Whenever a laptop containing lots of private data is lost, there are calls for 'disk encryption' that encodes all of a computer's data to become standard practice. But a dramatic new result by security researchers at Princeton suggests it is no panacea.
They've shown that a computer's RAM - short term memory - can give it away.
RAM needs power to hold data; but the researchers have found that information can persist for up to minutes after the power is cut. That's long enough to extract the key needed to unscramble the encrypted disk, which is always kept in a computer's RAM.
An accessible video (below or here) explains the team's findings in more detail. And you can read more at a website set up to explain the work.
The RAM in most computers can hold information for a few seconds to a minute after power down. But cooling the RAM chip can extend that to up to ten minutes. Another video shows how an image held in RAM slowly degrades after the power is turned off.
The attack works on any laptop powered up, or in sleep/hibernate mode. Some machines using Microsoft Vista's BitLocker disk encryption are even vulnerable when switched off completely. Apple's FileVault and popular disk encyption software TrueCrypt suffer the same problem.
Since lots of sensitive data is carried around on entirely un-encrypted formats you could argue this is of little consequence. Properly safeguarding such data is more of a policy than a technical problem. Nevertheless, it will be interesting to see how long before this new attack appears 'in the wild', if at all
source http://www.newscientist.com/blog/technology/
OpenSource Disk Encryption Software:
TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).
Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on-the-fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on-the-fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt. For an illustration of how this is accomplished, see the following paragraph.
Let's suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading next small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types, not only for video files.
Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).
http://www.truecrypt.org/
2/23/2008
2/20/2008
D-Link въвежда нови Green Ethernet комутатори
naposledyk mi vurvi na "saving energy" temi.
Мрежовите устройства намаляват до 45% разходите за електричество
Доставчикът на мрежови решения D-Link обяви новите се “зелени” продукти с грижа за околната среда. След като в края на миналата година компанията първа на пазара представи енергоспестяващата си гама D-Link Green Ethernet, сега добави нови продукти към серията и отвори концепцията за “зелени мрежи” към бизнес потребителите чрез неуправляемите Green Ethernet комутатори DGS-1016D 16-port и DGS-1024D 24-port.
Компаниите в цял свят чувствително намаляват оперативните разходи и оптимизират използването на ценни ресурси, за да следват политиките на социална отговорност. Новите Green Ethernet комутатори на D-Link „разпознават” кога свързаното с тях устройства е изключено, за да приведат съответния комуникационен порт в режим на готовност (или т.нар. stand by), като по този начин намалят количеството електроенергия, което този порт използва.
16-портовият DGS-1016D и 24-портовият DGS-1024D гарантират до 45% по-ниски разходи за електроенергия, твърдят от компанията. И докато традиционните комутатори използват пълна мощност за прехвърляне на данни през Ethernet кабели, независимо от тяхната дължина, Green Ethernet технологията редуцира използваната електроенергия и в съответствие с дължината на кабелите, която се отчита автоматично от устройствата на D-Link.
”Развиването и усъвършенстването на D-Link Green Ethernet продукти в бизнес класа, както и за малкия и среден бизнес, е основен приоритет на компанията през 2008 г. Тази тенденция ще бъде ясно забележима и на българския пазар”, коментира Анелия Чакърова, мениджър на D-Link България.
Мрежовите устройства намаляват до 45% разходите за електричество
Доставчикът на мрежови решения D-Link обяви новите се “зелени” продукти с грижа за околната среда. След като в края на миналата година компанията първа на пазара представи енергоспестяващата си гама D-Link Green Ethernet, сега добави нови продукти към серията и отвори концепцията за “зелени мрежи” към бизнес потребителите чрез неуправляемите Green Ethernet комутатори DGS-1016D 16-port и DGS-1024D 24-port.
Компаниите в цял свят чувствително намаляват оперативните разходи и оптимизират използването на ценни ресурси, за да следват политиките на социална отговорност. Новите Green Ethernet комутатори на D-Link „разпознават” кога свързаното с тях устройства е изключено, за да приведат съответния комуникационен порт в режим на готовност (или т.нар. stand by), като по този начин намалят количеството електроенергия, което този порт използва.
16-портовият DGS-1016D и 24-портовият DGS-1024D гарантират до 45% по-ниски разходи за електроенергия, твърдят от компанията. И докато традиционните комутатори използват пълна мощност за прехвърляне на данни през Ethernet кабели, независимо от тяхната дължина, Green Ethernet технологията редуцира използваната електроенергия и в съответствие с дължината на кабелите, която се отчита автоматично от устройствата на D-Link.
”Развиването и усъвършенстването на D-Link Green Ethernet продукти в бизнес класа, както и за малкия и среден бизнес, е основен приоритет на компанията през 2008 г. Тази тенденция ще бъде ясно забележима и на българския пазар”, коментира Анелия Чакърова, мениджър на D-Link България.
2/14/2008
2/06/2008
2/05/2008
Cisco Announces New Expert-Level Cert for Design: CCDE
Source: TCPmag.com
1/22/2008 -- Cisco Systems today announced a new expert-level certification, the Cisco Certified Design Expert (CCDE), for high-level IT pros who design and architect enterprise networks.
