Security Pro VIP--March 6, 2008

In this Issue:

  • Perspective: Keep Your Encrypted Data Encrypted
  • Coming this Month
  • February 2008 Articles in Print-Friendly Format
  • Share Your Security Tips and Get $100
  • The Security Pro VIP Forum

Perspective: Keep Your Encrypted Data Encrypted

Watch out for those cans of compressed air. You might have thought they were an innocent way to clean the crumbs out of your keyboard, but in reality, they're a hacker tool that could help someone get the keys to your encrypted data!

This is one of those computer security stories that seems to have captured the general public's attention, and it's been covered by news organizations as diverse as The New York Times, Fox News, and Computerworld. To summarize: When the keys used to encrypt a computer's hard disk are stored in the memory of that computer, the keys can be retained in the memory when the computer goes into sleep or hibernate mode and even briefly (a few seconds or minutes) after you shut the computer off. Eight researches from Princeton University, the Electronic Frontier Foundation, and Wind River Systems found that they could keep the keys around longer—up to an hour, in some cases—when they froze the memory chip by spraying it with compressed air or by other means. This extra time gave the researches the minutes they needed to use other tools to capture the keys from the memory and then crack the disk encryption. The researchers were successful in hacking Windows Vista's BitLocker, Mac OS X's FileVault, Linux dm-crypt, and TrueCrypt. They reported their findings in the paper "Lest We Remember: Cold Boot Attacks on Encryption Keys" and kicked off a discussion in "Cold Boot Attacks: Vulnerable While Sleeping" (February 26) and "New Research Result: Cold Boot Attacks on Disk Encryption" (February 21) on the Freedom to Tinker blog. News organizations picked up the story from there.

In "Disk encryption: Balancing security, usability and risk assessment" on MSDN's Windows Vista Security blog, Russ Humphries responded to the researchers' findings by mentioning a few techniques administrators and users can employ to address the disk encryption vulnerability and pointing to more best practice guidance for using BitLocker in "Data Encryption Toolkit for Mobile PCs".

The simplest measure to take to protect the encrypted data on your laptop might be to turn the system off when you aren't using it—and make sure it's completely off. Don't expect sleep or hibernate mode to protect your encryption keys. Another lesson, which I'm sure most of us have already learned, is that someone will always poke holes in each new security technology. Security vendors, security administrators, and users not only need to be vigilant about using the latest technologies that they can afford and that make sense for their situation but also about using good common sense to keep data safe. And by good common sense, I mean keeping physical control over your laptop, and avoiding people who are waving cans of compressed air at your system!

For general information about BitLocker, go to:

Vista's BitLocker Drive Encryption

Access Denied: Comparing BitLocker with EFS

Renee Munshi, Security Pro VIP Editor

Coming this Month

"Controlling Removable Storage Access" by Alex K. Angelopoulos
Windows Vista integrates Group Policy–based support for restricting access to removable storage devices.
This article is now live on the Web.

"MOSS 2007’s Security Features" by John Howie
By leveraging MOSS 2007’s security features when building internal collaboration Web sites, you can ensure those sites' security and provide audit trails showing user access to hosted content.
Coming March 13.

Toolbox: "Create a Live CD that Runs in Persistent Mode on a Bootable USB Drive" by Jeff Fellinge and Elliot Harbin
Learn how to create a bootable, persistent configuration of Ubuntu 7.10 Desktop Edition on a portable USB flash drive, making a toolkit that lets you customize your environment or install your own custom applications.
Coming March 20.

Access Denied
Randy Franklin Smith answers your Windows security questions.
Coming March 27.

February 2008 Articles in Print-Friendly Format

If you're someone who prefers your newsletters in printed form, this .pdf file contains all the security articles posted on the Security Pro VIP Web site in February in one .pdf file, and it includes some accompanying code. Print the .pdf and enjoy!

Share Your Security Tips and Get $100

Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

The Security Pro VIP Forum

The Security Pro VIP forum is your place to ask questions about security topics and about articles posted on the Security Pro VIP Web site and to get answers from other forum members, including Orin Thomas, forum moderator, and article authors. Let's talk!

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.