* Posts by Dave Hall

2 posts • joined 22 Feb 2008

Security researchers' accounts ransacked in embarrasing hacklash

Dave Hall

Privacy was breached by using 3rd party e-mail services.

What's interesting is that these security researchers are putting their trust in 3rd parties to protect the stored information. This breaks the possession/control attribute of the Parkerian Hexad of security, one of the foundations of security.

For example, the google privacy policy doesn't lay out any guarantees that data is protected from a hacker.

Security boffins unveil BitUnlocker

Dave Hall

Easy fix?

On a system that utilizes a write-back cache, perhaps it's possible for the O/S to ensure that the encryption key remains in CPU cache since it's probably used a lot anyway. The CPU cache is SRAM so once the power goes away, so does the data.

I think this technique may also protect against vulnerabilites where a rogue device could read arbitrary memory using DMA. I'm not that much of a PC hardware expert so I don't know if DMA would allow a device to read from L1 or L2 cache.


Biting the hand that feeds IT © 1998–2021