Passwords Can Sit on Hard Disks for Years 449
CygnusXII writes ""As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. There are some obvious safeguards, such as never allowing your computer to store your passwords. But even that is no guarantee of security." "
No Guarantee of Security?!?! (Score:5, Funny)
Re:No Guarantee of Security?!?! (Score:2, Funny)
Re:No Guarantee of Security?!?! (Score:5, Interesting)
Just buy a boatload of ram and disable virtual memory. Problem solved.
Of course, you could always use Knoppix or something similar whenever buying on-line. This would also solve the problem for the truly paranoid.
Re:No Guarantee of Security?!?! (Score:4, Insightful)
Of course, because everyone knows that retailers all use crackerjack security and are completely impenetrable by malicious forces.
(Everyone always forgets that these are two-party-- or more-- transactions.)
Re:No Guarantee of Security?!?! (Score:5, Informative)
Re:No Guarantee of Security?!?! (Score:3, Informative)
It does if you don't have the minimum memory requirements.
From the knoppix [knoppix.org] website
"20 MB of RAM for text mode, at least 96 MB for graphics mode with KDE (at least 128 MB of RAM is recommended to use the various office products),_"
Not to mention, you can still mount your local drive and store data on it.
hmm seems like a whole lot of touching going on....
I think maybe it can (Score:3, Interesting)
Re:I think maybe it can (Score:3, Insightful)
Even if your standard RAM didn't have any chance of storing recoverable data, I'd bet any spooks worth their salt would do it anyway. There always the chance someone could have substituted in some flash-ram backed 'custom' jobbies.
Re:No Guarantee of Security?!?! (Score:5, Informative)
There ARE methods to get data off of a hard drive platter that has been overwritten only once, but this requires the hard drive to be removed from the computer and physicly disassembled, and is quite expensive.
Re:No Guarantee of Security?!?! (Score:3, Interesting)
An analogy I use, which is not terifically accurate on technical terms, but which does a good job of illustrating the point is this:
Think about hard disk heads writing 1xxxxxxx or 0xxxxxxx when they store data on the disk. The 1 and 0 are the signal strength at an arbitrary magnetic value of 10^8, while the remaining lesser magnetisms are left more or less unaffected. Actually, whatever existed there has its power diminished, so you sort of see a
Yikes! (Score:4, Funny)
Re:Yikes! (Score:3, Funny)
Hehe (Score:5, Funny)
Re:Hehe (Score:5, Interesting)
Back in the Win3.1x era, when the typical swapfile was still small enough to peruse with a hex editor, I cruised through my permanent swapfile with LIST, just to see what was being dumped out of RAM. I found data in there that was identifiably over 3 years old. And therein, I also found some passwords archived -- as plaintext.
Not to mention logfiles; I have some that stretch back several years, and I'm sure I'm not alone.
So I don't find this exactly "news" either. Then again, I could turn this into a rant on the "expertise" of the typical tech journalist... (one of my PC maintenance clients is one. Regular exposure has given me a complete lack of respect for the breed.)
Re:Hehe (Score:5, Insightful)
Re:Hehe (Score:3, Interesting)
IOW, tho the security issue exists, it's not exactly something to lose sleep over -- because if someone wants to compromise your security, why not get current data right fro
Re:Hehe (Score:4, Informative)
Because that Asian rape spam that popped up into your preview pane 2 years ago may not be a daily occurence. The FBI loves pulling up ancient JPG fragments from swap in their ongoing efforts to protect children.
Despite what you may have heard, the legality of pornography is of no relevance to prosecutors and judges; the first time the question of age comes up with regard to the subject of any particular photograph is when the jury is looking at poster size blowups of whatever they scraped off your hard drive.
To prevent fascism (or at least thwart it), do the following. Set the not-commonly-known "clear swapfile at shutdown" windows registry key:
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown to 1
Wipe your empty space and slack space regularly with something like eraser [tolvanen.com]. (Interestingly, I don't know of a way to accomplish these things when using Linux as a desktop OS. If anyone knows of a way to clear the swap partition on shutdown or to clear not only free space on the hard drive, but also cluster tips (file slack), please let me know.) When finished using a hard drive, or any time you have cause to format it, boot up to rescue mode from any Linux distro's boot CD and dd if=/dev/zero of=/dev/hda (or whatever device your hard drive happens to be).
I have had access to the tools the bad guys (FBI, et. al.) use to extract evidence from your hard drive, and have seen that these procedures work brilliantly. Of course, I've also seen prosecutors derive character witness testimony from the very fact of using a program like eraser (only bad guys know this much about how to hide computer evidence!), so YMMV.
If you don't happen to live in the United States, treasure your freedom and fight to protect it.
Re:Hehe (Score:5, Interesting)
As a SOHO tech, my job is not just to get the machine working, but also to get it to the state the client expects it to be in -- with all his apps and data intact (whether he has a good backup or not). I've only had to reinstall Windows *once*, and that was due to AOL5 FUBAR'ing both DUN and the entire WinEx/IE setup -- on a system that had gone five years with a PEBKAC owner and ZERO maintenance. I find it is faster and easier to resurrect the system than to hope to find all the body parts (apps, data, passwords, settings, CD keys, etc, etc.) and reinstall them where someone else expects them to be.
Of course, this is why my clients won't let anyone else touch their PCs, either
My own everyday setups date back to 1998 (Win95), 2001 (Win98), 1999 (WinME -- hasn't crashed since Sept.99, and this is a test box!!), 2002 (XP Pro). Plus I have a couple part-time-use Win95 machines that date back to '95 and '96. And my Win16 setup (1994) was finally retired at 7 years old. All are original installs and all work their asses off. -- I hadn't looked in WFWG's swapfile in some time, but it's a safe bet that if I inspect the CD where it's archived, I'll find data in the perserved swapfile that is now over 10 years old.
Re:Hehe (Score:3, Insightful)
Flamebait? Give me a break. Obviously a MS Fanboy.
Don't assume incompetence. Sometimes, portions of the registry just become unrecoverable and unrepairable, through no fault of anyone other than MS. Yes, I'm aware that there's a way to completely back them up and replace them, but sometimes, that's moot when the initial backup is already corrupted. With a good initial hardware/software setup and proper precautions, I too can run a system for years and years, and never have it degrade. (Ran a datacenter for
Re:Hehe (Score:4, Interesting)
But in my experience, whining about *Windows* instability is based more in ignorance, and failing to consider the influence of bad hardware, than in objective reality. Considering all the random shit hardware people use, the ill-mannered software that abounds these days (most no longer bothers to clean up after itself, but rather expects Windows to do it for 'em), and the ignorance of average users, Windows gracefully absorbs a helluva lot of abuse. Yeah, it's possible to mangle the registry, but that's actually pretty rare; I've not seen it happen in years. And yeah, there are security holes and stupid default settings, but that's hardly unique to Windows (see the concurrent
I also have a Mandrake box, and while I generally like it well enough (tho I view BSD as more mature than linux), I do find it a whole lot easier to confuse or crash. Lordy, the lockup I get if I accidentally feed it a bad CDR!! Have to power down to get the CDROM drive back.
Re:Hehe (Score:5, Informative)
Eraser will help (Score:5, Interesting)
I have mine run once a week. I'm more concerned of my hard drive failing having to returning it under warranty and someone else receiving that drive they could then retrieve my data.
Re:Hehe (Score:5, Informative)
Even if you aren't running Windows, other OSes like OS/2 will recreate a fresh pagefile on every boot.
Zero the data (Score:5, Informative)
The project was written in C++. We started out using a custom string class that performed its own memory management (with zeroing the buffer on deallocation), but then promptly ran into problems with the STL. We wound up writing a memory allocator that also cleans up after itself. Those two solutions took care of the vast majority of the data leakage "problem" -- the only thing left was reinitializing stack variables within functions.
The same customer actually requested this first. The problems associated with it were were terrible, especially in a multithreaded application. Plus, performance basically sucked. Wiping the data afterwards seemed to have the same end result, the performance was still good, and the customer was happy.BTW, the memory allocator and string class both made their way into the company's downloadable core library [bti.net] (MIT license).
Re:Zero the data (Score:3, Interesting)
Not to mention when you look at how the data is entered, it passes through RAM as one of its very first stages.
This would literally require a kernel patch.
Re:Zero the data (Score:5, Informative)
You can either lock the RAM page so it doesn't swap, or force the page to write back out to swap after zeroing. The former is far easier (unless you want to do a lot of painful coding) and, if I remember correctly, was what was done with the project I talked about. I don't think the page locking/unlocking made it into the downloadable library, though.
