[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Firewire Attack on Windows Vista

>>You're mistaken in thinking that we're conflating sleep and hibernate
>>Microsoft's response of using two factor authentication is silly. It
doesn't actually stop our attacks. In certain circumstances, it may
shorten the window of attack for a specific type of user but it's mostly
irrelevant. Consider a mail server with an encrypted drive, no proximity
sensor or two factor authentication is going to help you. A seizure will
still result in someone getting the keys that are in memory
- unless you're using some sort of secure crypto co-processor (which no
one is).

From your own paper:

> Microsoft ... recommends configuring BitLocker in "advanced
> mode," where it protects the disk key using the TPM along with a
password or a key on a removable
> USB device. However, even with these measures, BitLocker is vulnerable
if an attacker gets to the system
> while the screen is locked or the computer is asleep (though not if it
is hibernating or powered off). 

So in other words, hibernate does make a difference, especially if you
follow their guidelines.

Larry Seltzer
eWEEK.com Security Center Editor
Contributing Editor, PC Magazine