- TalkBack 6 of 17:
- Next »
- « Previous
- Thread View
- Flat View
- A few things to note
-
Interesting read, but I'm not totally convinced the other theoretical vectors of attack would work.
This mostly shows that boot from LAN should be turned off unless you really use it. That's how it was done in this case - he was able to run his own software on the target machine because the target machine was set up to use NetBoot. Netboot should, IMHO, be turned off on all Macs, and the default should be off from the factory.
I'm not quite convinced the compressed air trick will work very well - memory normally needs to be refreshed every milliseconds, and I doubt compressed air would increase that to enough time to install it into a new computer and boot the new computer.
10% decay does sound reasonable - that's 12 to 25 bits, which is easily breakable. That is, if they can figure out which bits are decayed and which ones aren't.
"The answer is simple: an Apple utility called "hdiutil" can display the AES key for a FileVault volume as long as the passphrase is typed in first."
Interesting - the hacker can't work without a pass phrase! Perhaps Declan McCullagh is only being fooled - perhaps it's simply that the pass phrase is used to create the key?
I'm not familiar with how FileVault works, but it smells very fishy that the hacker actually needed his pass phrase to make it work.
At the very least, this shows that the hacker needs to get a copy of the pass phrase before successfully hacking it, and that if this is a random theft, it should be safe. - Posted by: CobraA1 Posted on: 02/21/08 You are currently: a Guest | Members login | Terms of Use
Supercooled memory?
Eriamjh | 02/21/08
|
Millions at stake in corporate espionage ...
terry flores | 02/21/08
|
re: back doors
CobraA1 | 02/21/08
|
|
Clearing memory at reboot would not work.
ye | 02/22/08
|
|
RE: Supercooled memory?
bfilipiak@... | 02/22/08
|
|
A few things to note
CobraA1 | 02/21/08
|
|
Careful there
georgeou | 02/21/08
|
|
hdiutil was simply used to show successful crack
terry flores | 02/21/08
|
|
RE: (Images: How to bypass FileVault, BitLocker security)
d1g1tal_ph3r3t | 02/21/08
|
|
RE: (Images: How to bypass FileVault, BitLocker security)
riverab0@... | 02/22/08
|
|
Addition
riverab0@... | 02/22/08
|
Cox
CassidyJames | 02/22/08
|
|
I would like to see this tried with Firmware locked
duane@... | 02/22/08
|
|
Info still unencrypted in RAM...
robert.rohr@... | 02/22/08
|
|
Bit Locker
cobra96ds@... | 02/25/08
|
|
Encyption Law
benjaminwright75205 | 02/22/08
|
|
This is freaky
John Musbach | 02/24/08
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Can your business work smarter? Learn more about Lotus Symphony
- Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
- Smarter ways to make smarter products Read the brief from IBM
