For the truly paranoid, this immediately cuts the power on a Linux system when a chosen USB key is yanked out:

http://git.zx2c4.com/knock-knock-token/tree/knock-knock-toke...

Shouldn't it be "...for OS X" these days just as "for Windows" is better than "for PC".

Apple itself advertises it's software "for Mac" [0] and not "for OS X" so I'd say that's the right way to do it.

- "GarageBand for Mac"

- [0] https://www.apple.com/support/mac-apps/facetime/

With PC, that could mean any personal computer (Windows, OSX, Linux etc.) Mac is pretty well understood as PC's that are running OSX.

This is awesome, but what about hotplug? I think a DMA/coldboot attack requires enough sophistication, adding hotplug to take the laptop isn't a huge burden on top.

I guess it'd be harder for ethernet, but still feasible (and many people use wireless - so the attacker could just work out of a van or room from wireless range).

Doesn't OS X already disable DMA access automatically when FileVault is enabled and the screen is locked?

Sort of. We think. I dunno:

https://security.stackexchange.com/questions/18720/how-secur...

Update:

https://github.com/iSECPartners/yontma-mac/issues/4

This looks pretty awesome. Is there any information as to how it impacts battery life and resources? It seems pretty small so I'm guessing not much.

How often do you lock your computer with ethernet plugged in but no power cable?

An incredibly valid point.

Kudos, iSEC. Love how you guys are always giving back.