[wisty]

> Physical access == compromise even for devices that are as simple as a hollow metal box.

Only if it's unattended. You can't break a safe, without looking suspicious. You can't disassemble a PC, and take out its hard drive, and not attract a bit of attention.

Being able to root a system by attaching a dongle is a whole different story. It's like auto-play on USB all over again.

[stcredzero]

> Only if it's unattended. You can't break a safe, without looking suspicious. You can't disassemble a PC, and take out its hard drive, and not attract a bit of attention.

Yes, it goes both for a safe and a computer, so you're reinforcing my point about the equivalency of their security. Safes wouldn't be secure at all without the vigilance of bank employees, etc.

With a Firewire device to DMA the password, all you need is to hook up the device long enough to copy all of active memory. Certainly something that could happen at a hackerspace or at a conference. For the James Bond set, invent a device that you can set about 4 feet (1.3 meters) away on the table, and after it's done copying memory, the firewire cord unhooks itself and retracts back into the device.

[carmaa]

Hey.

Do you leave your PC or in standby when traveling? When you leave your desk at work?

More importantly, do you think that end users would expect password protection to work? Even when their PC is on?

There's plenty of scenarios where a PC may end up being in another persons control while powered on. This is a relevant threat scenario. Deal with it.

[Oflameo]

Attaching a dongle seems very suspicions to me, unless it something like a library computer. A library computer shouldn't have any critical data in the first place making the point moot.