Wednesday, April 2, 2008

Researchers dive into memory dumps

Grabbing passwords from untended computers...

Davidoff and Liston created a USB thumb drive that could be plugged into a computer and that would, after the computer was restarted, scan the data left in the computer's physical memory for passwords and other sensitive data. The two researchers created a pair of programs to find the telltale signatures in memory that indicate where a password might be store and called the scripts DaisyDukes because the programs were "very revealing," Liston said.

David mentioned, "The goal here is to see if we can hit an office building in 25 minutes or less and get out with a lot of valuable data".

Attacks aimed at dumping memory using an external drive can be made significantly harder by setting a BIOS password to prevent the system from automatically booting, the researchers said.

Full Article can be read at Security Focus.

No comments: