Step 4: Memory scraping
Here's a photograph of the MacBook's screen as it's booting over the network from Applebaum's laptop.
It was sent and is now executing an "EFI memory scraper" program that reports 1,298,309,120 bytes (1.25 GB) are available to be transfered. Most of that is in the "segment 2" chunk that totals 1,280,458,752 bytes.
Remember, this is still extremely early in the boot process, meaning the contents of memory from the last session have not been overwritten and may still be intact; Applebaum, in fact, is counting on it. Those memory contents could include the AES key used for FileVault, the contents of documents being edited, the text of e-mail being written, and so on. FileVault encrypts only data saved to disk, not data kept in memory.
- Talkback
- Most Recent of 17 Talkback(s)
- Thread View
- Flat View
- Bit Locker
- It seems to me that the problem resides in the TPM. I do not use it. I store my password on a memory stick whereas using TPM stores it in the RAM. If the password is not on the computer to begin with it can't be hacked.... (Read the rest)
- Posted by: cobra96ds@... Posted on: 02/25/08 You are currently: Logged In | Log out
 Supercooled memory? Eriamjh | 02/21/08 |
 Millions at stake in corporate espionage ... terry flores | 02/21/08 |
 re: back doors CobraA1 | 02/21/08 |
| Clearing memory at reboot would not work. ye | 02/22/08 |
| RE: Supercooled memory? bfilipiak@... | 02/22/08 |
| A few things to note CobraA1 | 02/21/08 |
| Careful there georgeou | 02/21/08 |
| hdiutil was simply used to show successful crack terry flores | 02/21/08 |
| RE: (Images: How to bypass FileVault, BitLocker security) d1g1tal_ph3r3t | 02/21/08 |
| RE: (Images: How to bypass FileVault, BitLocker security) riverab0@... | 02/22/08 |
| Addition riverab0@... | 02/22/08 |
 Cox CassidyJames | 02/22/08 |
| I would like to see this tried with Firmware locked duane@... | 02/22/08 |
| Info still unencrypted in RAM... robert.rohr@... | 02/22/08 |
| Bit Locker cobra96ds@... | 02/25/08 |
| Encyption Law wagonhitch5@... | 02/22/08 |
| This is freaky John Musbach | 02/24/08 |
What do you think?
More ZDNet Photo Galleries
- BNET Industries
- Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
-
- The technology industry from a different angle
-
- See what's hot in the auto industry
-
- Stay on top of the energy industry
