Re: [Fed-Talk] Passware grabs Mac passwords over FireWire
Re: [Fed-Talk] Passware grabs Mac passwords over FireWire
- Subject: Re: [Fed-Talk] Passware grabs Mac passwords over FireWire
- From: "Link, Peter R." <email@hidden>
- Date: Tue, 26 Jul 2011 13:02:58 -0700
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Passware grabs Mac passwords over FireWire
FV2 requires an initial unlocking before the regular logon screen (double login).
As far as this product, what does "The security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered." mean? Does it mean if you turn off automatic login, the password isn't stored in RAM? Their statement doesn't make a lot of sense since turning the computer off empties RAM anyway (I know, someone "proved" it is still there for a short period of time) so why worry about the Automatic Login setting. If they actually mean either of these works, then I don't know of any government computer that is allowed to use automatic login so this problem is moot.
On Jul 26, 2011, at 12:47 PM, David Whitley wrote: The website says that FV2 will not prevent this, but I wonder if it can still do it if the computer is on, but you aren't logged in. Isn't FV2's decryption done post-login?
Peter Link Cyber Security Analyst Cyber Security Program Lawrence Livermore National Laboratory PO Box 808, L-315 Livermore, CA 94550 email@hidden
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden