The Maxim DS2431 1K EEPROM is 1-Wire device that adds storage to a project using a single microcontroller pin. We previously interfaced a 1-wire thermometer, but this EEPROM is slightly different because it draws power directly from the 1-Wire bus. Grab the datasheet (PDF) and follow along while we read and write this simple 1-Wire memory.
The team from Princeton has released their cold boot attack tools at The Last HOPE. Earlier this year they showed how to recover crypto keys from the memory of a machine that had been powered off. Now they’ve provided the tools necessary to acquire and play around with your own memory dumps. The bios_memimage tool is written in C and uses PXE to boot the machine and copy the memory. The package also has a disk boot dumper with instructions for how to run it on an iPod. There’s also efi_memimage which implements the BSD TCP/IP stack in EFI, but it can be problematic. aeskeyfind can recover 128 and 256bit AES keys from the memory dumps and rsakeyfind does the same for RSA. They’ve also provided aesfix to correct up to 15% of a key. In testing, they only ever saw 0.1% error in there memory dumps and 0.01% if they cooled the chips first.
Continue reading “HOPE 2008: Cold Boot Attack Tools Released”
An article in EETimes suggests that we may see a memristor-based memory prototype in development as soon as 2009. The memristor is claimed by many to be the theorized fourth passive circuit element, linking the fundamental circuit variables of charge and flux. This news may not sound that exciting to most computer geeks, but this new component could usher in a new era of computer memory by forming the basis of RRAM (resistive random-access memory).
Scientists at HP labs have finally confirmed that the memristor behaves as their theories predicted. The reason that the component will work so well for memory is that the process is nonvolatile and the bits themselves will only change after the CPU tells them to. The bits in current DRAM systems slowly fade out and require a refreshment every 50 nanoseconds.
[via /.]
[Rich] over at Securosis takes us through some of his browser paranoia exercises. He uses different browser profiles for different types of web activities. Based on potential risk, various tasks are separated to protect from CSRF attacks and more. Everyday browsing with low risk passwords is done in one. RSS reading with no passwords is done in another. He runs his personal blog in a browser dedicated just to that.
Fellow browser paranoia sufferers may want to consider Firefox plug-ins like NoScript and memory protection from Diehard.
