Disk Encryption: Not as secure as I thought

Apparently, it’s easier than I thought to recover disk encryption keys from a stolen laptop computer. The attack works against “several popular disk encryption systems: BitLocker (a feature of Windows Vista), FileVault (a feature of Mac OS X), dm-crypt (a feature of Linux), and TrueCrypt”. Watch the demonstration video at [http://citp.princeton.edu/memory/](http://citp.princeton.edu/memory/).

> The root of the problem lies in an unexpected property of today’s DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn’t so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system.

Encrypting a disk drive _does_ increase the confidentiality of data. It’s just not as secure as once thought.

Sidenote: Software and hardware based [key loggers](http://en.wikipedia.org/wiki/Keystroke_logging) can reduce the security of encryption as well.

‘iotop’ shows top I/O consumers

Want to know why your Linux box is sluggish? Some program is probably hogging disk I/O. I just discovered a cool utility that shows what programs are using the most disk I/O: [iotop](http://guichaz.free.fr/misc/). To install it on Fedora, run

yum install iotop

Otherwise, download and run [iotop.py](http://guichaz.free.fr/misc/iotop.py) — it requires Python 2.5+ and Linux kernel 2.6.20+

Evince broken: unhandled x-extension-pdf

On Linux and the Gnome Desktop, Evince is the default application for viewing Adobe Acrobat (PDF) files. Recently, it started giving me the message “Unhandled MIME type: ‘application/x-extension-pdf'”. Here’s how I fixed it.

1. Edit $HOME/.local/share/mime/packages/Override.xml
2. Replace “application/x-extension-pdf” with “application/pdf”
3. Run “update-mime-database $HOME/.local/share/mime”

[Reportedly](http://www.mail-archive.com/evince-list@gnome.org/msg00485.html), a bug in the Nautilus file manager causes this behavior.

XRandR in Fedora 8

Fedora 8 ships XRandR 1.2 (the X Rotate and Render Extension), which makes it possible to render a screen onto an overhead projector, among other things. Here’s instructions on [how to do useful things with XRandR](http://www.thinkwiki.org/wiki/Xorg_RandR_1.2#Using_xrandr_to_do_useful_things) (not Fedora specific). For now, control of XRandR is handled through the command line. In Fedora 9 or 10, there will likely be better user interfaces to configure XRandR.

Security Lessons from Dick Marcinko

In January, [Dick Marchinko](http://www.dickmarcinko.com/) spoke to my company. Here are some of the lessons that I drew from his hard-to-follow speech:

Most importantly, he said, there is no substitute for human intelligence.

Attackers can…

1. defeat security systems, such as locks, by replacing them with their own security system in advance of a break-in. Security response will trust in their security system to help catch or contain attackers, not realizing that it was replaced and turned to the service of the attacker.
1. use decoys to mislead security response. For example, crews might diffuse one bomb, and they forget to look for a second one.
1. attack during noisy, chaotic, busy times, like shift-change. (My note: Hackers like to hide their malware on busy networks and on busy file servers, such as in university or ISP networks.)
1. trip alarms to assess response capabilities. Once assessed, booby-trap the response capabilities so they are ineffective.
1. evade security systems. TSA secures airports from passengers, but what about security airport construction sites and access? America’s ports and waterways are largely unprotected.