Xnet
OS Protector is an intelligent circuit card which protects PC system configuration and protect data on hard disk in simple and fast way. The installation and operation is simple and can be done in minutes without technical staff involvement. The form factor is a small PCI card.
The concept is simple. Instead of Blacklisting (ie keeping track of all the new viruses and their signatures) OS Protector uses Whitelisting. It keeps track of what is good. So all it needs to do is know what files are clean and so protects that only.
How does it do this? Using parity bits, protection is offered at the hardware level (hence the title: hardware anti-virus). It kicks in before Windows boots, so Windows Viruses will not be able to attack it. This way it is even able to protect the BIOS from being changed.
Labels: bits protection, Hardware, Virus, Worm
Once the attacker has access to your hardware it becomes very very difficult to protect your assets.
We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux.
Here is a movie and the original research paper:
Lest We Remember: Cold Boot Attacks on Encryption Keys
Abstract Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.
Labels: crypto, Hardware, Insecurity
Theo de Raadt posts some concerns about Core 2 processors. Interesting quotes include:
"Various developers are busy implimenting (sic) workarounds for serious bugs
in Intel's Core 2 cpu.
These processors are buggy as hell, and some of these bugs don't just
cause development/debugging problems, but will *ASSUREDLY* be
exploitable from userland code."
and:
"Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare
the hell out of us. Some of these are things that cannot be fixed in
running code, and some are things that every operating system will do
until about mid-2008.."
and:
"At this time, I cannot recommend purchase of any machines based on the
Intel Core 2 until these issues are dealt with (which I suspect will
take more than a year). Intel must be come more transparent.
(While here, I would like to say that AMD is becoming less helpful day
by day towards open source operating systems too, perhaps because
their serious errata lists are growing rapidly too)."
A good, easy to understand summary for normal people is here: http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21__full.gif
Only one bug is listed due to be fixed by Intel. All others are to be fixed by BIOS or OS producers.
Labels: Bug, Hardware, Vulnerability