Re: Credentials held unencrypted in memory during runtime

From: John McNamee <jpm_at_microwiz.com>
Date: Tue, 12 Apr 2011 07:24:01 -0500

Stefan Küng <tortoisesvn_at_gmail.com> wrote:
> If you're system is configured so that users actually can open and
> read the paging file you don't need to worry about security issues
> anymore. Because you don't have any security at all and therefore
> can't have any issues with it. Can't have an issue with something that
> doesn't exist.

The issue is not what happens while the OS is running. Proper configuration
should prevent any information leaks, and improper configuration means you've
already lost.

The problem is what happens if an attacker can examine the disk while the OS
is offline. There have been too many examples of laptops being lost/stolen
with sensitive data on them to dismiss this scenario.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719073

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 15:11:05 CEST

This message: [ Message body ]
Next message: Feldhacker, Chris: "RE: Credentials held unencrypted in memory during runtime"
Previous message: John McNamee: "Re: Credentials held unencrypted in memory during runtime"
In reply to: Stefan Küng: "Re: Credentials held unencrypted in memory during runtime"
Next in thread: Dale McCoy: "Re: Credentials held unencrypted in memory during runtime"
Reply: Dale McCoy: "Re: Credentials held unencrypted in memory during runtime"
Reply: David Huang: "Re: Credentials held unencrypted in memory during runtime"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]