Software based disk encryption not secure enough!
February 22, 2008 by RD · Leave a Comment
Contrary to conventional wisdom, “volatile” semiconductor memory does not entirely lose its contents when power is removed. Both static (SRAM) and dynamic (DRAM) memory retains some information on the data stored in it while power was still applied and they still hold values for a long intervals without power or refresh. This is a known [2] problem for a long long time. However, no one has ever tried (or published) any practical attack on this problem like what Princeton University researchers did.
This DRAM threat goes beyond disk encryption. Any kind of sensitive data such as password, encryption key, credit card information,… in you RAM could be stolen in just a few minutes. Due to the nature of this problem, it’s hard for software based hard disk encryption solution to protect against this attack. Software based solution would be able to try to encrypt/clear the disk key whenever PC goes into inactive state (i.e screen saver, standby, hibernate) but it’s not really practical and/or applicable in some cases. The white paper [1] also offers interesting algorithms & methods to find crypto keys in memory images.
If you’re really care about your information, you should better to change your behavior to unmount encrypted disk and/or power-off your machine (for a while to give the memory enough time to decay) whenever you’re away from your computer if you’re using software based disk encryption and/or to use a hardware based disk encryption solution. FYI, Seagate also has a hardware based hard disk encryption solution ready to use.
Links:
- Lest We Remember: Cold Boot Attacks on Encryption Keys
- Secure Deletion of Data from Magnetic and Solid-State Memory
GSM Monitoring & A5/1 Cracking
February 22, 2008 by RD · Leave a Comment
Hulton & Steve have presented the new fast & cheap method of cracking A5/1 GSM encryption this week at BlackHat DC Security Conference 2008. This is the result of Cracking A5 and GSM scanner project which has been presented at VNSECON 07 by Steve last year.
FYI, GSM monitoring system has always been there for a long time. However, those devices are very expensive (few hundred thousands to millions USD depends on capabilities, number of channels, antenna,…) and only available to government agents.
Links:
- http://blog.washingtonpost.com/securityfix/2008/02/research_may_spell_end_of_mobi.html
- http://www.blackhat.com/html/bh-dc-08/bh-dc-08-speakers.html#Hulton
- http://wiki.thc.org/gsm
- http://wiki.thc.org/cracking_a5
- http://conf.vnsecurity.net/program
Software expoitation training from lamer
February 19, 2008 by Hiếu Lê · Leave a Comment
The course lasted 2 days (Feb 16th and 17th, 2008), and, in my opinion, was very interesting. That’s the motivation for me to write these from a learner’s point of view.
Content of the course:
- Stack/Heap overflow, focusing on stack overflow because of difficulty of Heap overflow with these techniques:
+ Return to libc (ret2libc)
+ Return to pop (ret2pop)
+ Overwrite .got, .dtors … if the program was compiled with ASLR (Address Space Layout Randomization) support.
- Format string
- Race condition (TOC/TOU – Time of Check/Time of Use)
Requirements:
- 01 laptop with DVD drive
- VMWare player [3] installed
- Basic knowledge of Linux and typical commands
- Basic knowledge of programing
- Basic knowledge of Assembly
The knowledge of Linux and Assembly is not required but learners can learn faster with them.
The learners will also gain the knowledge of using:
- IDA [4]
- gdb [5]
- python [6]
This is the most practical and beneficial course that I have ever attended. I was naturally sucked into the flow of solving problems. These are what I have noticed:
- The course flows from extremely basic information to very advanced knowledge.
- The learners will develop their skills based on these basic techniques.
- Studying and practicing simultaneously
- Interative learning, the learners must answer many questions throughout the course. This is very useful because the instructor can know whether they “get it”.
- The learners must think and solve problems themselves in a logical way based on the knowledge they have just had.
- Analyzing and predicting are two skills used throughout the course.
- The instructor has prepared the course carefully so that every sentence, or idea is valuable.
- The course is the experience of the instructor so it is very short but it fully covers all information that would require hundreds of pages to explain.
- This is the first time I could read and understand the flow chart of one program based entirely on its ASM code; then, exploit it.
Conclusion
I highly appreciate this course because of its outstanding quality. The experience and skill of the instructor make me believe in what I have learned. If there’s any advanced course from lamer, I’ll attend.
References
[1] VNSecurity – a non-profit research organization dedicated to network and system security. Their team has won the CTF2007’s first prize at HITB2007 Malaysia. VNSec was found and led by Thanh Nguyen (rd at vnsecurify dot net).
[2] Nam T. Nguyễn (Security+, CISSP) – a member of vnsecurity.net
[3] VMWare Player – a software to run a virtual machine. See more at www.vmware.com/products/player/
[4] IDA – a powerful disassembler. See more at www.hex-rays.com/idapro
[5] GDB – GNU debugger. See more at www.sourceware.org/gdb/
[6] Python – a powerful programming language. See more at www.python.org. There’s a website for Vietnamese who loves Python at www.vithon.org. This site was found and led by Nam T. Nguyễn.
