Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: security curmudgeon (jerichoattrition.org)
Date: Thu Feb 21 2008 - 14:48:47 CST
[Companies who suffer a data loss incident, take note. Not only is the
"password" to the operating system worthless, now the encrypted drives
that we never see used are too. =) -jericho]
Researchers: Disk Encryption Not Secure
By Kim Zetter February 21, 2008 | 12:13:48 PM
Researchers with Princeton University and the Electronic Frontier
Foundation have found a flaw that renders disk encryption systems useless
if an intruder has physical access to your computer -- say in the case of
a stolen laptop or when a computer is left unattended on a desktop in
sleep mode or while displaying a password prompt screen.
The attack takes only a few minutes to conduct and uses the disk
encryption key that's stored in the computer's RAM.
The attack works because content as well as encryption keys stored in RAM
linger in the system, even after the machine is powered off, enabling an
attacker to use the key to collect any content still in RAM after
reapplying power to the machine.
"We've broken disk encryption products in exactly the case when they seem
to be most important these days: laptops that contain sensitive corporate
data or personal information about business customers," said J. Alex
Halderman, one of the researchers, in a press release. "Unlike many
security problems, this isn't a minor flaw; it is a fundamental limitation
in the way these systems were designed."
Dataloss Mailing List (datalossattrition.org)
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!