You'll never guess what you can do once you steal a laptop, reflash the BIOS, and reboot it If you can steal someone's laptop, leave it switched on in sleep mode, crack it open, hook up some electronics to alter settings in the BIOS firmware, restart it, and boot into a custom program... you can swipe crypto keys and other secrets from the system. When computers are restarted, the motherboard firmware can wipe the …
How many people turn their machine off?
I’ve always put it in sleep or hibernate and now get nagged that I’ve not rebooted in a week and the machine goes ahead and reloads when I least expect it as per company policy.
I don’t shutdown so I can restart where I left off the next day. Mac OS handles reloads by putting you back where you left off. It’s weird that windows can’t match that functionality.
If you have a lot of RAM, reading back the hibernation file may be longer than reading just the code to be run and initialize it. With enough cores, the processes than run in parallel, but reading from disk, especially non SSD ones, is still mostly a serial task.
"If you have a lot of RAM..."
Isn't that the silliest thing? That the OS mindlessly stores the entire RAM to disk. 16GB of RAM, fresh from cold boot, Hibernate = 16 GB file. Stoopid stoopid stoopid.
Keep in mind that it's the OS, as in Operating System. Apparently it doesn't know which parts of the RAM are in actual use and which are not.
More accurately, Microsoft can't be arsed to perform this function more efficiently. Lazy pigs.
I expect that they'll figure it out eventually.
At my former employer - it was mandated that desktop machines be shut down at the end of the day.
If it isn't powered up, then it can not be pwned during the overnight/weekend hours.
This policy arose from an incident where an executive left his machine on, and it was infected with malware. Those behind the attack had the whole weekend to surf out or internal network. Cleaning up the mess was one of the reasons why we ditched Windows, and went to Linux. The other being a nastygram from the BSA that was quite costly.
Nothing wrong with powering off when not in use, but perhaps it'd be a good idea to unplug as well. There is something called -- as I recall -- Wake On LAN that allows "powered off" devices to be turned on remotely. Obviously, some hardware isn't as turned off as one might desire when one flips the power switch off. Who knows for sure what is actually running in there when the power is "off".
WoL can usually be disabled from the BIOS settings. As long as your company doesn't use it to apply patches or run backups. Anyway the RAM of a machine left running with different applications opened is usually far more interesting than the RAM of a machine just booted and no one logged on.
Wake on LAN is a BIOS setting actually. I turn mine off on my desktop and All-in-1. I neglected to turn it off once and got awakened by a system update so now it's the first setting I change on the power management page in the BIOS.
I can see this being useful if the PC is in a corporate environment and the IT department pushes out system updates across the LAN, or needs to turn on servers remotely after a power down, but for genera home use it's not necessary.
Good luck to the people that take my All-in-1. They'll be dreadfully disappointed because all that's on that is Xodo PDF viewer and PDFs of sheet music. It beats turning pages while playing the piano!
My desktop gets turned off daily. It takes a less than 30 secs to boot, and few seconds to reload a browser after logging in. The browser I use, Opera, can be configured to reload last pages and tabs anyway so that's no biggy.
This policy arose from an incident where an executive left his machine on, and it was infected with malware. Those behind the attack had the whole weekend to surf out or internal network.
We have 24/7 monitoring of the network and systems logs via two layers of monitoring. And a host based IPS system. And 24/7 on call staff to respond to any incident.
The few times I saw a network pwned, it was due to a lack of a system administrator following policy and either not performing the proper baseline configuration or using found USB mass storage devices on the servers and due to the misconfiguration, autorun installed the malware.
They received punishing paid overtime and were named company heroes for working all of that overtime to fix what they fouled up. Until they promptly reinfected everything, precisely the same way in which they did the first time. The DoD was not amused that time.
My main computer at home is set to turn itself on a few minutes before my phone is programmed to make a very loud noise that is intended to activate me. By the time I fininsh ablutions and find breakfast, the computer is ready and anxious to read mail and the papers. Even with the slowest boot time.
We disable sleep and always have. Hibernate can be attacked using a different method.
I either lock the machine and leave it running or shut it down. Either way, it comes home with me.
Where someone stealing it is unlikely, as they have to get past the security robots, laser wielding sharks, elevators with dubiously reprogrammed controllers, the hallway of flamethrowers, followed by a liquid nitrogen moat. All, while the BOFH MKII watching and waiting.
"How many people turn their machine off?"
I do. Or rather I don't use any sleep or hibernation modes in anything. On the other hand, I don't like laptops much, but I do use a couple that belong to others regularly, and I turn them off when I'm done.
I'm wondering why they didn't tell Linux and BSD people about this, only Apple, Intel, and Microsoft? Even AMD was left out in the cold (pun intended). Of those couple of laptops I mentioned, one is Linux only, the other dual boots Linux and Windows.
Madness.
I shut down. It takes about minute to boot Linux. My old (2002) XP laptop boots in under a minute, or did last year (converting some PSP7 to photoshop format for The Gimp). Making a cuppa or even fetching chilled fizzy water takes longer than a cold boot even with mechanical HDD. Unless you have an "out of the box" Windows with every service on and a load of nonsense autorunning in Startup etc. I've pared a Win7 boot on HDD from 2min 45sec to 20 sec.
