>From http://blogs.zdnet.com/security/?p=900
"That key assumption is now being fundamentally challenged with a $7 can of compressed air and itÂ’s enough to give every security professional heart burn." :-) Working URL of the research site for plaintext e-mail clients: http://citp.princeton.edu/memory/ Juha-Matti "Richard M. Smith" <[EMAIL PROTECTED]> wrote: >http://www.nytimes.com/pages/technology/index.html > >A Method for Critical Data Theft > >By JOHN MARKOFF > ><http://www.nytimes.com/2008/02/22/technology/22chip.html> A Method for >Critical Data Theft >Center for Information Technology Policy, Princeton University >Princeton-based researchers broke the encryption system by freezing memory >chips, permitting them to read the software. > >SAN FRANCISCO - A group led by a Princeton ><http://topics.nytimes.com/top/reference/timestopics/organizations/p/princet on_university/index.html?inline=nyt-org> University computer security >researcher has developed a simple method to steal encrypted information >stored on computer hard disks. > >The technique, which could undermine security software protecting critical >data on computers, is as easy as chilling a computer memory chip with a >blast of frigid air from a can of dust remover. Encryption software is >widely used by companies and government agencies, notably in portable >computers that are especially susceptible to theft. > >The development, which was described on the group ><http://citp.princeton.edu/memory/> 's Web site Thursday, could also have >implications for the protection of encrypted personal data from prosecutors. > > >The move, which cannot be carried out remotely, exploits a little-known >vulnerability of the dynamic random access, or DRAM, chip. Those chips >temporarily hold data, including the keys to modern data-scrambling >algorithms. When the computer's electrical power is shut off, the data, >including the keys, is supposed to disappear. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