Safe passwords? (Score:5, Funny)
Well, we can always do like in MacGyver (Score:5, Interesting)
The most dangerous thing to security is people. Why go routing around on a hard drive when you can just ask someone what the password is, and they'll probably tell you anyways?
Re:Well, we can always do like in MacGyver (Score:2)
Re:Well, we can always do like in MacGyver (Score:2)
Re:Well, we can always do like in MacGyver (Score:5, Funny)
Ultimate solution (Score:5, Funny)
Untrue (Score:5, Funny)
talk about hacker sophistication...
P2P (Score:5, Insightful)
Sir? (Score:5, Funny)
I'd really like to sell you my old computer since this is a yard sale and all, but I see that you're wearing a mask, carrying a saber, and have a black hat on that says "l33t h4x0r!" I can't help but think that you might somehow be up to some nefarious shenanigans!
Passwords can sit anywhere for years (Score:3, Insightful)
The real question is, if a password's that old, what use SHOULD it still have? Hopefully, people adopt policies where they update passwords every month, or few months, especially if it's dealing with anything financial/uber personal (doctor's records.. etc).
Get real, stop trying to scare us with your security warnings; just educate people to change their passwords.
Re:Passwords can sit anywhere for years (Score:2, Funny)
This seems more in the Hype threads (Score:2, Insightful)
I've got no problems.... (Score:2, Funny)
of course, I've used the same password for years.. (Score:5, Insightful)
Now if I could only remember the combination to my safe.....
Just my 46fctfj6&*23's worth....
-Rick the WizKid
(oooops...)
Re:of course, I've used the same password for year (Score:2)
Re:of course, I've used the same password for year (Score:3, Interesting)
Mac OS X and Pastor (Score:5, Informative)
Mac OS X's built-in "Keychain" services/util isn't streamlined for repeated user use, not to mention it doesn't have several auxiliary/free-form fields (that are also fully encrypted with the password field). After some research and trying a few of the freeware and shareware apps out there, I came across Pastor [versiontracker.com], a freeware, super-lightweight and user-friendly app that basically lets you maintain a catalog of username, pass, and about 6 auxiliary fields, stored in an encrypted file (when you go to open a file, it prompts you for the password and decodes it on the fly). If for some reason you don't dig this particular app, there's a couple others like it as well with increasingly levels of features (I happen to prefer lightweight).
So I went w/ this model and it's had great payoffs--when I need a particular login, I click on an alias to my main password (Pastor) file, enter the file's password to decrypt it, look for what I need (it alphabetizes), and I'm all set--meanwhile, there's absolutely no risk of security--I love it.
Re:Mac OS X and Pastor (Score:2)
Re:Mac OS X and Pastor (Score:3, Interesting)
Keychain expects/assumes that all the stuff you store in there is conventional logins at certain URLs, etc. A lot of the entries I store don't fit that mold: my local router login/pass, my credit card pins, and some server logins that have unconventional fields. Most importantly, I want all those fields
Re:Mac OS X and Pastor (Score:3, Informative)
i have a mail certificate (free from thawte - neat) and have installed gpg so have a number of high grade gpg keys which i use to correspond with my ol' dad back home about bank statements etc.
you say that the keych
Re:Mac OS X and Pastor (Score:2)
Re:Mac OS X and Pastor (Score:3, Insightful)
There is still a security risk. What if someone gets you Pasotr password. Then they can have them all.
You must be new here. You can *always* use that argument. Someone can *always* install a key recorder or watch you type in your password. Security is about raising barriers, not about thinking/searching for somthing that will solve the impossible.
Re:Mac OS X and Pastor (Score:3, Interesting)
Re:Mac OS X and Pastor (Score:3, Insightful)
all you can do is be careful (Score:3, Insightful)
pretty redundant stuff, but good advice that most people are too lazy to follow.
Just zero the pagefile (Score:4, Interesting)
Self-Expiring Password Hardware (Score:5, Funny)
Hard disks? This article is about RAM. (Score:3, Interesting)
Most Windows systems use the default setting for virtual memory, which is "windows managed" -- which means it's overwritten each time the system is rebooted. What's the big deal?
Has anyone here actually hex edited a swap file before? How is the data actually stored? For the reasons mentioned in the article, I imagine it would at least... not store data transmitted via SSL in plain text (why the heck would form data stick around in RAM anyway?)
Sounds like a neat project for after work today.
