| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Feb 2008 14:32:54 +0100 From: niclas <lists@...enritter.de> To: full-disclosure@...ts.grok.org.uk Subject: Re: round and round they go > http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html (cooling down DRAMs keeps their contents for longer time, even during reboot.) well, this shows how important mechanical security still is, even with all the crypto-stuff out there. if you e.g. just *glued* your RAM modules into your motherboard, the option left would be booting a malicious OS. a BIOS-password might put delays on that. so, if it is really secret put your PC in a locked steel box! as a dircet countermeasure you might as well consider a simple temperature sensor next to your DRAMs, releasing [evil self-destruction hack] when temperatures drop below 0°C. thermite does a good job on destroying HDDs but it's very dangerous. it's probably more easy to use this device then: http://www.wiebetech.com/products/HotPlug.php looking at these two methods, i notice how "they" (whoever) seem to aim not only on physical access but also more and more on surprising the crypto-user. "they" might use the methods mentioned above or just hit you with a flashbang, so you can't press the lock key anymore. this worries me more than any it-related security flaw. i don't want the police to behave like that. n. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists