back to article Next time you go to the loo, bring your locked laptop with you

This story was updated on Tuesday 1st April 2008 to correct inaccuracies about DaisyDukes. It works on memory dumps or live memory. At the moment, it is not memory dumper. Building off recent research that showed how to extract encryption keys from a computer's memory, a penetration testing company has unveiled a prototype of a …

COMMENTS

This topic is closed for new posts.
  1. Jeff
    Alert

    I think software devs could learn something from web security then..

    the only way to resolve this is for software to stop storing keys in memory; but will need some sort of session identifier in order to maintain security etc.

    Interesting times!

  2. Sean Purdy
    Coat

    Daisy Duke, penetration testing...

    Snigger. I'll get my trenchcoat...

  3. Anonymous Coward
    Anonymous Coward

    "Next time you go to the loo, bring your locked laptop with you"

    Have you not already been doing that anyay?

  4. GettinSadda
    Pirate

    Security Checklist

    So, lets see...

    I now have to set the following BIOS fields:

    Chassis Intrusion Detection = Enabled

    Chassis Intrusion Action = Reboot

    Reboot RAM test = Aggressive

    Boot from USB = Disabled

    BIOS Password = Enabled

    BIOS Password Strength = Very Strong

    But, I still have no method of stopping someone simply pulling the plug then getting the RAM out and into another machine before it fades. Time for an on-board battery that is used to wipe the RAM if power is lost.

  5. Steve Evans

    Youch...

    Everyone to their BIOS!

    Enable BIOS password: YES

    Allow boot from USB: NO

    And then stick a chain round the box to stop anyone doing a BIOS reset!

  6. Tom

    Just proves the point...

    ... that physical security is still the most import layer of any security policy.

  7. James Radley

    BIOS update

    The long term fix to this will be fairly simple - a BIOS update that overwrites your RAM with 0's / Random numbers immediately on startup, before it starts hunting for a boot sector somewhere on a USB stick/floppy/harddrive.

  8. Martin
    Thumb Up

    Lucky me then?

    I have yet to own a desktop or laptop that can boot off USB. I thought it a damn nuisance, maybe not so bad now.

  9. Smallbrainfield

    Daisy Duke

    Phwooar.

  10. Beech Horn
    Linux

    PIE SSP

    What about PIE SSP?

    If every stack is loaded into a different place and compiled as such then surely this kind of attack cannot work.

    Admittedly you'd have to use a FUSE based file system (so much for a monolithic kernel being good) but you can maintain security against this and many other attacks.

  11. Anonymous Coward
    Anonymous Coward

    Could be worse

    Needing the reboot means a passworded bios set to boot from HDD only is still a defence against this one. I initially thought they were using USB DMA memory sniffing of a live machine like the Firewire DMA attach covered a few weeks ago. Still it's only a matter of time.

  12. Tom Hillman
    Paris Hilton

    Not just USB

    Anyone who has suggested disabling USB booting is missing the point: the program could as easily be run from a bootable CD. Possibly even a floppy.

    Clearing/over-writing the RAM is just masking the problem - certainly not a 'long term solution'. Passwords simply shouldn't be stored in memory. Jeff may be right on this one, Interesting times...

  13. Dave Bell
    Linux

    So you shouldn't store passwords in RAM?

    Er, how?

    You read a disk sector, not individual bytes. I don't think you can keep that chunk of data out of RAM without a fundamental redesign of the whole chain from disk platter to CPU registers.

    When better physical security, and some BIOS changes, could stop such attacks, why go to such lengths.

    Possible the big risk is the inside job?

  14. JHL

    What parallel with web security?

    Jeff - if you look at the actual security risks this sort of attack adds (disregarding physical security), it's primarily drive encryption that can be compromised. And drive encryption requires the key in memory, and somewhere the software can find it.

    BIOSes that clear RAM ('full memory test' in POST should do it) would prevent this particular attack.

  15. Mark Pipes
    Flame

    drastic measure

    disable usb boot as per above. Wite chassis switch to fuse of large thermite charges. One surrounding the RAM, the other the Hard drive. Open the door without the proper key to disarm, and the hd and ram go away, along with all of the data. Drastic, but secure.

  16. Phil

    Things I don't Understand ...

    1. why there is a distinct signature for passwords in memory.

    2. why passwords aren't wiped from memory when I lock the machine.

    3. why el Reg comments don't provide a 'refer to previous comment' option.

    4. why my local supermarket doesn't have fresh bread on Mondays.

  17. Anonymous Coward
    Boffin

    @phil

    1. so your computer can find them.

    2. a.Because they will be needed to restart the session.b. Because it's being turned off why bother they will fade anyway slow/hung shutdown can also be a problem.

    3. Because we are a pain in their collective asses, and we don't need encouragement.

    4. Because they always sell their fresh bread to convenience stores first next day they sell whats left over to the grocery stores. The reason is they get more money for their product at convenience stores and restaurants. The account is worth more gets quicker service. Go to a 7-11 and get that $8.00 loaf of white bread it's fresh.

  18. Steve Oliver
    Paris Hilton

    Yes! The title!

    For God's sake;

    'Next time you GO to the loo, TAKE your locked laptop with you' or

    'Next time you COME to the loo, BRING your locked laptop with you.

    Bloody idiots mashing the English language! That's our job!

    Paris, because she knows when to come or go.....

  19. Lee T.
    Flame

    @drastic measure

    and if you make the charges large enough, goodbye also the bugger trying to open the machine.

This topic is closed for new posts.