Full Disclosure mailing list archives
[Full-Disclosure] Re: ¿Bruce Schneir no intelligente?
From: "Jeremiah Cornelius" <jeremiah () nur net>
Date: Tue, 5 Aug 2003 11:35:48 -0700
Hey, lorenzofaggot () hushmail com . So sorry you missed out on the "Golden Age of Trolling". http://www.everything2.com/index.pl?node=Trolling That's O.K. You got enough to deal with, having five hyphenations in your name, with no "de". Jeremias deCornelio ----- Original Message ----- From: "Lorenzo Figueroa-Acuna-Gonzales-Garcia-Ortiz-Trujillo" <lorenzofaggot () hushmail com> To: <full-disclosure () lists netsys com> Sent: Tuesday, August 05, 2003 9:13 AM Subject: [Full-disclosure] ¿Bruce Schneir no intelligente?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ¡Bueno! I reading these informacions, I no think Bruce Schneir smart. This error made by kids. ¿Matt Murphy right? - ------------- Program description: - --- Password Safe is a tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Originally created by Bruce Schneier's Counterpane Labs, Password Safe is now opening it's source, and development and maintenance has been handed off to Jim Russell. Currently, the PasswordSafe Open Source project is being administered by Rony Shapiro. - --- Versions affected: 1.92b (latest) - tested both with win2k and XP. Description: about two years ago I was reporting here http://www.securityfocus.com/archive/1/213931 about some rare circumstances in which Password Safe will leave cleartext in memory even when used in the most safest configuration. However, with the current version the situation is even worse - the option "Clear the clipboard when minimized" is not helping at all - you can still recover the last password used from the memory. How to reproduce: run password safe as usual, be sure to have the options "Clear the clipboard when minimized", "Lock password database on minimize" selected. Copy a password into clipboard (right click -> copy password to clipboard) and minimize Password Safe. Now the password should be erased, but it's not ! You can find the password very easy - for example run winhex (the attacker can have winhex on a floppy, it doesn't have to be installed), open the virtual memory associated to the process Pwsafe, look into it (or dump to a file and then use strings on that file). The password is there; one thing worth mentioning - without the first character. But this is not a problem, even if the first character is hard to guess (random password) most systems can be brute-forced without any problem even with "bare hands". Solution: not much to say ... just don't trust Password Safe when minimized ... use the win2k/xp lock feature, keep your computer in a safe, things like that. That's all, have a nice day, Valentin (Vali) Butanescu -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj8v17IACgkQaXuo1rXWHGd1ewCcCMv2VEPWqcBXUrv0YiqGtHTUJNoA njJ6dABQSAPZ7adKWGLtjVOKuOBQ =5qmB -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ¿Bruce Schneir no intelligente? Lorenzo Figueroa-Acuna-Gonzales-Garcia-Ortiz-Trujillo (Aug 05)
- [Full-Disclosure] RE: ¿Bruce Schneir no intelligente? Jason Coombs (Aug 05)
- Call for discussion Jason Coombs (Aug 05)
- Re: Call for discussion Szilveszter Adam (Aug 06)
- Call for discussion Jason Coombs (Aug 05)
- [Full-Disclosure] Re: ¿Bruce Schneir no intelligente? Jeremiah Cornelius (Aug 06)
- [Full-Disclosure] RE: ¿Bruce Schneir no intelligente? Jason Coombs (Aug 05)