The CCDE is modeled after the company's flagship Cisco Certified Internetwork Expert (CCIE) certification for high-level networking pros. Like the CCIE, the CCDE will have a qualification exam and an eight-hour hands-on exam. Pricing is the same: $315 for the qualification exam and $1,400 for the hands-on exam.
Unlike the CCIE -- which offers specializations for Routing & Switching, Security, Voice and other areas -- the CCDE will not offer tracks. "This is above the tracks," said Jeanne Dunn, senior director of learning at Cisco. "You have to know voice, have to know security, but it's at a higher level. To be a designer, they have to go beyond [to] see how it all works together."
And while the new title is technically the same level as the CCIE, according to Dunn, the CCDE will be more difficult to achieve. "You have to know what a CCIE knows to design, you have to have been there and done that," she commented. "Many people are going to take this are already CCIEs. That's [our] target audience -- [they've] done enough planning and architecture where they are the right candidates to be looking at this new credential."
Another difference is how the CCDE practical exam will work. While the CCIE focuses on hands-on lab work and troubleshooting -- candidates are required to travel to one of 10 Cisco labs worldwide with the equipment set up for this testing -- the CCDE will use scenarios and simulations focused on the planning and designing of architecting. It will be a "rich media experience," according to David Bump, Cisco certification portfolio manager.
And although the practical exam's development isn't far enough along (it's scheduled to be released in "fall 2008") to say how candidates will share their knowledge through the exam, the new format means Cisco can work with its standard exam delivery provider, Pearson Vue, to deliver the exam through its wider worldwide network when it does launch.
While the CCDE practical is a ways off, the new CCDE qualification exam -- 352-001 (ADVDESIGN) -- launched today in Pearson Vue testing centers worldwide. Objectives for the two-hour, 120-question exam are available here.
Candidates must pass the CCDE qualification exam in order to qualify for the practical. Like the CCIE qualification exams, passing the CCDE qualification automatically recertifies any associate- or professional-level Cisco certification candidates may hold.
InternetworkExpert Dynamips Workbook vol 2
Internetwork Experts zabawiat releasewaneto na vtoria si workbook poradi security prichini koeto malko me razocharowa i mi zagubiha znachitelno vreme, oficialno beshe predvideno da izleze na 15Jan koeto i do den dneshen (5 FEB 2008) ne se e sluchilo.
Cisco Unveils Nexus 7000 Series
Support for up to 256 10 Gigabit Ethernet or 384 10/100/1000 Ethernet ports in a single 10-slot chassis
• A fully modular and fully redundant 10-slot chassis with front-to-back airflow and integrated cable management
• Dual dedicated supervisor modules, providing exceptional high-availability features with no service interruptions even during hardware and software upgrades
• Highly scalable fabric architecture supporting up to five fabric modules for load-balanced, fault-tolerant operation and designed to deliver 230 Gbps per slot of bandwidth at release, with future support for more than 500 Gbps per slot
• Virtual output queuing and Fabric Arbitration, deliver quality of service (QoS) and fairness across all ports, even during congestion, and provide the basis for future unified I/O
• Integrated security hardware support for Cisco TrustSec, providing data confidentiality while simplifying and scaling access control
• Fully distributed forwarding engines, providing scalable packet processing and forwarding
• Three load-sharing power supply modules, allowing either 110V or 220V AC inputs. With 220V AC inputs these power supplies will deliver fault tolerance for a fully loaded chassis with worst-case N+1 and grid redundancy
• A fully modular and fully redundant 10-slot chassis with front-to-back airflow and integrated cable management
• Dual dedicated supervisor modules, providing exceptional high-availability features with no service interruptions even during hardware and software upgrades
• Highly scalable fabric architecture supporting up to five fabric modules for load-balanced, fault-tolerant operation and designed to deliver 230 Gbps per slot of bandwidth at release, with future support for more than 500 Gbps per slot
• Virtual output queuing and Fabric Arbitration, deliver quality of service (QoS) and fairness across all ports, even during congestion, and provide the basis for future unified I/O
• Integrated security hardware support for Cisco TrustSec, providing data confidentiality while simplifying and scaling access control
• Fully distributed forwarding engines, providing scalable packet processing and forwarding
• Three load-sharing power supply modules, allowing either 110V or 220V AC inputs. With 220V AC inputs these power supplies will deliver fault tolerance for a fully loaded chassis with worst-case N+1 and grid redundancy
2/04/2008
Google exec confirms phone in the labs
So it seems that the oft-rumored handset from Google has taken that final leap into the "confirmed" column, though it may not be quite the be-all, end-all device we were expecting. Isabel Aguilera, Google's chief executive in Spain and Portugal, has admitted that the searchmeisters have some mobile goodness in the works but appeared to play down the project, noting that the phone is just one of 18 R&D initiatives the company currently has underway. Furthermore, she mentioned that Google's mobile skunkworks were designed to make their way into developing countries, suggesting that this may not be the Samsung sourced, iPhone-killing monster we'd been getting an earful about as of late. But hey, if Apple intends to turn the iPhone into a multi-device franchise, Google's entitled to do the same, is it not?
source:http://www.engadget.com/
source:http://www.engadget.com/
Subscribe to:
Posts (Atom)