I also unplug all chargers overnight. One of the highest fire risks. I can easily recharge any of my gadgets between early evening and bedtime.
Linux CAN start off (and to a limited extent, Windows) where you were from a cold boot. I decided over 10 years ago that this was a bad idea. I can easily get back the documents, web pages and emails I was looking at. All those programs store state on exit (or periodically in case of a crash). Notepad++ on WINE on Linux opens all the documents. If you use native format instead of MS, the LibreOffice remembers your location.
Use case for hibernation is when running out of battery suddenly and no time to save. Sleep MAYBE to carry from desk to desk?
Sleep has always been insecure and also unreliable for peripherals, esp WiFi.
I shut down... ...I also unplug all chargers overnight. One of the highest fire risks.
Use your opponent's strengths against her. When I am finished for the day I simply drive a large nail through the battery compartment of my laptop which consumes the whole assembly with fire and renders the laptop uncompromisable overnight.
"When I am finished for the day I simply drive a large nail through the battery compartment of my laptop which consumes the whole assembly with fire and renders the laptop uncompromisable overnight."
As a bonus, no need to turn on the heater during cold nights. Takes a long time to boot in the morning though, walk to the nearest computer store, buy new laptop, walk to where ever your offsite backups are stored, bare metal restore, walk back home, reboot. Could get expensive, I hope you have a cheap source of suitable large nails.
'swm suggested, "...drive a large nail through the battery compartment..."
Interestingly, the high energy density lithium primary (non-rechargeable) cells used in the latest avionics have to meet a TSO that precludes fire when a nail is driven though them.
Fizz and bubble is okay, but not fire.
I was talking to a friend recently and he had the Federal Office for the Protection of the Constitution visit him. And in a general discussion, they gave some advice.
Their advice was, if a computer gets compromised and it has UEFI, shred it. Don't bother trying to do a clean install, because you can never be 100% sure they haven't slipped something into the UEFI. You can't just throw out the old drives and put new ones in any more. Likewise, even updating the UEFI isn't a 100% guarantee.
Similarly, he was advised that if you are visiting certain foreign countries, you shouldn't take a laptop or phone with you, or rather just a burner phone and laptop with no sensitive information on them and throw them in the bin when you return.
And I thought I was paranoid!
Their advice was, if a computer gets compromised and it has UEFI, shred it. Don't bother trying to do a clean install, because you can never be 100% sure they haven't slipped something into the UEFI. You can't just throw out the old drives and put new ones in any more. Likewise, even updating the UEFI isn't a 100% guarantee.
Understanding the UEFI system, it's simple enough to reset to factory defaults, flash the BIOS to factory as well and wipe the hard drive. Have yet to have a system retain nastiness once I got my mitts on it.
The script deletes all partitions, creates a single full drive partition, formats it, deletes that partition, resets BIOS to factory defaults, flashes the BIOS, resets it again, then creates new partitions, copies base files, reboots and does hash testing on the files, then goes on for installation.
Even the NSA was impressed.
This post has been deleted by its author
I don't see how a firmware password can protect Macs when you can use a SOIC clip (older macs) or JTAG (newer macs) to interface with the UEFI chip directly and reflash the firmware, hex edit the SVS variable or even change a specific value to force the NVRAM to clear on next boot. Obviously requires a fair bit of knowledge rather then the average offload the stolen Mac on eBay scenario but still.
"But encryption keys aren’t stored in the RAM when a machine hibernates or shuts down. So there’s no valuable info for an attacker to steal."
Maybe not - but if they can reflash the firmware, they can put in a keylogger or whatever trojan nonsense they want.
The missing laptop is "found", "handed in" to the hotel, returned to its owner, gets used again, and is p0wned forever more. This is the well-known Evil Maid attack.
"Maybe not - but if they can reflash the firmware, they can put in a keylogger or whatever trojan nonsense they want."
Now "Secure" Boot proponents will tell you that "Secure" Boot saves you from that. However there is a simple workaround to that. Company notebooks typically are from a narrow range of devices easily obtained by any attacker:
Just get the same model, install some form of software mimicking a system booting up then asking for a password and displaying a "wrong password" screen while sending the password off to you.
Then you use some social engineering and secretly swap the laptops. Claim to be from another branch of the same company and leave your business card with your mobile phone number.
Once the victim enters the password, you have it and can unlock the computer. Eventually the victim will suspect there having been a mixup and call you to swap them back.
Article» Whether or not it's easier than smacking the laptop owner with a two-by-four until they give up their login password is, well, an exercise left to our more sociopathic readers.
They are *executives*.
Think of Dilbert's boss and all of his bosses.
Actually just think the c-suite in general.
Think about your last payrise.
What would the BOFH do?
If you happen to be running a device that runs a very specific BIOS, AND it was left in standby, AND it was encrypted, AND the device is easy to crack open (most ultrabooks aren't), AND it was stolen by technologically savvy hackers AND they have the exact custom firmware to flash that make and model, AND they know what they're looking for THEN you should be worried?
I can think of easier modes of attack.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
