SecurPC

New Message Reply About this list Date view Thread view Subject view Author view

John Wang (wang@rsa.com)
Thu, 14 May 1998 15:46:47 -0700


        A contributor to this list, Mike Stay <staym@accessdata.com>, has
recently brought to our attention a previously undiscovered deficiency in
SecurPC: under certain circumstances the Windows 95 virtual memory mechanism
may place a copy of the password on the hard drive. (SecurPC itself does not
write the password to the hard drive. The fact that memory is swapped to the
hard drive presents a security challenge for any software operating within
Windows 95.)

        Our own investigation shows that the offset of the swapped password
is not the same from machine to machine and that the swapped password does
not always appear on the disk. The password is also more difficult to find
when you don't know the password in advance. Nonetheless, we acknowledge
that this is an unacceptable breach of system security.

        We are currently developing a fix. A description of the solution and
a free security upgrade implementing it will be made available as soon as
possible.

        RSA is committed to supplying quality encryption products. The
high-quality technical content of the postings on this list has made those
postings welcome input. Thanks to all who have contributed.

        Regards,
        -John

        John Wang
        Manager, Security Applications
        RSA Data Security, Inc.

        P.S. I will be away from e-mail for the next couple of weeks. Others
from RSA and Security Dynamics will continue to monitor postings in my
absence.


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:23 ADT