First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
Black Hat/DefCon: Welcome to the funhouse
- — 01 August, 2008 08:09
Google Gadgets, those small Web applications that allow users to customize Web pages, will be in for the Black Hat treatment, too.
"The current architecture in the security model around Google Gadgets is highly insecure," says Tom Stracener, senior security analyst at Cenzic. The Web application security assessment provider says it will prove how it's possible for Google Gadgets to take control over each another and steal information from each other.
Still, Black Hat isn't all about deconstructing security. Some experts will show how to take preventative measures to shore up perceived vulnerabilities -- such as the "cold boot" encryption hack.
When Princeton University researchers earlier this year pointed out how it's possible for an attacker to swipe cryptographic keys off a computer through the cold boot technique, it sparked a debate over the safety of stored encryption keys and how they could be grabbed in memory when a machine is being turned off, particularly if subjected to cold temperatures.
"Information can take minutes or even hours to fade out on a computer," says BitArmor CEO Patrick McGregor. "There can be small pieces of information floating around." The Princeton University research generated a lot of concern that "full-disk encryption was useless," McGregor says.
But while the cold boot attack method is not particularly difficult to accomplish -- "you could plug a USB drive into a laptop" to carry it out, says McGregor -- the situation isn't as dire as some think. BitArmor claims to have a few basic defenses, including leveraging temperature sensors in Dell and HP computers, and a way to design a "secure enclave to protect full-disk encryption keys."
BitArmor says it is using these techniques effectively in its own products today and will share what they are at Black Hat.