Thursday, February 21, 2008

HD Encryption can be defeated via DRAM vulnerability

http://www.boingboing.net/2008/02/21/report-disk-encrypti.html

Basically, the information stored in DRAM does not disappear instantly, it can take seconds to minutes for that information to fade. Which allows software from a special program to special operating system to retrieve the raw data out of this DRAM with out encryption. I would also assume a parasitic device could be placed on the DRAM module(s) to capture the unencrypted information. I would think that modifying the DRAM modules (at the factory) to shunt the memory would effectively fix the slow persistence of the data by actively draining the energy from the DRAM when it is supposed to be empty/off.

-- Tim Krabec
Kracomp

Wednesday, February 20, 2008

Proactive

You know who these people are, they are the ones working late or coming in early to try something out or to look into an issue where something just does not "feel right". These people are the ones reading the journals, researching online, being active with their peers, listening to details, I could go on for a while, but you get the picture. Being proactive takes effort, the ability to plan, visualize, to create contingency plans, and to realize that stuff will go wrong. Being proactive also means being able to see keep things in perspective and see the big picture and never willingly walking into a situation with out as much knowledge as possible.

Being a proactive Administrator or Security Coordinator, means visiting hacking sites, learning about social engineering, learning about best practices, learning how to communicate effectively with upper management or the board. Developing or implementing policies and procedures, being replaceable and promotable, some people believe that if they are indispensable they cannot be fired or replaced easily, and while this may be true it also means that they cannot be promoted or go on a vacation. Actively seeking and maintaining contacts in various departments of your organization, allows you or your people to keep abreast of problems while they are still small, to create effective training programs and materials.

-- Tim Krabec
Kracomp