Re:Hard disks? This article is about RAM. (Score:2)
Windows could just be set to not use a swap file at all. I'm not sure how far that would go towards solving the problem. Perhaps Garfinkel's USENIX paper will explain.
Whew (Score:4, Funny)
Repairs (Score:5, Informative)
One thing that worries me is sending machines away to get repaired.
I have a Sony Vaio laptop which I had to send to be repaired. I phoned the support number to tell them I was going to take the hard disc out before sending it. They said that if I did I would be charged for a new hard disc (at a hugely inflated price) and they wouldn't repair it without one.
I once sent a PC for repair and the teenage dork who repaired it actually said I had some great games on my machine and that he had played them. In another case in the UK, some padeophile was caught (was it Garry Glitter?) when he sent his PC in for repair. Now, I'm all for catching kiddie fiddlers, but that is not the way to do it.
I don't want the repair staff looking through the stuff on my hard disc. There should be a standard industry guarantee that this won't happen, or a privacy law about it or something.
Re:Repairs (Score:4, Interesting)
Re:Repairs (Score:4, Interesting)
Re:Repairs (Score:3, Insightful)
Even tho in the course of sorting out a mess, I may need to use your passwords and look through your files, the *content* goes in one eyeball and out the other. I just don't CARE what's on your hard disk. Your personal life isn't that interesting. I have a million files and passwords and accounts of my own; I don't need to be
Re:Repairs (Score:3, Interesting)
I have the same concerns, but there are simple solutions...
#1. Backup all your data, and re-format your hard drive.
or
#2. Leave the original hard drive alone, remove it, and insert your own. Then when you need to send it in, remove your drive, and reinsert the original.
I do this myself because notebook manufacturers charge hundreds of dollars extra when you choose the same notebook with a larger hard drive. Screw them, I'll buy the c
Re:Repairs (Score:3, Interesting)
I tell you, getting a guarantee from the service company that they wouldn't do a 'system restore' or anything else destructive to the hard disk was a nightmare.
"We recommend you perform a backup before sending the computer in."
That's really useful, but the s
Encrypt your disk (Score:5, Informative)
then I read the article, and all my worries went away.
I encrypt my swap partition, and that fixes the problem.
It's not hard, and since it's swap (i.e., data
you don't need for very long), you don't even need
to remember a password (your computer uses a random
one every time is sets up the swap). Really, it's
pretty easy -- see the HOWTO at http://www.tldp.org/HOWTO/Disk-Encryption-HOWTO/
Too much effort (Score:2)
We all know that 70% of people will give you their passwords for chocolate [tinyurl.com].
And I'm fairly sure that the other 30% will give it to you for sex. And then probably change it, but, you can take that chance.
Stupid (Score:2, Insightful)
I'm assuming that a windows machine keeps a copy of every username and a passord hash (NTLM?) used to log in to any domain locally somewhere on the harddrive.
That is scary news really especially in hotdesk/shared desktop environments.
Isn't there something along the lines of "Client side security is no security at all" in Mi
Growing by the day? (Score:2)
Which is directly proportional to the growth of access and availability to PCs worldwide, and the danger is not growing, stolen passwords are stolen passwords, today or 5 years ago. And the "hacks" they speak of have been around
How about encrypted databases? (Score:2, Interesting)
The only potential downsides to this threat are two-fold. One, a hacker could install a keylogger on my machine. I find that unlikely as I keep my anti-virus software up to date and I don't receive any spam or virus emails since they are all filtered. It is possible that one could install via a worm, but unlikely that it
Re: (Score:2)
Just plain wrong (Score:2)
Re:Just plain wrong (Score:2, Informative)
Find them using Kazaa (Score:5, Interesting)
disk cache (Score:2)
Practice safe-sex security measures on your box and you'll not need to worry about swap files, browser caches, and even that set of nude photos you and your wife took of each other last evening after a bottle of champagne ;-)
Pointing out the things someone can get on your machine once they've ha
Encrypting keystrokes before RAM? (Score:2)
From the article:
Perhaps the ultimate solution would be to encrypt data as it is entered, before it is saved into RAM, and arrange for programs that use it to decrypt it first.
Huh? Does this make any sense to anybody? After all, once you've decrypted the text, you probably have it in RAM anyways, so you still have to deal with it in the same way.
You don't always need to sign up... (Score:2)
OpenBSD (Score:5, Interesting)
Of course, if you have so much RAM that you never swap, this is less of an issue.
