Ed Stoffel

It looks like many disk encryption schemes are vulnerable if someone has physical access to your drive, thanks to researchers with Princeton University and the Electronic Frontier Foundation. They've discovered a flaw and published their findings...

The attack takes only a few minutes to conduct and uses the disk encryption key that's stored in the computer's RAM. The attack works because content as well as encryption keys stored in RAM linger in the system, even after the machine is powered off, enabling an attacker to use the key to collect any content still in RAM after reapplying power to the machine.

Sounds like it's best to use an encryption scheme that doesn't preserve anything in RAM once you shutdown... at least not in readable form.

 Researchers: Disk Encryption Not Secure, Wired

 Cold Boot Attacks on Encryption Keys, Center for Information Technology Policy, Princeton University

 Update: RAM Hijacks, Security Now, Episode 137

In a recent security audit of a typical American company, investigators found it to be child's play to obtain confidential information about the company's secrets. Positioned across the street, they intercepted a large number of telephone conversations transmitted in the clear because a significant number of employees were using wireless headsets.

To perform the work, we purchased a commercially available radio scanner. These devices are available at any local electronics retailer at prices ranging from $80 to several thousand dollars. We chose a scanner capable of monitoring frequencies from 900 to 928MHz and the 1.2GHz ranges, which is where many of the popular hands-free headsets operate. We took a position across the street from the facility and started up the scanner. Within seconds of turning on the device, we were able to listen to conversations that appeared to be coming from our client's employees. Several of these conversations discussed the business in detail, as well as very sensitive topics... Within minutes of this discovery, we contacted our customer and explained the vulnerability... To demonstrate the sensitivity of what we discovered, we used the conversations we recorded to social engineer our way into the facility.

 Transcript of Episode 130, Security Now

Debra Burlingame revisits the Clintons' pardon of terrorists. What message did these pardons send to other terrorists around the world? The pardoned terrorists never renounced violence, and Hillary said she supported the pardons... until the public outcry began.

The perpetrators were members of Armed Forces of National Liberation, FALN (the Spanish acronym), a clandestine terrorist group devoted to bringing about independence for Puerto Rico through violent means. Its members waged war on America with bombings, arson, kidnappings, prison escapes, threats and intimidation. The most gruesome attack was the 1975 Fraunces Tavern bombing in Lower Manhattan. Timed to go off during the lunch-hour rush, the explosion decapitated one of the four people killed and injured another 60. ...By 1996, the FBI had linked FALN to 146 bombings and a string of armed robberies -- a reign of terror that resulted in nine deaths and hundreds of injured victims.

 The Clintons' Terror Pardons, WSJ