Re: [Full-disclosure] Firewire Attack on Windows Vista

[Jacob Appelbaum <jacob () appelbaum net>]

Larry Seltzer wrote:
> > > The funniest is using hibernate...
> > > Did you perchance read: http://www.eff.org/press/archives/2008/02/21-0
> ?? 
>
> Yeah, I made specific reference to that attack in my message. There's a
> big difference between sleep mode and hibernate mode. In hibernate the
> system is powered off. Even if the memory has some residual charge I'm
> sure it's far less reliable than with sleep. 
>
> Everything I've seen in descriptions of that attack tells me they are
> unfairly conflating sleep and hibernate.

Hi,

I've been watching this thread for a while and I guess it's time to
chime in. You're mistaken in thinking that we're conflating sleep and
hibernate modes.

Furthermore, Microsoft's response of using two factor authentication is
silly. It doesn't actually stop our attacks. In certain circumstances,
it may shorten the window of attack for a specific type of user but it's
mostly irrelevant. Consider a mail server with an encrypted drive, no
proximity sensor or two factor authentication is going to help you. A
seizure will still result in someone getting the keys that are in memory
- unless you're using some sort of secure crypto co-processor (which no
one is).

Regards,
Jacob Appelbaum