Powered by TypePad

« There Will Be Oscar Coverage | Main | McCain, Loopholes, And The Times Waltz »

February 23, 2008



I figure the only way I can stay on top of things is to open mup my house to a worthy teenaged boy.

Rick Ballard

I've already forgotten - am I supposed to embrace TM's views or reject them? 'Cause I wanna do what's right.

A JOM commenter manual would be helpful.

I found this sentence from the article rather enlightening: "The Princeton researchers acknowledged that in these advanced modes, BitLocker encrypted data could not be accessed using the vulnerability they discovered."

So, if you would like to actually protect your data you have to go through all the time and trouble to use an "advanced mode"?

Earthshattering news.


I'm waiting for the movie, when Tom Cruise can explain it to me.

I agree.

hit and run

I'm waiting for the movie, when Tom Cruise can explain it to me.

Oh, I'll exlain it to you.

From the article:

Officials at the Department of Homeland Security, which paid for a portion of the research, did not return repeated calls for comment.

This is yet another example of Chimpymchitlerburton and his master Cheney clearing the way in order to spy on every American in their push for their fascist takeover of this country.

Wake up people.

We need to speak truth to power! We need more outrage! We need to march and burn candles!

We can't sit back while this is happening.

Impeach Bush now!


...in their push for their fascist takeover of this country.

Empty threat. When the military comes to grab us up and take us to the camps, they won't have any ammunition or guns.

Or training.

Hell, no camps either, most likely.

No pasaran, venceremos.


when Tom Cruise can explain it to me

I'm not Tom Cruise and I did not even stay in a Holiday Inn last night but ... years ago was a Strategic Air Command crypto tech and I have designed computer chips so I could explain it ... but then I'd have to ... well you know the rest.


Some of you guys claim to have not gotten the memo, but I know you have been made aware of it. A cease and desist letter is being drawn up as I type by our crackerjack legal team. Ignorance of the law is not a defense, I might add. Until actual receipt of the C&D letter is received, I would caution you that others are watching, hardly ever, but that is not the point, and our percentages need to be above 99% next time. I refer you to the post at 2:29 PM as to proper response to a post by dear leader at JOM.


You want it run through the translation program developed by L Ron Hubbard? How will that make it clearer TM? I know I am required to stand and salute, but really there are a few things, cooked beets and scientology where I have to draw the line...

hit and run

Empty threat. When the military comes to grab us up and take us to the camps, they won't have any ammunition or guns.

Hah! No way. Bush has sent all the people who COULD stand up to his imperial march toward his fascist despotism and sent them overseas. Without bullets.

The bullets are currently being housed under fort knox -- until Rove has brainwashed enough mindless Bushie minions to do his bidding and suppress the will of all free people who would resist.

This blog is a target and judging by the posts I read here, Rove is probably 67% finished with his work.

Sheeple. You're all sheeple. Being led to slaughter.

Annoying Old Guy

Mr. Ballard;

The advanced modes require additional hardware, which you have to not lose, so it's not quite as simple as clicking a checkbox.


I'm not Tom Cruise, but I would dare to provide an explanation. Modern computer memory works by putting electrons in boxes. The boxes, however, are leaky. In the standard way computer scientists solve problems, the solution implemented was to put some extra circuitry that checks the boxes and re-fills them as necessary, fast enough so that boxes never empty out. When you turn off the power, that extra circuitry gets turned off too, and the electrons all leak out, erasing the memory. These encryption schemes depend on this to destroy the encryption key when the computer is turned off, so if it gets stolen the data is safe.

What these guys have discovered is that

1) The electrons don't leak out as fast as people thought.
2) If you freeze the chips, the electrons leak even slower, so slowly that you can figure out which boxes were filled hours later.

Frankly, I am not sure how much of a problem this really is. You'd have to make the snatch within minutes of power off, and be able to pop open the computer and chill the chips basically immediately. And if you can do that, why not just snatch the laptop while it's still turned on?


Wait...I don't really see the big deal here.

they're talking about memory chips, no? Well, then, in order to get that data by freezing it in place, it has to BE in the memory chip.

Which also means someone would have to actually use those keys within a finite period of time just before the breath of cold air is blown over the chip.

Memory in your memory chip is overwritten constantly AS YOU USE your computer.

It's interesting that they've discovered freezing keeps the data around, but that in and of itself wouldn't raise eyebrows so they , like the NYTimes, envelop a factoid in a bit of scare mongering about data security.


X-posted with that Old Guy.

Barry Dauphin

In an attempt to hide the fact that it wants to sell oil for people to burn, greedy & evil executives of Big Oil hatch a plan to steal the encyrpted data from everyone's computers by hiring illegal aliens to break into everyone's houses and freeze their chips, which mysteriously impels them to drive their cars long distances for no apparent reason. That is until a single man learns of their dastardly ways.

