BHDC11 - De-anonymizing Live CDs through Physical Memory Analysis
intrigeri
intrigeri at boum.org
Wed Jan 12 11:11:28 UTC 2011
Hi,
coderman wrote (11 Jan 2011 20:21:13 GMT) :
In order to
> solve this problem, we present a number of techniques that allow for
> complete recovery of a live CD’s in-memory filesystem and partial
> recovery of its previously deleted contents. We also present memory
> analysis of the popular Tor application as it is used by a number of
> live CDs in an attempt to keep network communications encrypted and
> anonymous.
> (do Tor Live CDs need a new kexec target for memtest sweeps / ram
> zeroisation? :)
As far as I understand, this seems like enhancements over the cold
boot attack, and one more reason why Tor Live CDs should wipe the
system memory on shutdown. Am I misunderstood?
Most Tor Live CDs (e.g. the good old, now obsolete, Incognito, and its
spiritual successor T(A)ILS) have been doing this for ages.
(note: this is currently working when running from USB, but sometimes
buggy[0] when running from CD => debugging).
[0] https://amnesia.boum.org/bugs/buggy_smem_on_shutdown/
Bye,
--
intrigeri <intrigeri at boum.org>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| We're dreaming of something else.
| Something more clandestine, something happier.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list