Re:OpenBSD (Score:3, Informative)
vm.swapencrypt.enable is set to 0 (zero) by default, take a look at your
I can't quite see the point (Score:3, Insightful)
I suppose there's an argument about someone getting the passwords off old machines that have been thrown out. But even then, surely any respectable business will use some software to scrub out all the last traces of sensitive data on any hard drives they're dumping.
An encrypted hard drive wouldn't protect against a key logger. It would protect sensitive data against physical theft, I suppose. But I wouldn't call that "hacking".
Learn How To Use Encryption (Score:2)
Panther, Mac OS 10.3, has a nifty tool that encrypts your user directory on a hard drive every time you log out; then it decrypts it when you login. Although I am not paranoid, I will use it in case my laptop has to go for repairs because I simply do not trust technicians.
Cleaning hard disks of passwords etc (Score:3, Informative)
2) To delete things properly, turn off paging and disk caching, reboot, then run something like Mutilate to fill all the unused disk space with rubbish. Remember to turn paging and caching back on afterwards or performance will be slooooow.
3) If you're disposing of a PC and you want to sell it with the HDD, it's usually easiest to reformat the HDD in another PC (as a slave) then run a file wiper as above.
4) Running a good file wiper once is perfectly adequate. Physical data recovery techniques using misaligned drive heads to pick up "ghost" images may or may not exist (hence the occasional recommendation to wipe 9 times) but the cost of doing so is so high that it would have to be a matter of national security. Commercial data recovery/forensic services do NOT use physical recovery techniques, they just go for deleted files and slack space.
Re:Cleaning hard disks of passwords etc (Score:3, Informative)
Autoclave [washington.edu] is the one I used. It is quite nice, fits on a bootable floppy. I felt better sending my drive in for warranty replacement after using this program.
Also see:
UBCSwipe [bris.ac.uk]
Darik's Boot and Nuke [sourceforge.net]
Jim
Re:Cleaning hard disks of passwords etc (Score:4, Informative)
And unless you have massive ammounts of RAM, your system will refuse to do anything...
I turned off the swaping on a Windows 2000 system that had 256MB of RAM, and rebooted, only to find that I couldn't do anything at all. The system started-up, but no programs could be opened. I could even get to the command-prompt, or the control panel to turn the page-file back on. Result, one completely destroyed and unsavable Windows system.
Don't recomend doing things that you've never done yourself and/or don't know enough of the details about how it works...
Protective measures (Score:5, Interesting)
1. Make sure you have a firewall configured to allow incoming connections from only ports you need open. You might be able to do just fine with no incoming connections allowed at all.
2. Have an updated virus checker.. Norton or Mcafee. By updated, I mean having it auto-update for you. Have it check every file accessed on media accessed by the computer, and email. At the very least, all the incoming media and email should be scanned on the fly, but outgoing is a good idea too.
3. Use Spybot or Ad Aware at least once a month to scan for spyware. Also keep these updated. I forget if they auto-update, but just be sure it checks for updates before you run them.
4. Only use credit cards that keep you free of liability for any fraud.
5. Buy a separate unnetworked little organizer with a keyboard to store hints to remember your passwords. Don't store the actual password.
6. Cancel credit cards you don't use.
7. Photocopy the backs and fronts of all the credit/debit cards you use and whatever else you keep in your wallet. Write in the customer service phone numbers if they're not clear.
8. Have Windows auto-update and auto-install all critical patches, or keep your Linux distro updated.
9. Don't open email attachments that you have no reason to trust, and certainly not until you have antivirus software checking incoming emails.
Re:Protective measures (Score:5, Informative)
Despite the FUD TV ads the credit-card companies want you to believe, THERE ARE NO OTHER KINDS OF CREDIT CARDS IN THE USA. It is federal law that you cannot be held liable for unauthorized charges on your credit card. Actually, I believe you may be required to pay up to $50, but that is really a trivial ammount.
So, don't believe the hype.
Passwords can sit on hard disks for years (Score:3, Funny)
Passwords don't sit on disks (Score:3, Funny)
But which is more likely... (Score:3, Insightful)
Bottom line, patch your software, get a firewall, be carfeul about opening email, don't use IE or Outlook, and do virus/spyware scans regularly. You'll be safe from all but the most determined hackers, and they don't care about your password.
Rubbish! (Score:5, Informative)
Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive.
That's a flat out lie.
