Rašyti komentarą...
Nuoroda nukopijuota
× Pranešti klaidą
Šaltos atakos ji nedarė, bet esmės tai nekeičia. Paskaitykit ta PDF.
Upon examination, the memory of a popular Linux distribution contained many cleartext passwords, including login, SSH, Truecrypt, email, IM and root passwords. These passwords are retained by running applications and stored as plain text in memory for extended periods of time. The author investigated the source of these passwords and presents a proof-of-concept
method for recovering passwords from memory. Recently, cold boot researchers demonstrated that memory is not as volatile as commonly expected, and that data from memory can be recovered with physical access to systems in a very short period of time. This has opened up
a new class of attacks in physical IT security, and significantly raised the risk associated with cleartext passwords in memory.
Upon examination, the memory of a popular Linux distribution contained many cleartext passwords, including login, SSH, Truecrypt, email, IM and root passwords. These passwords are retained by running applications and stored as plain text in memory for extended periods of time. The author investigated the source of these passwords and presents a proof-of-concept
method for recovering passwords from memory. Recently, cold boot researchers demonstrated that memory is not as volatile as commonly expected, and that data from memory can be recovered with physical access to systems in a very short period of time. This has opened up
a new class of attacks in physical IT security, and significantly raised the risk associated with cleartext passwords in memory.
Puikus žuranlistų bukumo įrodymas :)
Originalas:
paper includes details regarding each password’s location in memory and surrounding context.
My hope is that detailed information about cleartext passwords will be useful to forensic examiners and the Linux development community. For folks who would like to examine the data for themselves, below are a some snippets of process memory that I collected from my Ubuntu test system.
Isversiu:
mergina dare eksperimentus, kurioje atminties vietoje sedi tie slaptazodziai ir kaip juos lengviau rasti. Naudojo jai gerai prieinama OS - Ubuntu.
Ji tikisi, kad atsiras norinciu padaryti Linuksa dar saugesni ir turetu pasinaudoti siais rezultatais.
Na, dar siek tiek teksto, skaitykit patys.
So kartojasi delfistu 'technologijos', kai verciamas bet kas ir bet kaip, taip iskraipant esme.
Gerai, kad bent saltinis nurodytas, kur galima paskaityti tikra teksta.
paper includes details regarding each password’s location in memory and surrounding context.
My hope is that detailed information about cleartext passwords will be useful to forensic examiners and the Linux development community. For folks who would like to examine the data for themselves, below are a some snippets of process memory that I collected from my Ubuntu test system.
Isversiu:
mergina dare eksperimentus, kurioje atminties vietoje sedi tie slaptazodziai ir kaip juos lengviau rasti. Naudojo jai gerai prieinama OS - Ubuntu.
Ji tikisi, kad atsiras norinciu padaryti Linuksa dar saugesni ir turetu pasinaudoti siais rezultatais.
Na, dar siek tiek teksto, skaitykit patys.
So kartojasi delfistu 'technologijos', kai verciamas bet kas ir bet kaip, taip iskraipant esme.
Gerai, kad bent saltinis nurodytas, kur galima paskaityti tikra teksta.
Paradoksas. Title "neatlaiko". Tekste "programos yra atsparios". Paskui "protokolai buvo pažeidžiamos".
Ir šiaip čia Microsoft propoganda.
Ir šiaip čia Microsoft propoganda.
Ši problema galioja apskritai visoms OS ir yra fundamentali, kodėl čia minima Ubuntu ir pateikiama, kaip šios OS problemą?
o kas raso duomenis i RAM-a?
Ši problema nuo OS nepriklauso. Juokinga..
REKLAMA
REKLAMA
„Ubuntu“ neatlaiko „šalto perkrovimo“ atakų