Re: memory pages nulling when releasing

--- Nick Borisov <neiro21@gmail.com> wrote:
> [...] Allowing an intrunder to deal with your
> system even one extra minute may lead to tremendous losses depending
> [...]
>
:-) OK.. Let's see, if I understood this right:
1 minute <-could be-> 1 tremendous loss
50 minutes <-could be-> 50 tremendous losses

But what if a system just contains 5 tremendous chunks of secrets? Then it
would not matter if we catch the attacker after 50 minutes or after 51
minutes... Even if we had a preparation time (before the loss starts) of 10
minutes (e. g. to install an evil kernel)...

According to my experience attackers are not caught so quickly (and how should
one do it? if the software is bad, than every connection could be evil; and of
course even unusal connections (e. g. IP was never seen before or very high
traffic to a single IP) could be good). I know personally of a case where
somebody (mis(?))configured a NFS service (maybe it was a honey-pot, or so?),
so that everyone had read/write access as _root_. It was possible to transfer
about 20MB of data over about one hour from a single IP, that was never seen
there before... The carrier of the system was a research centre (that works for
several departments of the federal GERM government) with its own specially
trained network/security administrators and a little nuclear power plant...

-Arne

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"