"See this movie..."--George Clooney
"It made me cry..."--Michael Moore
"Ya done good..."--L Ron Hubbard

Tom Cruise starring in Global Warming, Local Cooling


There's really nothing here, for a PC owner to worry about. Why? Because there's one primary tenet of security that the articles on this failed to mention. And it's a pretty simple one.

"If the bad guy has physical access to your hardware, you have no or weak security."

On the other hand, this does pose a problem for people who want to keep some data secure but who can't keep the hardware under lock and key. For example, consumer electronics devices that are implementing digital rights management to keep people from stealing encrypted media. This just goes to show that that task is basically doomed no matter what.


First thing Tom Cruise will do is remind you how to spell 'chilling'.

Or is this another failure of the Bush administration to provide its loyal foot soldiers with enough consonants?

Charlie (Colorado)

If you are a little more wary and you were depending on power off to save you from having your keys taken, you need to think about this —- but how much of a risk is it really?

I suggest not much. While it’s true that this could be used to get at encrypted data, let’s think about what it takes to do it. First of all, at normal operating temperatures according to the paper, data persists in DRAM for roughly between three and thirty seconds, and the fancier and more recent your computer is, the faster the data disappears. So long as you shut down your computer, within a minute or so, you’re safe from this attack. (You’re not, of course, safe from someone holding a gun to your head and saying “give me the key,” which would be a more common attack anyway.)

From an article on PJM by (ahem) me.

JM Hanes

Nice work Charlie! My sister once told me that the problem with computer experts is that the people who know enough to help you can no longer communicate in human terms. Don't know if the remark was original with her, but you're apparently the exception that proves the rule.

It does seem like such cryo crooks would be pretty easy to beat. Just don't leave the room for 60 seconds. I wouldn't think that most folks with a lot of valuable data would walk away from a computer in sleep mode, but I suppose once in a blue moon, nature calls. Any theft where you have to take physical possession of somebody's chips within a 30 second window is going to be pretty difficult to orchestrate without the equivalent of a gun in the first place, so why wait till they shut down?

The real risk such generally useless discoveries represent is that they stiimulate other ideas that do work. That, in fact, is one of the fundamental dynamics in creative problem solving.

Charlie (Colorado)

I wouldn't think that most folks with a lot of valuable data would walk away from a computer in sleep mode, ....

Oh, wouldn't it be pretty to think so. This happens to be very specifically what I do --- encryption of data at rest --- and I could tell you stories that would curl my hair if I didn't shave my head. But usually, it's nothing near as fancy as this attack: it's someone who copies a whole master data list onto his laptop to work at home, and loses it, or --- as happened to IBM recently --- a whole box of backup tapes that falls off a truck and is lost.

Charlie (Colorado)

By the weay, Tom, I've gotten way more referrals from JOM today than I have from PJM....

"If the bad guy has physical access to your hardware, you have no or weak security."
Long ago I read a story about a DECUS conference where someone had set up a "hacker proof" pdp-11 and was challenging all comers to break in. A whole line of folks queued up to try all of the standard X11 tricks, all of which had been successfully closed up. Until the guy who got to the front of the line reached around the back, pulled the power cord, and plugged it back in. They didn't even wait for the computer to finish booting before handing over the prize...

Your data is at greater risk from a Chinese trojan-infested digital picture frame you plug in to your PC to download pictures than from frozen chips.

And most of us have more to worry about the file of passwords we printed out and keep in the dresser drawer just in case.

Then there is the over-the-shoulder look at the key-in of the ATM PIN number.

And all your passwords are too short.

If security is a business issue for someone, leave it up to professionals to advise you. If it is a personal issue, just do the sensible things. Data loss is a greater threat than data theft.


Aw cathyf, thanks for the memories. I spent 18 of the best years of my life working for DEC. You DO remember what PDP stands for.....don't you? ;-)


I'm sorry, too young to know that... ;-)

I spent the first 5 years of my career as a VMS system manager -- which I learned by reading the manual and calling the Colorado Springs tech support people. I bet they moved the phone center to India even before they got bought out. The local Chicago FE's were some of my favorite people. I taught them to claim themselves as members of The Sacred Order of the Black Hand (the holy priesthood of laser printer & copy machine repair people.)

...ah, those were the days...


Just shoot anyone you see carrying liquid nitrogen around.

Cathyf, HP (buyer of Compaq which previously bought DEC) did outsource their call center to India. As a customer, I was underwhelmed, to be kind. No, let me write the truth. I have never seen anything, ever, as poorly planned and executed in my life.

It may be working now, I don't know. We cannibalize surplus machines to keep the rest going.

The VMS and TRU64 UNIX and hardware pros they have left are first rate, but the customers are being stranded. Unfortunately for HP, there are other choices out there when you have to convert off of TRU64, and only one of them belongs to HP.

The comments to this entry are closed.