A little while ago a group of researchers from Princeton University showed the world some practical uses of the RAM Remnants exploit.
And then CNet's own Declan McCullagh had one of the Princeton researchers drop by and Hack his own MacBook FileVault.
This basically meant that no data is really protected from unauthorized access no matter how sophisticated an encryption or access-control program is being used (including "PGP WDE for Mac", and "Checkpoint Pointsec for Mac" and of course "Apple FileVault"), just as long as the host computer is caught with its "pants off" - that is, when it's either turned on and authenticated (even if screen-locked with password), or within a (max~) minute after it's been turned off, or while sleeping (again, even if locked upon resume), and in some cases, hibernated. Actually, if Whole-Disk-Encryption is being used, just the pre-boot authentication is enough - user does not have to be logged on to the OS for the exploiter to access the data (unless FileVault is also used On-Top)
I wasn't comfortable knowing that I couldn't protect my data even if I wanted to, without losing too much Functionality (sleep, screenlock, even log out) ... and Comfort (counting 2 minutes after power off?!)
So after some researched I figured that the MacBook Air, was an ideal (perhaps unintentionally) protection against such exploits, due to its: (1) Soldered Ram - cannot cool and mobilize (2) EFI standard firmware-password - locking ability that does not allow booting from an alternate medium (3) Inability to reset EFI password - by altering the motherboard RAM configuration (July-2008 Article "Except MacBook Air" - article not updated since Rev B appeared)
My problem is, now that I want to buy MBA (Late 2008), a new Apple article appeared: November-2008 Article (MacBook Air Late 2008) suggesting that you can possibly get your lost password reset by a Genius or an Authorized Service Provider.
That scares me, because I can't tell from that new Article if there's a new undocumented way to reset the MBA EFI password, such as a new boot key combination, or a new on-board Jumper Setting or Shorting technique that that prevents "Bricking" MBA's (Late 2008)... Quite honestly, I don't have an actual proof that an MBA Rev A (Early 2008) customer had to have his motherboard replaced if password is lost, so a possibly undocumented Apple workaround could have existed prior to the November-2008 article. But the new article specifically invites MBA Rev B owners to visit service center, not Rev A.
Whatever the workaround may be, I would hope that the procedure renders the RAM remnant exploit impossible (example: the machine has to disconnect power long enough for data on RAM to fully decay, or a RAM zeroing function is completed by EFI prior to resetting NVRAM/Password, etc)
Does anyone have any additional information that could help me understand if MBA Rev B is still secure in that context, or if MBA Rev A really ever was?
p.s. If you think I'm being "overly concerned" about my privacy, like I'm a secret agent or a completely psych paranoid, think again. You don't really know what you have to lose until you've lost it. I'm talking programmers, designers, husbands, wives, attorneys, accountants, and Apple Product Managers with their future products lineup and launch schedule on their laptop hard drives, all protected by a mere false sense of security. a "password". hmm...
And then CNet's own Declan McCullagh had one of the Princeton researchers drop by and Hack his own MacBook FileVault.
This basically meant that no data is really protected from unauthorized access no matter how sophisticated an encryption or access-control program is being used (including "PGP WDE for Mac", and "Checkpoint Pointsec for Mac" and of course "Apple FileVault"), just as long as the host computer is caught with its "pants off" - that is, when it's either turned on and authenticated (even if screen-locked with password), or within a (max~) minute after it's been turned off, or while sleeping (again, even if locked upon resume), and in some cases, hibernated. Actually, if Whole-Disk-Encryption is being used, just the pre-boot authentication is enough - user does not have to be logged on to the OS for the exploiter to access the data (unless FileVault is also used On-Top)
I wasn't comfortable knowing that I couldn't protect my data even if I wanted to, without losing too much Functionality (sleep, screenlock, even log out) ... and Comfort (counting 2 minutes after power off?!)
So after some researched I figured that the MacBook Air, was an ideal (perhaps unintentionally) protection against such exploits, due to its: (1) Soldered Ram - cannot cool and mobilize (2) EFI standard firmware-password - locking ability that does not allow booting from an alternate medium (3) Inability to reset EFI password - by altering the motherboard RAM configuration (July-2008 Article "Except MacBook Air" - article not updated since Rev B appeared)
My problem is, now that I want to buy MBA (Late 2008), a new Apple article appeared: November-2008 Article (MacBook Air Late 2008) suggesting that you can possibly get your lost password reset by a Genius or an Authorized Service Provider.
That scares me, because I can't tell from that new Article if there's a new undocumented way to reset the MBA EFI password, such as a new boot key combination, or a new on-board Jumper Setting or Shorting technique that that prevents "Bricking" MBA's (Late 2008)... Quite honestly, I don't have an actual proof that an MBA Rev A (Early 2008) customer had to have his motherboard replaced if password is lost, so a possibly undocumented Apple workaround could have existed prior to the November-2008 article. But the new article specifically invites MBA Rev B owners to visit service center, not Rev A.
Whatever the workaround may be, I would hope that the procedure renders the RAM remnant exploit impossible (example: the machine has to disconnect power long enough for data on RAM to fully decay, or a RAM zeroing function is completed by EFI prior to resetting NVRAM/Password, etc)
Does anyone have any additional information that could help me understand if MBA Rev B is still secure in that context, or if MBA Rev A really ever was?
p.s. If you think I'm being "overly concerned" about my privacy, like I'm a secret agent or a completely psych paranoid, think again. You don't really know what you have to lose until you've lost it. I'm talking programmers, designers, husbands, wives, attorneys, accountants, and Apple Product Managers with their future products lineup and launch schedule on their laptop hard drives, all protected by a mere false sense of security. a "password". hmm...
