Poll Results: Hacking Motives

Posted in Polls, Security, Security Research, Threats, Vulnerabilities, Attacks by Dragan Pleskonjic @ Apr 2, 2008

Poll “Primary motives for hacking are” which was open on this blog since December 21, 2007 to March 31, 2008 is closed now. Based on answers of visitors, who took opportunity to vote in the poll, main reason why hackers (malicious ones) are attacking is because they take it as intellectual challenge. Next reason is money etc.

Here is summary of results.

As it was said in introductory post for poll, it is based on Australian government Institute of Criminology i.e. its High tech crime centre classification. You can see paper (linked in blog post also) here.

There were polemic about definition of hackers and is that correct to say that hackers are malicious. Many people think that definition of hackers mean that they “wear white hat” i.e. hackers are not driven by malicious motives. However, crackers are ones who “wear black hat” i.e. they are supposed to be malicious, according that opinion. Also, some people mentioned that poll lacks precise definition of hacking and description of hacker and cracker difference for sake of this poll.

This poll is about public opinion - what people think about hackers and their motives, so it was left to opinions and thoughts of everyone and a little bit imprecise (intentionally). :)

You can look into Merriam-Webster’s dictionary definition of hacker – it may be interesting.

Sphere: Related Content

Cold Boot Attacks on Encryption Keys

Posted in Cryptography, Threats, Vulnerabilities, Attacks by Dragan Pleskonjic @ Apr 2, 2008

If you’ve thought your data are secure on encrypted hard disk, read: Lest We Remember: Cold Boot Attacks on Encryption Keys. Researchers with Princeton University and the Electronic Frontier Foundation (EFF) have found a flaw that renders disk encryption systems useless if an intruder has physical access to your computer - say in the case of a stolen laptop or when a computer is left unattended on a desktop in sleep mode or while displaying a password prompt screen. The attack takes only a few minutes to conduct and uses the disk encryption key that’s stored in the computer’s RAM.

There is also full research paper and YouTube video about this attack.

Abstract says:

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.

 

[Thanks to colleague Sanida O. for bringing this to my attention].

Sphere: Related Content

Poll: Rate Your Computer Security Knowledge and Experience

Posted in Education and Training, Polls, Security by Dragan Pleskonjic @ Apr 1, 2008

I’ve added a new poll to this blog. The aim of the poll is to see what is the structure of the blog visitors according their (your) individual opinion and experience in the field of security knowledge. There is no guidance and explanation of the given choices. You are the one who sets measurement units, decides and rates your own knowledge and experience according to it.

Question is: “Rate your computer security knowledge and experience”, and possible answers are:

  • None
  • Beginner
  • Moderate
  • Expert
  • Guru

Vote and enjoy visiting often and seeing how others vote. Polls started today and it is planned to be open 3 months i.e. by end of June 2008.

An earlier poll “Hacking Motives” expired last night (March 31, 2008). I am going to discuss results in future post on this blog.

Sphere: Related Content