Oh do they? But come… on…, what is this ridiculous demonstration? Okay, okay, it’s the IT Policy School over there, let’s cut them some slack. What they’ve come up with is a way to read seated DRAM under OS lock without specialized hardware, and if they said that, it would be fine.

While I don’t care for their pseudo-slick presentation and shameless self-promotion (with a “blog”?), it is still a curious piece of work. Its unfortunate and regurgitated untechnicality leaves questions, though. DRAM is refreshed in tens of milliseconds, and since DRAM manufacturers are always trying to cut power consumption, I’m going to assume this rate is necessary to ensure reliable read out. There is a 3-order magnitude difference between that and the seconds to minutes reported that DRAM can be without power and still be read, during which time exponential charge decay takes place. Something else has to be going on, no? It just isn’t entirely clear that when the computer is turned off momentarily, on-board capacitors or even on-module capacitors aren’t discharging for long enough to residually power the refresh circuitry [*]. On the other hand, they claim they can remove the RAM completely and (with the help of liquid nitrogen) halt for an hour without power. I have some doubts as they dance around this issue.

As for real implication for security, there isn’t much, if only because this kind of breach isn’t fundamental. We already know that once indefinite hardware access to a running machine is first obtained (a practical requirement for this attack), there are always ways to compromise it. That’s how the Xbox was cracked — I’m talking about in-parallel probes on pins and traces, which can be just as well applied to the scenario here. Unless there are self-destructive mechanisms or other fundamental barriers to hardware access, we are just dealing with a matter of how high is the effort threshold. To fix it, encryption keys should not be stored in RAM in a detectable way, and any TPM modules that are currently being designed should have additional hardware security measures. That’s not hard to do, but in the meantime, let’s sit back and watch an uptick in the cracking of existing software and DRM protection schemes, as protected areas of RAM are opened up to easy hacking — a far more likely and practical fallout.

[*] I just read their full technical documentation, and they seem a little sloppy. They measure (and plot) total module read out error rate, but then fit a curve to it that they justify with MOSFET charge decay characteristics. Isn’t that right? Well, no: error rate should exhibit the typical digitizing water-fall effect of the comparator circuit.

I had only two small problems. One, I had to repartition the only drive because I believed Vista docs, which said it required a min of 15GB. (The nice tool “gparted” did the trick of non-destructive repartitioning — when it didn’t crap out!) Turns out 15GB is total BS. A clean install of Vista Ultimate took 4-5GB on the disk. (I don’t remember having any choice over which version to install, strange!)

The second problem: The installer also refused to begin on a machine with less than 512MB of RAM since it’s the “minimum requirement.” I was poking around for a workaround online and saw people asking the same question. No answer was ever given (no command switch that I am aware of), only a swarm of trolls boasting about their new machines and how Vista could not possibly be useful on anything less than 1GB. Well, utter BS. It’s running right now on 256MB of RAM … Inside VMWare … On a physical machine that actually only has 512MB of RAM … Rendered over a remote desktop connection with all graphics turned on …. And tunneled over an uncompressed PPTP link. The machine is otherwise a P4 1.7GHz. It does just fine. I’m writing this in Vista right this moment and I wouldn’t be doing it if I felt the slightest bit of inconvenience. On a clean boot, the system eats around 160MB of RAM. That’s a lot more than the typical 60MB/80MB of 2000/XP, but it isn’t bad. The way I got it to install was this: I had to set 512MB of RAM for the virtual machine just to let the setup start (and the machine thrashed a bit — due to VMWare paging, not even due to the setup program), but as soon as setup rebooted for the first time, I switched the VM back to 256MB.

It is working well enough that I’m thinking of putting this on a real machine. The usability improvements are good and the sort that exercise the hardware improvements over the years — the Start menu search among them. The metaphors and idioms are still very much what was seen in XP though, so there is much continuity here. Maybe that’s why people say it’s XP Service Pack 11. But I think that’s a good thing in this case.

Next up, installing RDP 6 client for XP and Office 12 beta.