[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Google Talk cleartext credentials in process memory

To: Nasko Oskov <nasko@xxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Google Talk cleartext credentials in process memory
From: Jaroslaw Sajko <sloik@xxxxxxxxxxxx>
Date: Tue, 29 Nov 2005 19:49:03 +0100

Nasko Oskov wrote:

> If you want to protect the credentials in memory from dumps that go to
> Microsoft, why not use CryptProtectMemory() instead of home-grown
> obfuscation? This function encrypts the memory with a key that changes
> over reboots, so even if you send a dump to MS, they wouldn't know how
> to decrypt it.

Yes, it is possible.

regards,
js
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Google Talk cleartext credentials in process memory
  - From: pagvac
- Re: [Full-disclosure] Google Talk cleartext credentials in process memory
  - From: Jaroslaw Sajko
- Re: [Full-disclosure] Google Talk cleartext credentials in process memory
  - From: Jaroslaw Sajko
- Re: [Full-disclosure] Google Talk cleartext credentials in process memory
  - From: Nasko Oskov

Prev by Date: Re: [Full-disclosure] Google Talk cleartext credentials in process memory
Next by Date: Re: [Fwd: [OTO-54919]: Re: [Full-disclosure] Paypal phishing attempt]
Previous by thread: Re: [Full-disclosure] Google Talk cleartext credentials in process memory
Next by thread: Re: [Full-disclosure] Google Talk cleartext credentials in process memory
Index(es):
- Date
- Thread