Tuesday, March 24, 2009

Cold-boot attacks change the data leakage landscape

The cold-boot attack on RAM
Network World logo

Security Strategies Alert

NetworkWorld.com | Security Research Center | Update Your Profile


Sponsored by Oracle
rule

Live Webcast: Maximizing your IT security dollars
Make the most of IT security and compliance dollars by ensuring your databases are secure. Get concrete tips and recommendations in this Live Webcast sponsored by Oracle, scheduled for Thursday, April 16, 2009 at 2:00 p.m. ET/11:00 a.m. PT. Learn how to cost-effectively safeguard sensitive and regulated information. Register for this Live Webcast now.

rule

Spotlight Story
Cold-boot attacks change the data leakage landscape

M. E. Kabay By M. E. Kabay
Until 2008, the consensus had been that there would be no practical way to remove a RAM chip from a computer system without losing all contained data. However, last July, researchers published a paper about something quite amazing: most RAM chips maintain their data for several seconds without any power, thus allowing a channel for data leakage from any computer to which an attacker has physical access. Read full story

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.

Related News:

Two-factor credit-card safety for online transactions My friend and colleague Jurgen Pabel was one of our first graduates from the Norwich University Master of Science in Information Assurance. He is an active participant in our alumni discussion group and a frequent and welcome correspondent. Here, I present his latest suggestions (entirely his with minor edits and additions).

Icy encryption tool protects laptops from "cold boot" attack, vendor says The vendor HyBlue says it can prevent the "cold boot" encryption hack discovered by Princeton researchers.

'Cold Boot' encryption hack unlikely, says Microsoft Users can keep thieves from stealing encrypted data by changing some settings in Windows, a Microsoft product manager said as he downplayed the threat posed by new research that shows how attackers can inspect a "ghost ...

Cold Boot Attack put to test After researchers at Princeton University showed how they could dig up the contents of a computer's memory just minutes after the machine had been turned off using a "Cold Boot", it was only a matter of time before hackers began testing the technique.

Cold bits as a security bypass Columnist Scott Bradner discusses how worried you should really be about a new disk-encryption bypass exposed by Princeton security researchers.

Free tool from HP scans for Flash vulnerabilities HP has released a free development tool that finds vulnerabilities in Flash, Adobe System's widely used but occasionally buggy interactive Web technology.

Site Hacks, Fake Security Rakes in Serious Cash Here's a recipe for illicit online riches:

Spam filters block legitimate e-mail, finds test Many antispam products still block an inconvenient amount of legitimate e-mail, a new test of leading products has suggested.

Ukrainian cybercriminals raked in $10K/day, Finjan reports Ten thousand eight hundred dollars per day for cybercrime jockeys? That's what security vendor Finjan says it witnessed during its 16-day infiltration of a cybercrime operation that involved selling bogus antivirus software.

Enter for a Microsoft training giveaway from New Horizons
New Horizons Computer Training is offering a free Microsoft training course worth up to $2,500 to be given to one lucky Microsoft Subnet reader. Deadline for entry is March 31.

Network World on Twitter Get our tweets and stay plugged in to networking news.


Exchange alternatives: Pros & cons
Clear Choice Test: Microsoft Exchange alternativesTesting shows Microsoft's Exchange still tops for features and management hooks.

App to no good
10 iPhone apps that could get you into troubleA look at the top 10 iPhone apps that could get you into trouble.

Sponsored by Oracle
rule

Live Webcast: Maximizing your IT security dollars
Make the most of IT security and compliance dollars by ensuring your databases are secure. Get concrete tips and recommendations in this Live Webcast sponsored by Oracle, scheduled for Thursday, April 16, 2009 at 2:00 p.m. ET/11:00 a.m. PT. Learn how to cost-effectively safeguard sensitive and regulated information. Register for this Live Webcast now.

rule

The Need for an Adaptive Threat Management Architecture - Live March 31.
Create a more secure and efficient network. Find out how in this Live Webcast, "The Need for an Adaptive Threat Management Architecture." Join us on Tuesday, March 31, 2009, at 1:00 p.m. ET/10:00 a.m. PT. Get real-world advice from Jon Oltsik, senior analyst at consulting firm Enterprise Strategy Group.
Register today for this Live Webcast.


IDC Software as a Service Summit
The IDC Software as a Service Summit brings together senior IT and line of business executives to learn how SaaS and SaaS in a cloud present new opportunities that enable significant cost savings, agility, speed and achieve overall business value despite the turbulent business climate.
Find out more!

 

03/24/09

Today's most-read stories:

  1. No business case for IPv6, survey finds
  2. Rootkit to exploit Intel chip flaw to be posted 3/19/09
  3. IBM/Sun deal could benefit Java, says Google's open source chief
  4. Skype for SIP targets business customers
  5. Voluntary separation scheme for Dell's Malaysian staff
  6. Hidden commands
  7. Ukrainian cybercriminals raked in $10K/day, Finjan reports
  8. E-mail evidence in Madoff case includes another scam
  9. Power grid is found susceptible to cyberattack
  10. Tweeted out of a job: "Cisco Fatty" story
  11. Students learn through robot battles


Network World on Twitter: Get our tweets and stay plugged in to networking news


Webcast: Data center server selection.
Forrester Research's Brad Day helps IT professionals refine their server selection criteria in this informative Webcast, "Beyond Systems Performance." Ensure you will make the right decision for your next-generation data center. Get Day's tips on creating a cost-efficient environment that delivers the performance and long-term resiliency you require.
Watch this Webcast now.



IT Buyers guide

 


This email was sent to security.world@gmail.com

Complimentary Subscriptions Available
for newsletter subscribers. Receive 50 issues
of Network World Magazines, in print or
electronic format, free of charge, Apply here.

Terms of Service/Privacy

 

Subscription Services Update your profile
To subscribe or unsubscribe to any Network
World newsletter, change your e-mail
address or contact us, click here.

Unsubscribe

Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701
Copyright Network World, Inc., 2009

www.networkworld.com

 

 



No comments:

Post a Comment