Wednesday, February 27, 2008

Protecting a Macbook (Pro) against harddrive encryption loophole

In the last couple of days a lot of attention has been given to the paper "Lest We Remember: Cold Boot Attacks on Encryption Keys". The attack outlines how laptop disk encryption is vulnerable due to the properties of RAM and its retention of the encryption keys. Its a pretty sophisticated attack and one can assume that the kind of subject that will perpetrate this attack is pretty serious about getting to your data. (Think organised crime or overzealous immigration police).

The consensus seems to be that the best way to defeat this attack would be to "hibernate" your machine or shut it down completely when travelling about. Macs unfortunately have this concept of "Safe Sleep". Through this default process a hibernation file gets created but the machine is put into low/power or "sleep" mode first (fully vulnerable to this attack).

All is not lost however - as shown in this blog post on Macworld you can set the mac to hibernate by default.
This is of course a bit of a pain and your Macbook will not resume normal operation as fast as normal.

I have set my Macbook Pro to only hibernate using the following command from a Terminal window:

$sudo pmset -a hibernatemode 5

Please note that this applies to my machine as I use the "Secure Virtual Memory" setting in the Security Preference pane. Other readers might need to use the value 1. Please refer to the blog posting mentioned a little earlier.

One other method would of course be to keep the status quo hibernation settings.
1) Safe Sleep your Macbook as normal.
2) Wait for the machine to indicate that it has successfully entered Safe Sleep (the little white light on the lid button will slowly pulsate on and off)
3) Then remove the battery.

By removing the battery you will kill the "sleep" mode and the Mac will resume from its hibernate file. That should get rid of any encryption keys in memory with the added advantage that while you are in a "safe area" or not travelling you have super fast resumes from sleep.

Thursday, February 14, 2008

FOSS and Security experience in South Africa? Who are you?

Dear Lazyweb,

The company that I work for, Exponant, is currently looking for skills in Information Security and FOSS (Free and Open Source Software).
If you are an experienced professional in the above areas I would love to hear from you.

On the security side we are looking for senior engineers and architects.
On the FOSS side we are looking for individuals with experience with FOSS in the enterprise.

We are based in Centurion, South Africa and most our demand is from clients in Pretoria.

Friday, February 01, 2008

Microsoft and Yahoo!

Wow! By far the biggest news of the year is that Microsoft has put in a bid to buy Yahoo!
Amazing news on so many levels, Yahoo! has been languishing for years and neither Microsoft or Yahoo! have been able to really respond to Google's dominance in the search market. This hot on the heals of Google's missed earnings...