For those of us of a certain age may remember the fantastic late 70′s early 80′s program the Dukes of Hazard, it was a complete work of fantasy but it had an appeal to everyone that watched the show – for the kids General Lee and the dad’s Daisy Duke – if you where a kid at the time you didn’t get the later but the dad’s certainly appreciated the short shorts she was infamous for wearing ‘the daisy dukes‘
I guess your wondering what this has to do with security? Well me and you both!
If you work in information security and you have been living under a rock somewhere for the last month or so then you probably will not be aware of the ‘hottest’ attack against disk encryption – cold boot attack against encryption keys. Basically in a nutshell researchers have figured out how to preserve and dump computer memory that contains encryption keys then use these recovered keys to unlock your encrypted system/ files/ folders.
Is I understand it a Daisy Duke is a ‘short’ script (get it) that is run against the cold boot file dump and targets ‘other’ useful information, items such as logon passwords, signatures, documents – anything you wish to recover really and then dumps this information out into a usable format.
I really can see the power of this type of attack and the real benefits – but I have to ask how practical and useful is it?
Well the answer depends on whether you are a pen tester or not; if you are then this is a great way of tormenting customers and breaking everything that they own and then charging the earth – if you are not then you will in all likelihood be in a very small minority that will have physical access, means and motive to actually target some one/ some company to perform this type of attack.
For me the reality of this is simple, if you take care of business with physical security, implement simple things like BIOS protections & power on memory testing then life is good, go home, kiss the wife, play with the kids and sleep easy dreaming of daisy duke.
If you don’t then, well you get everything you deserve…
Check out the register article HERE
And of course a picture of Daisy herself HERE