$ man mlock
MLOCK(2) Linux Programmer's Manual MLOCK(2)
NAME
mlock - disable paging for some parts of memory
SYNOPSIS
#include
int mlock(const void *addr, size_t len);
DESCRIPTION
mlock disables paging for the memory in the range starting at addr with length len bytes.
OpenSSH uses paging protection. It also zeroes out the password in memory. Immediately upon hashing it. I've seen the code.
Authors are at Stanford? Paper at USENIX? Can't believe this shit.
Re:Rubbish! (Score:4, Insightful)
That's a flat out lie.
$ man mlock
MLOCK(2) Linux Programmer's Manual MLOCK(2)
NAME
mlock - disable paging for some parts of memory
Indeed, and under Windows (quoted from msdn.microsoft.com):
The VirtualLock function enables a process to lock one or more pages of committed memory into physical memory (RAM), preventing the system from swapping the pages out to the paging file.
Re:Rubbish! (Score:5, Informative)
And if I remember correctly, you need root access to use mlock(). Now then, how do you feel about running Mozilla/Firefox as root? Mozilla and any other applications you might possibly type a password into... GPG has the same issue: http://www.gnupg.org/documentation/faqs.html#q6.1 [gnupg.org]
Meanwhile, for quite some time, OpenBSD has had the "swapencrypt" sysctl option, which causes everything swapped to disk to be encrypted with a random key that is stored only temporarily in RAM, never on disk... thereby taking away any possibility of getting usable data out of the swap partition.
For more info: click here. [216.239.53.104]
OpenBSD encrypted swap (Score:3, Informative)
Too bad more systems don't embrace the idea.
My Security Tips (Score:3, Funny)
mlock (Score:3, Informative)
USENIX (Score:3, Interesting)
This is the media version of an academic paper for USENIX Security '04. It glosses over a lot of details.
Examples:
- mlock(). Available to root only under Linux, so useless outside of setuid programs - and we all have so many of those we trust, right?
- VirtualLock()/VirtualUnlock(). Win32 versions of mlock(). Not implemented in the 9x series, advisory in a few other Windowses (I can't find the docs on where, but it's in the original paper).
- zeroing memory. Oops, your optimizing compiler just optimized away that memset() call as dead code. This was a known flaw in some crypto libraries a few years ago.
The system described is a whole-system simulator, it traces bytes of input from the moment they pass the keyboard through the kernel, into the user-mode applications that use the bytes (e.g. kernel to X server to Mozilla), and how long those bytes hang around in the physical RAM of the machine.
This does not necessarily describe a highly practical attack, but more a quantification of how vunerable systems are to such an attack. In fact, the original paper is about data lifetime information.
- Did you know the most recent 4K keystrokes (passwords included) are stored in the kernel's tty buffer?
- Did you know several dozen of your keystrokes are stored in the Linux kernel's entropy buffer (for random number generation)? They aren't actually consumed for as long as several hours.
Encrypt the swap (Score:3, Informative)
For everything else, there is KWallet.
Why not just wipe swap every so often? (Score:2, Redundant)
Re:Encrypt Swap? (Score:3, Interesting)
If it has to be decrypted by the OS when it gets swapped in, it can be decrypted to fish for passwords. Of course, if it doesn't have to be decrypted on swap-in, an obvious optimization is to just throw it away and replace it with a block of zeroes on-demand.
Rumor has it that XP SP3 includes this optimization.
Re:in an effort to stop this.... (Score:3, Funny)
Re:Hackers? (Score:2, Funny)
Dude, they dont just rollerblade around with laptops going to phone booths anymore...
They have moved up to segways and wireless!
Sophisti-mication
Re:Hackers? (Score:3, Funny)
FAR more sophisticated in my estimation -- haven't you read where they even order their pizza [beigerecords.com] and have it sent right to their parents' basement without ever having left the comfort of the '#'?
Next they'll be relieving themselves by HTTP POST transaction...
Even the fathers [hackernetwork.com] never saw these days...
Re:old hat (Score:3)
Provos wrote this in 2001: Encrypting Virtual Memory [umich.edu]
The new scientist sort of misrepresented the findings of the paper. The fact that passwords and other sensitive information gets retained on swap for a long time. The paper was looking at memory tainting, i.e. if an application handles a password where does it end up in memory. The results were slightly surprising. Nontheless, most people would be even more surprised to see how much sensitive info