J
jim
You may have already heard about or read about this story. If so, this is
not for you.
For those people in positions where privacy can mean the life or death of a
career or even a person, listen up......
"Computer scientists have discovered a novel way to bypass the encryption
used in programs like Microsoft's BitLocker and Apple's FileVault and then
view the contents of supposedly secure files.
In a paper (PDF) published Thursday that could prompt a rethinking of how to
protect sensitive data, the researchers describe how they can extract the
contents of a computer's memory and discover the secret encryption key used
to scramble files. (I tested these claims by giving them a MacBook with
FileVault; here's a slideshow.)
"There seems to be no easy remedy for these vulnerabilities," the
researchers say. "Simple software changes are likely to be ineffective;
hardware changes are possible but will require time and expense; and today's
Trusted Computing technologies appear to be of little help because they
cannot protect keys that are already in memory. The risk seems highest for
laptops, which are often taken out in public in states that are vulnerable
to our attacks. These risks imply that disk encryption on laptops may do
less good than widely believed." "
Read the entire article at
http://www.news.com/8301-13578_3-9876060-38.html?tag=tb or view the video
straight from Princeton at http://citp.princeton.edu/memory/.
jim
not for you.
For those people in positions where privacy can mean the life or death of a
career or even a person, listen up......
"Computer scientists have discovered a novel way to bypass the encryption
used in programs like Microsoft's BitLocker and Apple's FileVault and then
view the contents of supposedly secure files.
In a paper (PDF) published Thursday that could prompt a rethinking of how to
protect sensitive data, the researchers describe how they can extract the
contents of a computer's memory and discover the secret encryption key used
to scramble files. (I tested these claims by giving them a MacBook with
FileVault; here's a slideshow.)
"There seems to be no easy remedy for these vulnerabilities," the
researchers say. "Simple software changes are likely to be ineffective;
hardware changes are possible but will require time and expense; and today's
Trusted Computing technologies appear to be of little help because they
cannot protect keys that are already in memory. The risk seems highest for
laptops, which are often taken out in public in states that are vulnerable
to our attacks. These risks imply that disk encryption on laptops may do
less good than widely believed." "
Read the entire article at
http://www.news.com/8301-13578_3-9876060-38.html?tag=tb or view the video
straight from Princeton at http://citp.princeton.edu/memory/.
jim