wrong issue

I failed to answer "why", instead, I was answering "what and how".

First, I will acknowlege that a breached computer has no security,

Yes, I do agree that a breached computer has no security.

I do understand that and have for many years.

Also, I understand that the only computer that is 100% secure is
completely isolated from any access. Any access whatsoever creates a
possibility of being breached.

If we assume that any computer that is possible to breach has no
security, then all computers are useless for doing anything with
sensitive information. However, we need to be able to use computers to
work with sensitive information.

Therefore, to get work done, we must accept the risk that our
computers could be breached.

So, we should then take 2 broad categories of actions:

1. Minimize the risk of breach. This is a seperate issue.

2. Minimize the amount of sensitive information that gets exposed when
a breach occurs. This is what the OP is concerned with.

True, there are OS level mechanisms that can help do this, and should
be used. But that does not mean that there is no value in applications
also implementing mechanisms to help do this, such as overwriting
cached passwords after a reasonable amount of time.

Yes, if a breach occurs while the passwords are still present, the
cracker will be able to get them. However, if the breach occurs after
the passwords have expired and been overwritten, then the cracker can
not get them. The shorter the expiration time, the smaller the window
of vulnerability.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719518

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-13 19:02:35 CEST