Reminds me of the White Knight from Alice in Wonderland, who doesn't
understand his threat model, and doesn't know how to effectively use
his tools:
`I see you're admiring my little box,' the Knight said in a friendly
tone. `It's my own invention -- to keep clothes and sandwiches in. You
see I
Anne Lynn Wheeler wrote:
Virtualization still hot, death of antivirus software imminent, VC says
http://www.networkworld.com/news/2007/121707-crystal-ball-virtualization.html
Interesting how virtualization seems to imply safe in the public
mind (and explicitly in that article) right now
As soon as I heard about this research I had to try it out. My laptop
(Thinkpad) has an encrypted Truecrypt partition. I quickly made a
modified bootable DSL usb memory dumper, powered the machine down,
waited a minute, dumped memory, and found that I could recover passwords
from multiple
Hello all. During the past few months, I've been poking around Linux
memory and consistently finding cleartext login, SSH, email, IM,
Truecrypt and root passwords. I've just finished a paper which includes
detailed location and context information for each password. Given the
recent buzz about
Matt Blaze wrote:
Once sensitive or personal data is captured, it stays around forever,
and the longer it does, the more likely it is that it will end up
somewhere unexpected.
Great point, and a fundamental lesson-of-the-moment for the security
industry. To take it one step further: The amount
Peter Gutmann wrote:
So was this a case of recover data from an active app's memory image
(not surprising) or recover data after the app has exited
(surprising, at least for the crypto apps)?
For this paper, I specifically examined the case where memory was dumped
while the applications were
