bio | website | en.wikipedia.org/wiki/… |
---|---|---|
location | United Kingdom | |
age | 24 | |
visits | member for | 3 months |
seen | Dec 27 '11 at 12:30 | |
stats | profile views | 10 |
Strengths: C#, .NET, PHP, Cryptography, x86 assembly
Weaknesses: Getting nerd-sniped by interesting problems. Must... do... work!
Dec 23 |
answered | How bad is a Self Contained XSS attack? |
Dec 22 |
awarded | Citizen Patrol |
Nov 18 |
comment |
OS with encrypted RAM? @127 - Nope. Wrong country, for a start ;) |
Nov 14 |
accepted | OS with encrypted RAM? |
Nov 3 |
awarded | Autobiographer |
Oct 21 |
awarded | Commentator |
Oct 21 |
comment |
OS with encrypted RAM? @Gilles - True, but it'd make offline memory analysis (i.e. memory freezing) very difficult. |
Oct 21 |
comment |
OS with encrypted RAM? That's what I originally thought. It'd be interesting to see something along the lines of a HSM that stored the keys securely, allowing for hardware level security at the memory bus level. That way you'd get the extra security with the benefit of being able to support DMA, as long as you can consider the bus and peripheral devices as safe. |
Oct 21 |
comment |
OS with encrypted RAM? I was not really referencing the swap file, but rather the physical memory itself. See the comments on my question. I know about the temporary non-volatility of RAM after power-off, which is partly the reason I'm interested in the idea of encrypted physical memory. |
Oct 20 |
comment |
OS with encrypted RAM? I'm talking about virtual memory in the x86 architecture sense, i.e. memory that may be in physical or swap memory, mapped into virtual memory space. |
Oct 20 |
awarded | Teacher |
Oct 20 |
comment |
Local File Download vulnerability - What files can be downloaded to potentially compromise a windows system? Config files for any service applications would be useful too. For example, if it's running MySQL, you can grab my.ini to find the directory that contains the table data, then grab user.frm , user.MYD and user.MYI from the mysql table data directory. You can then use them to get the password hashes. Obviously this is just one example, the possibilities are endless in the case of software services. |
Oct 20 |
answered | Downloading suspect files into quarantine? |
Oct 20 |
asked | OS with encrypted RAM? |
Oct 13 |
comment |
How do some sites (e.g. online banks) only ask for specific characters from a password without storing it as plaintext? They've actually moved away from this "online pin" idea now, and are using special card readers that produce a hash of certain information on the card and encrypt it using asymmetric cryptography. You still provide your account login details, but the card expands authentication to "something that you know and something that you have". I'm pretty sure they still do the "enter three characters of your secret code" thing, too. |
Oct 13 |
awarded | Supporter |
Oct 13 |
awarded | Scholar |
Oct 13 |
accepted | Spoofed IPv4 and IPv6 addresses over the internet |
Oct 13 |
comment |
Spoofed IPv4 and IPv6 addresses over the internet Yeah, the image was pretty much displaying that scenaro. Thanks for the clarification. |
Oct 12 |
comment |
Spoofed IPv4 and IPv6 addresses over the internet Again, I think you've misunderstood. Let's say the router's IP is 33.33.33.33, here's what I mean: i53.tinypic.com/rrpmo0.png |