort of license for the caps key, maybe with a test beforehand. Something like a CAC (Certified Appropriate Capper) 

I was pondering this morning on the encryption attack from Princeton (http://citp.princeton.edu/memory/) and what could be done to prevent it. On the top of my list were the following:

1. BIOS passwords. If the machine can't be booted back up to start from the removable device in order to dump the ram out, there goes the attack. At the very least, the attacker would be forced stop and clear the password (if they can) or to move the ram to another machine. Meanwhile the clock is ticking on the contents of the ram.

2. Restrict access to boot devices. If the machine can't boot from a removable device, then we're done, with the same provisions as above.

3. Restrict physical access to the guts of the machine. Many machines today have a provision for a physical lock, this would at least slow the attacker down. In addition, it would likely not be too hard to rig up some sort of a shield for the ram inside the machine to keep it from being removed or directly cooled (though this might cause heat issues). This is starting to go to extreme measures.

For a truly determined attacker, there are ways around all of this. Additionally, it would actually be a much more simple attack to just plug a hardware keylogger into the back of the machine and get the passsword/phrase from there (presuming that it came in via the keyboard). I think this attack is interesting, but really overblown impact-wise.

Thoughts?

Ha! I knew someone would be doing this in perl

http://search.cpan.org/~knok/File-MMagic-1.27/MMagic.pm

Yes, presuming that your wireless card(s) are working  Of course, there's also GPS, mapping, etc... to configure if you want to do the whole shebang.

Aha! Here's a tool that does what you want

http://www.forensicinnovations.com/fisdk.html

Though it is a bit pricey. I'll bet a person could code something up in perl to do this.

I *think* that you might be able to get the file command on Windows with Cynwin

http://www.cygwin.com/

It is a good album

Very true. Kismet, in particular, will need additional configuration after install. This is not unusual.

I think that's about all anyone (in the US) is doing. It'll be interesting to watch for the next 5 or 10 years 

These are security folks that don't know what it is?

Alright, Who wants some?

You can use the file command in Linux for this, as it doesn't depend on the extension being correct:

~/Documents/portishead dummy$ file 11-portishead-glory_box-ksi_int.mp3
11-portishead-glory_box-ksi_int.mp3: MPEG ADTS, layer III, v1, 256 kBits, 44.1 kHz, Stereo

~/Documents/portishead dummy$ cp 11-portishead-glory_box-ksi_int.mp3 11-portishead-glory_box-ksi_int.mp3.copy

~/Documents/portishead dummy$ file 11-portishead-glory_box-ksi_int.mp3
11-portishead-glory_box-ksi_int.mp3: MPEG ADTS, layer III, v1, 256 kBits, 44.1 kHz, Stereo

Great! Glad it worked out well for you. Maybe we should put together a DIY Lifelock tutorial.