Let's Give A Chilly Welcome To That Newest Of Hackers: Mr. Freeze
turbotodd 100000388Y Visits (1718)
The New York Times' John Markoff files today that a group of Princeton University computer security researchers have develop a novel way to steal encrypted information stored on computer hard disks: freeze it out.
Yes, using that ever innovative can of dust remover (you know, the one used to clean the dust off your computer?), the researchers were able to freeze the data on the DRAM long enough to read and remove the RSA keys needed to unscramble encrypted data.
Holy liquid nitrogen, Batman, how are we going to protect our precious business assets?!?
The research report indicates countermeasures are difficult, but possible.
They include discarding or obscuring encryption keys before an adversary (The Joker!?) might gain physical access. Preventing memory-dumping software from being executed on the machine. Physically protecting DRAM chips. And even making the contents of memory decay more readily.
Or, we could all just go back to using an abacus.
ZDNet's Zero Day blog has a good and quick video explaining this new hack attack methodology ("It only takes a few minutes," both the attack and the video).
You can learn more at citp