[feralchimp]

This attack is hot precisely bc it blurs the local/remote line.

Physical access is relative. 'Remote' vulns are still exploited with some level of physical access: i.e. via a network that lets you touch bits on the other side of the machine's ethernet jack / wireless card.

The other extreme is standing over the ripped carcass of the machine case, triumphantly raising an unencrypted hard disk over your head, and blowing a kiss to the receptionist on your way out through the main lobby.

The OP's attack can be staged multiple hops away, through a physical network of peripheral devices. In a heavy SAN or PPPoFW environment, where FW cables are regularly disappearing under desks, a somewhat-insider could dump a lot of RAM.

RAM which, for some goddamned reason on OS X, apparently contains an unencrypted copy of my login password?! Ouch.

[ComputerGuru]

RAM which, for some goddamned reason on OS X, apparently contains an unencrypted copy of my login password?

Really? Most software does that, most crypto software and encryption algorithms are vulnerable to RAM attacks. It's not as easy to protect against that as you think it is.

[strictfp]

Most software is vulnerable, but only for a very limited time span. If the password is persistent in RAM during an entire session, it's still a WTF.

[wisty]

Better still - this is "plug into a compromised Thunderbolt monitor, and it can own the lower 4 Gigs of RAM on your machine".

Did I mention that Thunderbolt daisychains, so compromising a Thunderbolt monitor (or better still, projector) is a simple matter of plugging an attack machine into the Daisy-chain out port.

Who really worries about plugging their laptop into a projector?

[somestuff]

"The other extreme is standing over the ripped carcass of the machine case, triumphantly raising an unencrypted hard disk over your head, and blowing a kiss to the receptionist on your way out through the main lobby."

Added to the bucket list.