Cold-boot attacks change the data leakage landscape

The cold-boot attack on RAM Security Strategies Alert NetworkWorld.com | Security Research Center | Update Your Profile Sponsored by Oracle Live Webcast: Maximizing your IT security dollars Make the most of IT security and compliance dollars by ensuring your databases are secure. Get concrete tips and recommendations in this Live Webcast sponsored by Oracle, scheduled for Thursday, April 16, 2009 at 2:00 p.m. ET/11:00 a.m. PT. Learn how to cost-effectively safeguard sensitive and regulated information. Register for this Live Webcast now. Spotlight Story Cold-boot attacks change the data leakage landscape By M. E. Kabay Until 2008, the consensus had been that there would be no practical way to remove a RAM chip from a computer system without losing all contained data. However, last July, researchers published a paper about something quite amazing: most RAM chips maintain their data for several seconds without any power, thus allowing a channel for data leakage from any computer to which an attacker has physical access. Read full story M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online. Related News: Two-factor credit-card safety for online transactions My friend and colleague Jurgen Pabel was one of our first graduates from the Norwich University Master of Science in Information Assurance. He is an active participant in our alumni discussion group and a frequent and welcome correspondent. Here, I present his latest suggestions (entirely his with minor edits and additions). Icy encryption tool protects laptops from "cold boot" attack, vendor says The vendor HyBlue says it can prevent the "cold boot" encryption hack discovered by Princeton researchers. 'Cold Boot' encryption hack unlikely, says Microsoft Users can keep thieves from stealing encrypted data by changing some settings in Windows, a Microsoft product manager said as he downplayed the threat posed by new research that shows how attackers can inspect a "ghost ... Cold Boot Attack put to test After researchers at Princeton University showed how they could dig up the contents of a computer's memory just minutes after the machine had been turned off using a "Cold Boot", it was only a matter of time before hackers began testing the technique. Cold bits as a security bypass Columnist Scott Bradner discusses how worried you should really be about a new disk-encryption bypass exposed by Princeton security researchers. Free tool from HP scans for Flash vulnerabilities HP has released a free development tool that finds vulnerabilities in Flash, Adobe System's widely used but occasionally buggy interactive Web technology. Site Hacks, Fake Security Rakes in Serious Cash Here's a recipe for illicit online riches: Spam filters block legitimate e-mail, finds test Many antispam products still block an inconvenient amount of legitimate e-mail, a new test of leading products has suggested. Ukrainian cybercriminals raked in $10K/day, Finjan reports Ten thousand eight hundred dollars per day for cybercrime jockeys? That's what security vendor Finjan says it witnessed during its 16-day infiltration of a cybercrime operation that involved selling bogus antivirus software. Enter for a Microsoft training giveaway from New Horizons New Horizons Computer Training is offering a free Microsoft training course worth up to $2,500 to be given to one lucky Microsoft Subnet reader. Deadline for entry is March 31. Network World on Twitter Get our tweets and stay plugged in to networking news. Exchange alternatives: Pros & cons Testing shows Microsoft's Exchange still tops for features and management hooks. App to no good A look at the top 10 iPhone apps that could get you into trouble. Sponsored by Oracle Live Webcast: Maximizing your IT security dollars Make the most of IT security and compliance dollars by ensuring your databases are secure. Get concrete tips and recommendations in this Live Webcast sponsored by Oracle, scheduled for Thursday, April 16, 2009 at 2:00 p.m. ET/11:00 a.m. PT. Learn how to cost-effectively safeguard sensitive and regulated information. Register for this Live Webcast now. The Need for an Adaptive Threat Management Architecture - Live March 31. Create a more secure and efficient network. Find out how in this Live Webcast, "The Need for an Adaptive Threat Management Architecture." Join us on Tuesday, March 31, 2009, at 1:00 p.m. ET/10:00 a.m. PT. Get real-world advice from Jon Oltsik, senior analyst at consulting firm Enterprise Strategy Group. Register today for this Live Webcast. IDC Software as a Service Summit The IDC Software as a Service Summit brings together senior IT and line of business executives to learn how SaaS and SaaS in a cloud present new opportunities that enable significant cost savings, agility, speed and achieve overall business value despite the turbulent business climate. Find out more!   03/24/09 Today's most-read stories: No business case for IPv6, survey finds Rootkit to exploit Intel chip flaw to be posted 3/19/09 IBM/Sun deal could benefit Java, says Google's open source chief Skype for SIP targets business customers Voluntary separation scheme for Dell's Malaysian staff Hidden commands Ukrainian cybercriminals raked in $10K/day, Finjan reports E-mail evidence in Madoff case includes another scam Power grid is found susceptible to cyberattack Tweeted out of a job: "Cisco Fatty" story Students learn through robot battles Network World on Twitter: Get our tweets and stay plugged in to networking news Webcast: Data center server selection. Forrester Research's Brad Day helps IT professionals refine their server selection criteria in this informative Webcast, "Beyond Systems Performance." Ensure you will make the right decision for your next-generation data center. Get Day's tips on creating a cost-efficient environment that delivers the performance and long-term resiliency you require. Watch this Webcast now. Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now   This email was sent to security.world@gmail.com Complimentary Subscriptions Available for newsletter subscribers. Receive 50 issues of Network World Magazines, in print or electronic format, free of charge, Apply here. Terms of Service/Privacy   Subscription Services Update your profile To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Unsubscribe Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701 Copyright Network World, Inc., 2009 www.networkworld.com