tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel tty buffers and "cold-boot attacks"



perry%piermont.com@localhost said:
> There was a good paper at Usenix Security a few years ago about a tool
> called "taint bochs"

Thanks -- interesting... I just don't have time for such
research atm.
With the tty buffer cleaning and a minor fix to openpam
I'm at a point where I don't find traces of plaintext passwords
by "dd if=/dev/mem of=dump; strings dump|grep ..." anymore.
This depends on page reuse patterns of course and pageidlezero,
but at least one can check individual programs and subsystems
now without being obstructed by a poor SNR.

best regards
Matthias




-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich

Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------


Home | Main Index | Thread Index | Old Index