Commentary
USB & Firewall System Attacks Surface: Disable Your External Media Ports
It appears as though, more than ever before, if you lose physical sight, and especially control, of your notebook, your data could be hosed. This is even more so now that tools that attack disk-based crypto are surfacing at an alarming rate.It appears as though, more than ever before, if you lose physical sight, and especially control, of your notebook, your data could be hosed. This is even more so now that tools that attack disk-based crypto are surfacing at an alarming rate.It hasn't been too long since we covered the so-called "cold boot" attacks outlined by several security researchers. The paper, available here, details how encryption keys can be snatched from RAM.
A couple of days ago a researcher released a tool, msramdmp, which is available here, and details how to grab data from RAM.
More Security Insights
White Papers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Today, Kelly Jackson Higgins details, on our sister site, DarkReading, in this story, about additional tools coming to the fore that make it possible for attackers to use Firewire drives to commandeer locked Windows systems.
From the story:
"That Firewire port is, as designed, literally there to let you plug things into your laptop memory banks," says Thomas Ptacek, principal with Matasano Security. "When you think of Firewire, you really should just think of a cable coming directly out of your system's DRAM banks. That's basically all Firewire is."Ptacek says this tool raises the bar in physical hacking. "People think about physical hacking as something you have to do with a screwdriver and 20 minutes, under cover of darkness. Attacks like Adam's can be done in the time it takes you to pick up a sheet of paper off the office printer," he says.
In the story, Ptacek advises users that the best defense is to disable their Firewire ports. That may be good advice for enterprises with lots of sensitive data on notebooks. It's probably not practical for anyone doing video editing, or managing large graphic files. And while it's not a perfect solution, it's better than nothing. So it's probably a good time for larger enterprises to evaluate whether or not external ports should be disabled, especially for execs and others carrying sensitive information.
The best defense, obviously, is not to lose sight of notebooks. It's also probably time to start calling full disk encryption vendors and ask how they're mitigating the risk to these attacks.
But I wouldn't expect much, as Thomas Claburn reminds us, in this story, of one of Microsoft's 10 Immutable Laws of Security:
"If a bad guy has unrestricted physical access to your computer, it's not your computer anymore."
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
