Maybe a ram cleaner ? I just found this http://www.zdnet.fr/telecharger/windows/fiche/0,39021313,39046500s,00.htmbut soon new tools will coming or be implemented in FDE solution.
2008/2/22, Garrett M. Groff <[EMAIL PROTECTED]>: > > Upon actually reading the paper, I answered my own question. The attack > works regardless of BitLocker's mode if the computer is on or in standby, > and works in "basic mode" (BitLocker+TPM in transparent operation mode) > even > if computer is off (since booting it up will cause the TPM to > automatically > release the key if no boot components have changed), but will not work if > computer is in hibernation or in an off state and not in basic mode. > > Very interesting paper. The attack exploits hardware, so I suspect we'll > need a hardware solution for this problem. > > > - G > > > > ----- Original Message ----- > From: "Dave Jevans" <[EMAIL PROTECTED]> > To: <[email protected]> > > Cc: "Garrett M. Groff" <[EMAIL PROTECTED]> > Sent: Friday, February 22, 2008 12:17 AM > Subject: Re: [FDE] Scary...... > > > > This attack WOULD work, as it is preserving the AES keys in DRAM after > the > > authentication has been completed. > > > > > > At 6:28 PM -0500 2/21/08, Garrett M. Groff wrote: > >>Regarding the following statement: > >>"It's a pretty exotic attack if you're using authentication (ie not > >>Bitlocker in TPM mode, or some autoboot mode)." > >> > >>That is only an issue when using BitLocker's "transparent operation > mode," > >>right? I.e., when using BitLocker+TPM and requiring that a PIN or USB > key > >>be > >>entered/present, this hardware-based attack doesn't work. Correct? > >> > >> > >>----- Original Message ----- > >>From: "SafeBoot Simon" <[EMAIL PROTECTED]> > >>To: <[email protected]> > >>Sent: Thursday, February 21, 2008 5:38 PM > >>Subject: Re: [FDE] Scary...... > >> > >> > >>It's a pretty exotic attack if you're using authentication (ie not > >>Bitlocker in TPM mode, or some autoboot mode). > >> > >>You'd have to attack a FDE protected machine that was on, or was on > >>only a very short time ago (minutes). Most data exposure comes from > >>people stealing drives or machines from cars etc which are long off. > >> > >>This is also not that new (though it seems to be creating a lot of > >>panic today) - it's an attack considered for many years. > >> > >>And of course with FDE, the simple act of zeroing all copies of the > >>key from memory on shutdown would resolve the "just off" scenario, > >>though nothing except something like Danbury or Seagate FDE solves the > >>"stolen while on" situation - but in that case, there are many good, > >>but perhaps more exotic attacks, like the firewire memory download, or > >>any potential network attack points. > >> > >> > >>On Feb 21, 3:19 pm, "Ali, Saqib" <[EMAIL PROTECTED]> wrote: > >>> http://citp.princeton.edu/memory/ > >>> > >>> However, hardware based encrypted drives like Seagate FDE would > easily > >>> deter these type of attacks. > >>> _______________________________________________ > >>> FDE mailing list > >>> [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde > >> > >>_______________________________________________ > >>FDE mailing list > >>[email protected] > >>http://www.xml-dev.com/mailman/listinfo/fde > >> > >>_______________________________________________ > >>FDE mailing list > >>[email protected] > >>http://www.xml-dev.com/mailman/listinfo/fde > > > > > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde >
_______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
