Re: Credentials held unencrypted in memory during runtime

From: David Huang <khym_at_azeotrope.org>
Date: Tue, 12 Apr 2011 13:19:51 -0500

On Apr 12, 2011, at 7:24 AM, John McNamee wrote:
> The problem is what happens if an attacker can examine the disk while the OS
> is offline. There have been too many examples of laptops being lost/stolen
> with sensitive data on them to dismiss this scenario.

If you're concerned about that scenario, you should encrypt your hard drive.

Or at the very least, your pagefile:

fsutil behavior set EncryptPagingFile 1

These sorts of issues should be handled at the OS-level or lower; not on a per-application basis.

-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym_at_azeotrope.org |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 35 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719171
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].

Received on 2011-04-12 20:20:02 CEST

This message: [ Message body ]
Next message: Todd Gleason: "RE: Visual Studio 2010 SP1 Tortoise SVN 1.6.15"
Previous message: Robin Guest: "Re: Credentials held unencrypted in memory during runtime"
In reply to: John McNamee: "Re: Credentials held unencrypted in memory during runtime"
Next in thread: Feldhacker, Chris: "RE: Credentials held unencrypted in memory during runtime"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]