Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Stefan Kanthak (stefan.kanthaknexgo.de)
Date: Sun Mar 09 2008 - 11:27:26 CDT
Larry Seltzer wrote:
> I actually do have a response fom Microsoft on the broader issue, but it
> doesn't address these issues or even concded that there's necessarily
> anything they can do about it. They instead speak of the same
> precautions for physical access that they spoke of a couple weeks ago
> with respect to the "frozen notebook memory" attack - use drive
> encryption, use 2-factor authentication, use hibernate instead of sleep,
> use group policy to enforce them. I don't think it's a bad response
> under the circumstances.
WRT the DMA access over FireWire it's but a bad response since it doesn't
get the point!
1. Drive encryption won't help against reading the memory.
2. The typical user authentication won't help, we're at hardware level
here, and no OS needs to be involved.
3. The computer is up (and running; see above), no hibernate or sleep
is involved here.
4. Group policies can be circumvented, even by a limited user.