[Previous] [Next] [Index]
[Thread]
Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3
Correct me if I'm wrong but as long as the OS protects against object
re-use, what we have here is a physical security problem. Once we enter
that realm, all kinds of security issues come into play, spoofing, black
bag, etc.
2
-- C --
At 01:02 PM 12/20/95 -0800, David W. Morris wrote:
>
>
>On Wed, 20 Dec 1995, Adam Shostack wrote:
>
>> Most modern OS's have some form of swapping or virtual memory.
>> Its not a good idea to assume that the contents of a multi megabyte
>> ram cache won't get to disk.
>
>Yup. One of many reasons I think the bank's security thinking is flawed.
>But on the otherhand, one can assume that such swap/page space will be
>more difficult to examine, won't be re-used by the browser later to
>present the page (outside of the normal virual ram access), and will
>be overwritten 'soon' by other data most of the time.
>
>In the end however, to practice safe computing one must be careful where
>and how one computes. In terms of what I meant to be my primary point
>(differentiation of two motivations for caching in the UA and offering
>handling rules to minimize exposure), we don't need a long discussion about
>all the ways ones compute experience can be compromised.
>
>Dave Morris
>
>
... __o
.. -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com ...(*)/(*). CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint = 7E BF 38 3F 24 A7 D1 B0 54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.
PGP-encrypted e-mail welcome!