Interesting video interview of security expert Bruce Schneier by TechWebTV at RSA 2008 Conference.
ideas Cloud dreams ideas
Interesting video interview of security expert Bruce Schneier by TechWebTV at RSA 2008 Conference.
[R]esearchers at the University of Cambridge, have shown how to compromise supposedly tamper-proof Chip and PIN terminals. With a paperclip, off the shelf electronics, and basic technical skills, fraudsters can capture card details and PINs, then create counterfeit cards. The full results of the team are published their academic paper and were featured on BBC Newsnight (Google Video).
[hat tip: Cory Doctorow]
Quoting from the Princeton research site,
Abstract Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. (K: This is a general hardware issue with the DRAM chip that is not going to be easy to solve, I think.)
[via Boing Boing]