Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Technically, researchers have proven that you can shutdown a machine, hit the RAM with a cold spray (like liquid nitrogen) and keep the bits "alive" long enough to dump them for analysis.

But, obviously, that's pretty insane. Agree with everything that this is a big leap in the step of better protection for users.



Even if that attacks has close to 100% success rate, I'd imagine it being nigh physically impossible to execute a targeted attack, as you don't know which machine to hit for a specific user. And that seems to be the main threat model we would be concerned about for this.


Of course they know which machine to hit. How do you do customer service without such a basic function?


Mullvad gives you the option to connect to multiple servers. They offer wireguard configs for every endpoint. How does law enforcement know which server the client plans to connect to? There is no metering either, just a flat monthly rate so nothing to track there either.


I find these discussions so tiring. Let me turn it around. In their position, how would you manage this? Might you hook authentication events? Why are you pretending this is hard?


You can connect to mullvad via tor though. If I only ever went to the mullvad site via tor to make an account, paid in monero and only ever accessed the VPN via tor, what is there to hook into?


.. that you can connect to Mulvad via tor says nothing _at all_ about what _Mulvad_ can do which was the discussion point.


There's a fairly easy physical mitigation for this.

Once DIMMs are seated, secure the ends with superglue, then brush conformal coating over the bus traces.

The second step is likely not even necessary if the motherboard is a 4 layer pcb with traces in the middle.


The likelihood of them showing and doing that is low. However, the likelihood of them showing up with a set of USB drives and just running rsync/cp/dd is higher.


Normally you unplug the drives and take them to a lab. Never let the host operating system continue running with those disks!


Maybe in the 90s. Unplugging the drive is how you kick FDE in now. The drive only has value while mounted and running on the host OS.

Even cellphones...you want them running decrypted, but inside a Faraday cage of some kind to block remote wipes.


I don’t know how FDE works so thanks for the correction. I’ve read stories about feds pulling out drives and asking for keys later.

But to run dd wouldn’t you need root access? And couldn’t you use that to dump the FDE keys from memory?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: