.

Killer Hack

<<

iSmith

User avatar

Full Member
Full Member

Posts: 157

Joined: Sun Jan 20, 2008 12:01 pm

Post Tue Feb 26, 2008 9:32 am

Killer Hack

Some hardware hackers have just found a way to hack encryption standards. RAM data lasts for a few minutes after shutdown, so the hackers exploited that. read the full story here http://www.techradar.com/news/computing/why-disk-encryption-may-not-be-enough-247012
It's interesting. :)
In my eyes, your operating system is as solid as swiss cheese.
<<

Bogwitch

Jr. Member
Jr. Member

Posts: 51

Joined: Wed Aug 16, 2006 3:29 am

Post Tue Feb 26, 2008 10:12 am

Re: Killer Hack

iSmith,

The problems of RAM retention are nothing new - this has been known of for a while. Only recently has proof-of-concept been made public.

It is very dependant on at attacker gaining physical access to a machine soon after shutdown and either being able to freeze the memory or transfer it to a test machine pretty quickly. It would be unlikely an attacker would want to use the original host machine for the memory recovery as some BIOSes clear the memory at system startup and booting an OS, however small, would overwrite some memory.
So, if you're worried about this, ensure you have a second boot partition/floppy/cd/usb that has a memory purge application or sit and wait a couple of hours for the RAM to dissapate fully.

Related, has anyone thought about modding a DIMM holder to provide a voltage and refresh clock in order to transport the memory and have it retain it's content indefinitley? Who needs liquid nitrogen? Maybe this should be in the forensic thread...
CISSP, C|EH, C|HFI
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Tue Feb 26, 2008 10:58 am

Re: Killer Hack

They were able to use this technique to crack Nintendo's encryption for the Wii. See the topic about it it started by don.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

JobMatchNow

Newbie
Newbie

Posts: 24

Joined: Thu May 01, 2008 1:53 pm

Post Thu Jun 12, 2008 9:46 am

Re: Killer Hack

I always thought computers were not safe.
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Jun 12, 2008 9:59 am

Re: Killer Hack

JobMatchNow wrote:I always thought computers were not safe.


They're not...they're evil, vile machines.  As your attorney, I advise you to never use one again.
Reluctant CISSP, Certified ASS
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Thu Jun 12, 2008 4:34 pm

Re: Killer Hack

oneeyedcarmen wrote:They're not...they're evil, vile machines.  As your attorney, I advise you to never use one again.


Not even to check the EH Net forums? :P
Put that in your pipe and grep it!
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Fri Jun 13, 2008 3:39 pm

Re: Killer Hack

An old professor of mine told me... "If you want a secure computer, make sure it's not plugged into ethernet.... and fill the room with cement."  That's about the only way to get a 100% secure computer, that's not broken.  :P  Computers are fun though, must... have... computers.
"Bad.. Good?  I'm the guy with the gun"
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Jun 15, 2008 3:32 pm

Re: Killer Hack

g00d_4sh wrote:An old professor of mine told me... "If you want a secure computer, make sure it's not plugged into ethernet.... and fill the room with cement." 


I can't vouch for the authenticity as I'm too young (thank god) but apparently that's how M$ got NT4 through it's security standards: removed network cables, floppy drives, any IO device (keyboard/mouse/etc.) and locked the door. 100% secure...
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Mon Jun 16, 2008 8:40 am

Re: Killer Hack

RoleReversal wrote:apparently that's how M$ got NT4 through it's security standards


That is a really scary thought.
Had to remove everything but the processor to make it secure.
Put that in your pipe and grep it!
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Mon Jun 16, 2008 3:16 pm

Re: Killer Hack

Heh... most people don't realize that physical access to a machine... makes it inherently insecure.  If it can be booted... it can be booted onto something it wasn't ment to be, with enough playing around.  That's when I found a public kiosk in one of the buildings had it's USB slots accessable, AND the power on/off button accessable.. I was rather pissed.  Then I realized it didn't go into my LAN, but the LAN of another department... then I wasn't quite so pissed.  But I did make mention of it. :P
"Bad.. Good?  I'm the guy with the gun"
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Jun 22, 2008 8:39 am

Re: Killer Hack

Bogwitch wrote: It would be unlikely an attacker would want to use the original host machine for the memory recovery as some BIOSes clear the memory at system startup and booting an OS, however small, would overwrite some memory.


Yes this is a danger, but you would need to either know what type of ram was in the machine in advance or have several machines handy to transfer the ram to. I would think that this would also increase the possibility of heating the ram up enough to lose the contents in the process.

Bogwitch wrote:So, if you're worried about this, ensure you have a second boot partition/floppy/cd/usb that has a memory purge application or sit and wait a couple of hours for the RAM to dissapate fully.


You would need to do this every time you left the machine, which sounds like a bit much. Physically restricting access to the ram might help.

Return to Hardware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software