I think the headline should be, "FireWire is insecure and can be used to dump the contents of your RAM." But that's always been true, regardless of OS.<p>Edit: the WinLockPwn tool has been available since 2008, you can just plug one computer into another and dump the RAM. You can then use "signatures" to search for passwords for various systems, including Windows. <a href="http://web.archive.org/web/20090402130220/http://storm.net.nz/projects/16" rel="nofollow">http://web.archive.org/web/20090402130220/http://storm.net.n...</a><p>I like this part:<p><i>I'm also pleased to note... the guy who did it by plugging a Cardbus Firewire card into a laptop that didn't have firewire, waiting for it to auto install it (while at the locked screen!) then winlockpwning it. That's awesome. :)</i><p>So, even if your laptop doesn't <i>currently</i> have firewire, you're still not safe.
I'm no security expert but it was always my understanding is that once an attacker has physical access to a computer it can no longer be considered secure, no matter what. Also, my understanding is that this is a widely accepted fact in the security community. How can a website called "Security Week" ignore this very relevant piece of knowledge then?
Is there any way to get around this? If so, is it implemented in any OS?<p>I'm no encryption expert, but it seems like you would need to store decryption keys (or in this case, the login password) in plaintext so they could be used by the OS.<p>An explanation from an expert would be appreciated.
"Passware says the security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered."<p>Hm, isn't automatic login now disabled by default in the installation process of Lion? The last install I did seemed to have it disabled by default although there was a toggle to switch it on if I so chose.
The article also mentions that truecrypt passphrases can be recovered this way. Is this true? This would seem like a very major security oversight for software whose main focus is security.
It seems an easier solution is to just log off your account rather than shut the entire computer down. Unless it can be accessed from the login screen...
Hands up if you use Automatic Login on your personal computer, whatever OS you might be using. Also, this hack requires physical access to the computer, and by that time no computer, no operating system, can be considered safe.