The Return of Pavlov’s Squirrels
Attendees at the recent Redemtech company picnic were presented with bird feeders as part of the company’s overall message to be good to the environment. It took less than a day for the acerbic, acrobatic squirrels that creep into my back yard to disassemble the bird feeder and chew a hole in the side of it. And these guys are part of the environment we’re trying to rescue!
Last August, I wrote a blog (See: Attack of Pavlov’s Squirrels) about the squirrels that rob my bird feeders and it become one of the more popular missives posted on the corporate site. Of course, I had a data security message embedded in the tale of rodents strung out on sweet corn, but for more than a year, people have been reminded of Pavlov’s Squirrels when they see me. “You’re the guy who wrote about the squirrels, right?” they say. I, in turn, blush and duck under my desk.
In the year since the initial squirrel attacks, I replaced my old bird feeder with a heavy-duty armored model that supposedly prevents rodent raids because any time something larger than a finch or a cardinal lands on it, the seed chutes close. The squirrels studied the problem for about a week before coming up with an ingenious plan to leap from nearby trees and knock the feeder swinging, so that the seed pours out on the ground.
I didn’t have much hope for the new little feeder I got from the picnic, but hung it from the armored truck feeder anyway, hoping the squirrels wouldn’t notice. But there always seems to be something or somebody out there eager to disprove a theory we embrace that we hope will ensure security.
Such is the case with encryption. Many companies tout encryption, the process of scrambling data so that it can't be unscrambled without access to a key, as the saving grace for off-network security. If your hard drive or your laptop is encrypted and somebody steals it, you’re safe, right?
Then last February, a bunch of wise guys at Princeton University claimed they had developed a simple method to steal encrypted information stored on computer hard disks. The concept was pretty simple: they said if you chill a computer memory chip – say, with a blast of frigid air from a can of common dust remover - you can freeze critical data, thus undermining the security software designed to protect the data. The technique exploits a vulnerability of the DRAM chips that temporarily hold data, including the keys to modern data-scrambling algorithms.
More recently, security researchers presented a conference paper on a new kind of "cold-boot attack" that allows an attacker to cut power to a targeted machine that is in sleep mode, restore the power, and boot a malicious operating system from a USB drive that can copy the RAM contents. An attacker then can read the RAM data, including encryption keys, after rebooting into a different operating system or removing the memory chips and placing them into a different computer.
Encryption is a best practice that Redemtech recommends in tandem with other off-network data protections, but as “chilling” evidence collects that encryption has definite drawbacks, it becomes important to realize that like any basic security plan, it’s safer to rely on a variety of proven solutions that, when combined, can keep the vermin out of your data.
Comments