You may have already heard about or read about this story. If so, this is
not for you.

For those people in positions where privacy can mean the life or death of a
career or even a person, listen up......

"Computer scientists have discovered a novel way to bypass the encryption
used in programs like Microsoft's BitLocker and Apple's FileVault and then
view the contents of supposedly secure files.

In a paper (PDF) published Thursday that could prompt a rethinking of how to
protect sensitive data, the researchers describe how they can extract the
contents of a computer's memory and discover the secret encryption key used
to scramble files. (I tested these claims by giving them a MacBook with
FileVault; here's a slideshow.)

"There seems to be no easy remedy for these vulnerabilities," the
researchers say. "Simple software changes are likely to be ineffective;
hardware changes are possible but will require time and expense; and today's
Trusted Computing technologies appear to be of little help because they
cannot protect keys that are already in memory. The risk seems highest for
laptops, which are often taken out in public in states that are vulnerable
to our attacks. These risks imply that disk encryption on laptops may do
less good than widely believed." "

Read the entire article at
http://www.news.com/8301-13578_3-9876060-38.html?tag=tb or view the video
straight from Princeton at http://citp.princeton.edu/memory/.

jim

I always, ALWAYS carry a can of compressed air upside down in my pocket just
so I can super cool the memory chips from a PC and steal the data resident
on them. This just goes back to probably the second oldest security rule
there is - "If you don't physically secure your computer, it is no longer
your computer." The oldest, of course, being "If you let someone else run
code on your computer, it is no longer your computer."

--
Richard G. Harper [MVP Shell/User] (E-Mail Removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/


"jim" <(E-Mail Removed)> wrote in message
news:G8Bvj.106956$L%(E-Mail Removed)...
> You may have already heard about or read about this story. If so, this is
> not for you.
>
> For those people in positions where privacy can mean the life or death of
> a career or even a person, listen up......
>
> "Computer scientists have discovered a novel way to bypass the encryption
> used in programs like Microsoft's BitLocker and Apple's FileVault and then
> view the contents of supposedly secure files.
>
> In a paper (PDF) published Thursday that could prompt a rethinking of how
> to protect sensitive data, the researchers describe how they can extract
> the contents of a computer's memory and discover the secret encryption key
> used to scramble files. (I tested these claims by giving them a MacBook
> with FileVault; here's a slideshow.)
>
> "There seems to be no easy remedy for these vulnerabilities," the
> researchers say. "Simple software changes are likely to be ineffective;
> hardware changes are possible but will require time and expense; and
> today's Trusted Computing technologies appear to be of little help because
> they cannot protect keys that are already in memory. The risk seems
> highest for laptops, which are often taken out in public in states that
> are vulnerable to our attacks. These risks imply that disk encryption on
> laptops may do less good than widely believed." "
>
> Read the entire article at
> http://www.news.com/8301-13578_3-9876060-38.html?tag=tb or view the video
> straight from Princeton at http://citp.princeton.edu/memory/.
>
> jim
>

On Fri, 22 Feb 2008 16:44:13 -0500, Richard G. Harper wrote:

> I always, ALWAYS carry a can of compressed air upside down in my pocket just
> so I can super cool the memory chips from a PC and steal the data resident
> on them. This just goes back to probably the second oldest security rule
> there is - "If you don't physically secure your computer, it is no longer
> your computer." The oldest, of course, being "If you let someone else run
> code on your computer, it is no longer your computer."

You've missed the point here, which is that most full disk encryption
utilities, Bitlocker included, advertise as one of their benefits, the
ability to protect confidential data in the event your computer is stolen.

With BDE at least, if you use a TPM with a PIN or a USB device with a PIN
and either power off or hibernate your computer, the attack is mitigated.
--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
The generation of random numbers is too important to be left to chance.

Memo to users:

Never leave your computer unattended while powered on or in Standby Mode.
If you feel the need to leave your computer on a random park bench, please
ensure that you watch it closely for at least 60 seconds to ensure the
contents of the DRAM have decayed adequately to ensure someone cannot
possibly extract your encryption keys. At that point in time, feel free to
leave the area and frolic about in a carefree fashion - your data is safe.

MG

"Paul Adare" <(E-Mail Removed)> wrote in message
news:18prn5yu3ujqv.1bfvlan32fagt$.(E-Mail Removed)...
> On Fri, 22 Feb 2008 16:44:13 -0500, Richard G. Harper wrote:
>
>> I always, ALWAYS carry a can of compressed air upside down in my pocket
>> just
>> so I can super cool the memory chips from a PC and steal the data
>> resident
>> on them. This just goes back to probably the second oldest security rule
>> there is - "If you don't physically secure your computer, it is no longer
>> your computer." The oldest, of course, being "If you let someone else
>> run
>> code on your computer, it is no longer your computer."
>
> You've missed the point here, which is that most full disk encryption
> utilities, Bitlocker included, advertise as one of their benefits, the
> ability to protect confidential data in the event your computer is stolen.
>
> With BDE at least, if you use a TPM with a PIN or a USB device with a PIN
> and either power off or hibernate your computer, the attack is mitigated.
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> The generation of random numbers is too important to be left to chance.

jim wrote:

>You may have already heard about or read about this story. If so,
>this is not for you.
>
>For those people in positions where privacy can mean the life or
>death of a career or even a person, listen up......
>
>"Computer scientists have discovered a novel way to bypass the
>encryption used in programs like Microsoft's BitLocker and Apple's
>FileVault and then view the contents of supposedly secure files.
>
>In a paper (PDF) published Thursday that could prompt a rethinking of
>how to protect sensitive data, the researchers describe how they can
>extract the contents of a computer's memory and discover the secret
>encryption key used to scramble files. (I tested these claims by
>giving them a MacBook with FileVault; here's a slideshow.)
>
>"There seems to be no easy remedy for these vulnerabilities," the
>researchers say. "Simple software changes are likely to be
>ineffective; hardware changes are possible but will require time and
>expense; and today's Trusted Computing technologies appear to be of
>little help because they cannot protect keys that are already in
>memory. The risk seems highest for laptops, which are often taken out
>in public in states that are vulnerable to our attacks. These risks
>imply that disk encryption on laptops may do less good than widely
>believed." "
>
>Read the entire article at
>http://www.news.com/8301-13578_3-9876060-38.html?tag=tb or view the
>video straight from Princeton at http://citp.princeton.edu/memory/.
>
>jim

This article is interesting, but does not really touch on the more
important and common security risk;

1) The usage of clipboard extenders is wide spread and people quite
often forget to turn them off when what they are copying shouldn't be
stored anywhere other than in a secure file.
2) The pagefile holds all kinds of data.
3) and of course there are all of those temp files that are created and
deleted (but not securely deleted) by various applications.

I have found more things by just looking in those 3 places than people
thought possible. Add to that the fact that there are freeware programs
that will scan for different types of data (ie. scan for JPGs inside of
a pagefile, and you can see how serious breaches in security can occur.

The next problem of course is that if the passwords are physically
saveds on the disk, then with enough computing power and time a brute
force attack on the password file can reap all types of rewards once
you've cracked the password file everything else on the drive is an
open book.


--

Sincerely,
C.Joseph Drayton, Ph.D. AS&T

CSD Computer Services
Web site: http://csdcs.tlerma.com/
E-mail: (E-Mail Removed)