Home Projects Pictures Books About PGP Key

Princeton Releases Encryption Key Extraction Tool

If you remember and I'm sure that you do, a while back some researchers at Princeton released a demonstration video of shaping encryption keys from frozen memory.  They proved that RAM may not be quite as volatile as everyone had previously assumed.  The tool they used is now public information.  Great, great...so the hell what.

Another researcher had proved that through the use of a device with direct memory access (DMA) one could execute arbitrary commands by manipulating memory.

Access to memory + Crypto key shaping tool = pwned hard disk encryption without the need for a can of air and the ability to disassemble the computer (also sweet for 0wning the MacBook Air's smug little soldered on RAM).

Now, such a tool does not yet exist (to my knowledge).  Fertile ground.

This entry was posted on Wednesday, July 23rd, 2008 at 9:47 pm and is filed under Hardware, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

« DC405 - July Meeting Recap
DNS Flaw Details - Mirror »

Leave a Reply

  • Recent Posts

    • New ProCheckUp ValidateRequest Bypass
    • Samurai Web Test Framework 0.1
    • Altering the Mac OS X Login Access Window Text
    • Summary on the State of Nmap
    • Android Security Team Says Hi

  • Archives

    • September 2008
    • August 2008
    • July 2008
    • June 2008
    • May 2008
    • April 2008
    • March 2008
    • February 2008
    • January 2008
    • December 2007
    • November 2007
    • October 2007
    • September 2007
    • August 2007
    • July 2007

  • Categories

    • Art
    • Books
    • Community
    • conferences
    • Hardware
    • Management
    • Operating Systems
    • Podcast
    • Programming
    • Projects
    • Security
    • Site News
    • Software
    • Testing
    • Uncategorized
    • Web development

  • Blogroll

    • Defcon 405
    • ha.ckers.org
    • Halvar Flake
    • OSVDB Blog
    • phed.org
    • Scott Berkun’s Blog

  • Tags

    .Net ASP.NET Beta Books browser buffer overflow C Community Compliance Concept conferences Credit Cards dc405 defcon Development exploit Future fuzzing hacking Linux malware Management Metasploit Microsoft oklahoma Open Source osvdb OS X Patterns PCI Perl Podcast Programming protocols Ruby secure coding Security Silverlight SQL Server Testing tools vulnerabilities vulnerability WordPress xss

Calculated Decision has Joomla! under the hood!

Podcast Powered by podPress (v8.8)