[ale] Letter of Volatility

Pete Hardie pete.hardie at gmail.com
Wed Jan 29 14:27:00 EST 2014


Hasn't the Snowden leak already revealed that the NSA has something like
that?


On Wed, Jan 29, 2014 at 2:19 PM, Greg Clifton <gccfof5 at gmail.com> wrote:

> Thanks, Jim. I pretty much figured that the keep alive time would be
> pretty short for SDRAM. But you know how anal the government-types can be
> sometimes [always?]. The facts don't matter so much as the DOCUMENTATION of
> the facts. Isn't that why the govt. uses RHEL instead of CENTOS? I.e., if
> you did all the same hardening procedures to a CENTOS box that you did to a
> RHEL box they would be equally secure, but the CENTOS box would not be
> CERTIFIED, correct?
>
> Would it be possible for a bot/virus/trojan to be loaded into BIOS that
> could then grab info when the system is up and running? If it is possible,
> they will be concerned about that and it will need to be addressed in the
> LoV letter.
>
>
> On Wed, Jan 29, 2014 at 1:57 PM, Jim Lynch <ale_nospam at fayettedigital.com>wrote:
>
>>  On 01/29/2014 01:13 PM, Greg Clifton wrote:
>>
>> Maybe this is Off Topic, but it is computer related. So here is the deal,
>> I have a RFQ to quote on some computers to go into a classified application
>> and the customer wants a Letter of Volatility. Now, obviously, the mass
>> storage will be removable, but they are concerned about any memory in the
>> system. I take this to include both volatile SDRAM (DDR3) and any
>> non-volatile memory such as the CMOS for the BIOS (is it possible that some
>> bot could be lurking there that could grab data and send it out when the
>> computer is turned on?).
>>
>>  My question is basically, how long does DDR3 maintain any recoverable
>> data once the power is turned off. I would assume that power should be
>> totally removed (as in unplugged from the wall) so that there is not even
>> 5V standby power, no?
>>
>>  Comments and especially links to solid information would be appreciated.
>>
>>  Thanks in advance,
>> Greg Clifton
>>
>>
>>  Dynamic memory is volatile.  I suspect the data remains for a period of
>> time measured in milliseconds.  Not nearly enough time to unplug and get it
>> to another system.  Unless of course you buy non-volatile DDR memory.
>>
>> One reference: http://en.wikipedia.org/wiki/Dynamic_random-access_memory
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
Pete Hardie
--------
Better Living Through Bitmaps
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140129/5f198b05/attachment.html>


More information about the Ale mailing list