Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] Google Talk cleartext credentials in process memory
From: Georgi Guninski (guninskiguninski.com)
Date: Tue Nov 29 2005 - 13:41:46 CST
On Tue, Nov 29, 2005 at 01:11:47PM -0500, Nasko Oskov wrote:
> If you want to protect the credentials in memory from dumps that go to
> Microsoft, why not use CryptProtectMemory() instead of home-grown
> obfuscation? This function encrypts the memory with a key that changes
> over reboots, so even if you send a dump to MS, they wouldn't know how
> to decrypt it.
old people remember the "nsakey micro$oft" fiasco.
_NSAKEY is a variable name discovered in Windows NT 4 Service Pack 5 (which
had been released unstripped of its symbolic debugging data) in August 1999
by Andrew D. Fernandes of Cryptonym Corporation. That variable contained a
1024-bit public key.
The key is still present in all version of Windows, though it has been
where do you want bill gates to go today?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/