[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Re: A Method for Critical Data Theft - New York Times
Begin forwarded message: From: Bob Drzyzgula <bob@drzyzgula.org> Date: February 22, 2008 9:50:30 AM EST To: David Farber <dave@farber.net> Cc: ip <ip@v2.listbox.com>Subject: Re: [IP] Re: A Method for Critical Data Theft - New York Times
On Fri, Feb 22, 2008 at 09:18:57AM -0500, David Farber wrote:
Begin forwarded message: From: "Lee Dryburgh" <dryburghl@gmail.com> Date: February 22, 2008 8:59:59 AM EST To: dave@farber.net Cc: ip <ip@v2.listbox.com> Subject: Re: [IP] A Method for Critical Data Theft - New York Times This has been all over the news today. It seems another unwarranted headline grabber (sorry to IP person whose work it is). The first point of security of data is physical security and from the quick read you need to push somebody away from their laptop, quickly spray the machine with something to cool it down very quick, hope the person did not disable booting from external drives...
Or you break into his apartment (possibly with the authority of a search warrant) while he's away shopping. Or you snatch his system from his table at Starbucks while he gets up use the rest room (note that if it has a battery you have until the battery runs down to cool the chips). Possibly it could be a system owned by a employer who suspected foul play on the part of the employee, and the employer would have every right to take control of the running device. The report also mentioned that it was possible to remove the memory to another system to perpetrate the attack, so disabling booting from an external drive is not sufficient, and even if your system had firmware that cleared RAM on boot this would be insufficient. There may be advanced mechanisms (use of an external hardware key was mentioned) that could block this attack. But it is not implausible that the sort of physical access required for this attack to be attempted could obtained, legally or illegally. --Bob -------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC