When a machine is powered off it doesn't immediately clear the RAM. If
you cool the RAM and use an external boot device which copies all the
RAM to a file you can steal hard drive passwords which were cached in
memory. Yes, this includes any other passwords also cached in memory at
the time.
With the quickboot BIOS option, this task can be done quickly via a USB
thumb drive without clearly drawing attention.
By disabling quickboot and having my RAM scanned, it clears my memory at
boot time. While this doesn't help if they have a compatible computer
they can drop the RAM in to, it does help if they have time constraints
and they're relying upon the fact that most systems are not set to scan
the RAM.
While I also password-protect my CMOS configuration, and encourage
people to lock out other boot options on laptops, it is about layers of
protection. Plus, my idea is to deter people quickly. There's no doubt
about what is happening or the time it will take when a machine starts
a RAM check. Make it clear that there are easier fish, and they're more
likely to walk away sooner.
Cheers,
Steven Black
On Sat, Oct 04, 2008 at 05:32:38AM -0500, Scott Blaydes wrote:
> Does the RAM scan actually have anything to do with security, or just PC
> health?
>
> Thank you,
> Scott Blaydes
>
> Steven Black wrote:
>> It is interesting.
>>
>> On a personal note, I have all my machines configured in such a manner
>> so as to slow down the boot. -- As a security precaution I have all
>> the RAM on all my machines scanned at boot-time. I actively discourage
>> people from using the "QuickBoot" BIOS options.
>>
>> Cheers,
>> Steven Black
>>
>> On Thu, Oct 02, 2008 at 10:11:14AM -0600, Abhishek Kulkarni wrote:
>>> Just stumbled upon some interesting stuff here
>>> http://www.fenrus.org/plumbers_fastboot.ppt
>>>
>>> I just clocked the booting time on my notebook (Dell Vostro 1400), it takes
>>> more than 90 seconds!
>>>
>>> -- Abhishek
>>>
>>
>>> _______________________________________________
>>> BLUG mailing list
>>> BLUG@linuxfan.com
>>> http://mailman.cs.indiana.edu/mailman/listinfo/blug
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> BLUG mailing list
>> BLUG@linuxfan.com
>> http://mailman.cs.indiana.edu/mailman/listinfo/blug
>
> _______________________________________________
> BLUG mailing list
> BLUG@linuxfan.com
> http://mailman.cs.indiana.edu/mailman/listinfo/blug
--
Steven Black <blacks@indiana.edu> / KeyID: 8596FA8E
Fingerprint: 108C 089C EFA4 832C BF07 78C2 DE71 5433 8596 FA8E
No comments:
Post a Comment