The Cold Book Attack was resurrected last week by some researchers at f-secure https://press.f-secure.com/2018/09/13/firmware-weakness-in-modern-laptops-exposes-encryption-keys/ . I would like to provide some context for both the exploit and the mitigations because the cold boot attack is just the tip of the iceberg. But first, if you don’t want to know the details, there are steps that organizations can take to protect against Cold Boot attacks on PC’s and Macs when using SecureDoc including:
In the past, I have tried to make the case for encrypting physical servers on premise. The argument for not needing to encrypt them is that these servers usually run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center. The protection that Full Drive Encryption (FDE) brings only really applies to data at rest, and it seldom is at rest on these servers. I would counter that all drives eventually leave the data center for repair or disposal, and having them encrypted protects you from having your old drives show up on eBay, with your customer data still on them. Encrypting the drive means it can be quickly and easily crypto-erased if it is still operational, and if not, the data is still not accessible without the encryption key.
It has been awhile since I last wrote about computer forensics and encryption so it is time for an update.
First, what is Computer Forensics? According to Wikipedia, Computer forensics is, “a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.” In short it is like data recovery, but with additional guidelines and practices designed to create a legal “audit trail” that could be used in court if need be.
I once worked for a company who didn’t believe in Technical Support employees working from home, despite having all the technology in place to allow that to happen. Their reasoning? Technical Support employees couldn’t be effective if they were not in the office. I’ve always thought that thinking was flawed, and my experiences with the work from home policy that WinMagic has in place reinforces that belief.
I once again had the pleasure and privilege to attend the RSA Security conference in San Francisco, CA. rsaconference.com/events/us18. The conference keynotes, sessions and sidebar conversations were a good opportunity to see what the hot topics in security are. I attended a broad selection of sessions. Here are five diverse observations that I came away with:
Back in November of last year, I was part of a conference call with a European customer who needed some high level reassurance from us. As part of that request, they mentioned that our customer portal could not help them properly manage support tickets. Thus, I hijacked the call and started a GoToMeeting session from my desktop. I gave them the opportunity to walk me through exactly what they found problematic about our customer portal. For the next 20 minutes they did a masterful job of highlighting what areas of the customer portal simply weren’t working for them. And If put myself in their shoes, I could see that they were not only right, but it was likely that other customers felt this way and had never said anything to us.
With this knowledge, I did something radical, which was to hold many meetings over the next two months where I would bring a proof of concept to the table, and have the customer critique it. This helped us to get to where we are today. Which is, to announce the release of Phase One of our enhanced customer portal.
One of the things that is unusual about me is the fact that I like to take customer support calls. Now you might find that weird as I do run a global support organization, and presumably I have better things to do than to take tech support calls when I have a staff that I have hired to do that for me. However, I feel that in the interest of making my support organization better, I need to be on the phones from time to time, digging into cases that get submitted via our customer portal, or by e-mail. Here’s why:
Canada’s economy is built upon the success of our citizens, their ingenuity and innovations. WinMagic CEO, Thi Nguyen-Huu speaks of his passion for innovation in building WinMagic, its comprehensive data security solutions, and the value that we bring to our customers in this video produced by Collins Barrow, one of Canada’s largest associations of chartered accounting firms, in celebration of Canada’s 150th birthday!
Recently I was on a call with a customer where one of my Team Leads and the Support Agent did most of the talking. Part way through the call, the customer asked me why I wasn’t saying anything. My response was that both my Team Lead and Support Agent had a plan that made sense and could speak to that plan. On top of that they had the ability to make decisions and adjust the plan without running it by me. Finally, I had complete confidence and faith in their abilities. The fact that I was willing to put that much faith in my people and give them that much latitude was surprising to the customer. And it’s likely surprising to you as well. But I see making the people who report to me as independent as one of the keys to having a world class support organization. To that end, here’s what I do to encourage independence within the Tech Support organization at WinMagic.