Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Google Talk cleartext credentials in process memory

From: Georgi Guninski <guninski () guninski com>
Date: Tue, 29 Nov 2005 21:41:46 +0200
On Tue, Nov 29, 2005 at 01:11:47PM -0500, Nasko Oskov wrote:

 
If you want to protect the credentials in memory from dumps that go to
Microsoft, why not use CryptProtectMemory() instead of home-grown
obfuscation? This function encrypts the memory with a key that changes
over reboots, so even if you send a dump to MS, they wouldn't know how
to decrypt it.



old people remember the "nsakey micro$oft" fiasco.

-------------
http://en.wikipedia.org/wiki/NSAKEY
_NSAKEY is a variable name discovered in Windows NT 4 Service Pack 5 (which
had been released unstripped of its symbolic debugging data) in August 1999
by Andrew D. Fernandes of Cryptonym Corporation. That variable contained a
1024-bit public key.
....
The key is still present in all version of Windows, though it has been
renamed "_KEY2."
-------------

-- 
where do you want bill gates to go today?
 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: