Las amenazas que provienen desde Internet tales como el spam (correo indeseado) o los virus, han sido conocidas desde hace mucho tiempo como un gran problema de seguridad. Pero ha sido la creciente y masiva utilización de los dispositivos removibles (memorias USB, iPods, etc.) en las compañías lo que ha conllevado a que una gran cantidad de información pueda ser copiada y sustraída desde el interior de la red corporativa de una forma mucho más fácil y más rápida de lo que se conocía.
A crack team of researchers from The Electronic Frontier Foundation have discovered a serious security flaw in commonly-used disk encryption technologies, including Microsoft’s BitLocker, TrueCrypt, dm-crypt, and Apple’s FileVault.
They proclaim if a machine is screen-locked or left in sleep or hibernation mode, an attacker can circumvent disk encryption simply by powering the machine down and quickly re-booting to an compact operative system contained in a USB device.
Let’s see, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. When a sleeping machine is “cold booted”, its encryption keys stay right there in memory - and they’re ripe for the taking.
So, sleeping machines are vulnerable even if they’re left alone for a matter of minutes. Let’s say you’re in your office and you leave your Windows Vista machine screen-locked while you take a trip for a coffee or to the bathroom. All I would have to do is force a reboot to a USB drive running customized software, and I could work around BitLocker to access your encrypted information.
DaisyDukes is a memory sniffer based on the software used by EFF’s research team: BitUnlocker, it runs from a USB storage device. The attacker can plug it into an unattended machine that is turned on but has been locked and reboot the machine off a compact operating system contained on the device. Depending on the attacker’s needs, it can be configured to capture the entire contents of a computer’s memory, or sniff out only certain types of data - say a password to access the company network or unlock a user’s private encryption key. The tool has been developed by a penetration-testing firm called IntelGuardians.
IntelGuardians people took things from the EEF Team’s research and discovered that encryption keys used in Windows Vista’s BitLocker, Mac OS X’s FileVault, and other disk encryption systems weren’t the only potentially sensitive information that could be extracted. They found that passwords for certain applications are each surrounded by a distinct pattern or signature. DaisyDuke can search for known signatures and extract the password in a quick and stealthy fashion. That makes it perfect for penetration testers, who get paid to test a company’s security by actively trying to breach its physical and network defenses.
Password signatures has been identified for a dozen or so applications, and with additional contributions there will appear more signatures in updates to the DaisyDukes tool. In addition, they plan to add features that allow DaisyDukes to pinpoint Word documents, chat logs, and other sensitive files.
For now, DaisyDukes remains very much a beta program, so it’s not yet suitable for production. But it already shows great promise. For one, it’s highly compact, which prevents the boot sequence from overwriting old data stored in the computer’s RAM. For another, it’s highly flexible, making it possible to sniff the password for a single application or grab the entire contents in memory.
There is more. According EEF’s Team, memory remanence times can be increased dramatically with simple techniques that put the freeze on RAM by spraying liquid nitrogen.
After a while I’ve decided to restart this blog, before, it was used like a soup of many unsorted things, no reason, no purpose, no sense.
First purpose. This blog will serve as a place to find resources about my work on information security/ethical hacking. Some other pages will contain information about my experience and workarounds and others with personal stuff.
Second purpose. A more personal matter, adding more original content to my presence on the web, so this is a good oportunity and consider myself to have average to above-average writing skills. I would like to improve my writing skills, and a blog looks like a good place to practice.
Please leave comments, and if you like what you see, please link to this website. Thanks.