On 2/23/01 1:40 PM, "Bryan Harris" <[EMAIL PROTECTED]> wrote:
>
> I just downloaded the public beta of "Search and Rescue", a RAM search
> utility. Just for kicks I searched for my most-secret password that I have
> taken care to memorize and not write down anywhere. Lo and behold, it
> popped up intermixed with my username and my mail server. I tried my other
> passwords and they came up too, similarly. Is this a normal thing? Am I
> supposed to be able to see passwords with a simple RAM search on a machine?
> And what about public-use computers?
Well, at some point it *has* to be in RAM to be sent to the server -- just
the way computers work. Also, kind of like your hard drive, when a
variable is released by a program, it just marks that memory as available -
it doesn't 'zero' it out. So, yes, you will probably be able to find
consecutive memory locations that have the characters of your passowrd, but
this would be true no matter what programs you used.
The thing is, if someone tried to find your password that way, it wouldn't
work they have no idea what your password is, so I wouldn't know what to
look for. It's not like it says "password: bubble4" somewhere in ram -- it
just has the characters b-u-b-b-l-e-4 stored in consecutive ram locations
along with millions of other stuff left over and being used by other
programs.
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
To search the archives:
<http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
