[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: BHDC11 - De-anonymizing Live CDs through Physical Memory Analysis


coderman wrote (11 Jan 2011 20:21:13 GMT) :
In order to
> solve this problem, we present a number of techniques that allow for
> complete recovery of a live CDâs in-memory filesystem and partial
> recovery of its previously deleted contents. We also present memory
> analysis of the popular Tor application as it is used by a number of
> live CDs in an attempt to keep network communications encrypted and
> anonymous.

> (do Tor Live CDs need a new kexec target for memtest sweeps / ram
> zeroisation? :)

As far as I understand, this seems like enhancements over the cold
boot attack, and one more reason why Tor Live CDs should wipe the
system memory on shutdown. Am I misunderstood?

Most Tor Live CDs (e.g. the good old, now obsolete, Incognito, and its
spiritual successor T(A)ILS) have been doing this for ages.
(note:  this is currently working when running from USB, but sometimes
buggy[0] when running from CD => debugging).

  [0] https://amnesia.boum.org/bugs/buggy_smem_on_shutdown/

  intrigeri <intrigeri@xxxxxxxx>
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
  | We're dreaming of something else.
  | Something more clandestine, something happier.
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/