Hard Disk Encryption Not so Secure as You Might Think

Usually I try not to just reiterate what is written elsewhere anyway. But this thing is so hot and amazing that I just have to provide you with a link: New Research Results: Cold Boot Attacks on Disk Encryption.

In a nutshell: Hard disk encryption master keys are stored in DRAM. However according to the research results of Princeton University, DRAM does not lose its content immediately, but rather only after a couple of seconds or minutes. If cooled (e.g. by spraying cooling spray on it), memory content can be preserved for multiple minutes and restored after booting from a malicious operating system.

I strongly recommend you read it for yourself.

Picture of a Hard Disk by cgommel

RIAA Hacked

Funny thing: The RIAA apparently got hacked. The attackers used an SQL Injection vulnerability to manipulate the database. I never cease to be amazed how easy it is to find such flaws in web applications.

I have no idea what used to be on the news room page, but an SQL Injection can’t do this. Either someone found something a lot worse (or better, depending on your point of view), or the RIAA did this to themselves.

While I’m writing this, it sounds like a great conspiracy theory. The RIAA hacks itself in order to proof that people who share music are indeed criminals ;).

While I’m at it, this is not the first time that companies enforcing IP or connected to such companies got hacked. A group of guys seem to have stolen and leaked emails from MediaDefender for example. Not quite a hack, but also interesting is the fact that IFPI obviously forgot to renew their domain registration and the pirates took them gladly.

[Update: The RIAA seems to have fixed the issue, so I updated the old links to a screenshot I took while the page was still offline]

Picture of Pirate Eye by Cayusa