so, let's assume I find a vulnerable server, and hit it hard for a week or so; I end up with several GB of memory chunks taken at random from the server. What now?
If I'm looking for something very specific, I might find it... if I know how it's stored in memory, which very often has nothing to do with the way it's stored elsewhere. For example if I want to find a private RSA key, I need to look for the data structure used by OpenSSL or httpd or whatever, which is not ASN.1 format.
As for passwords... assuming there are passwords in those memory chunks, how can I know where they are? even if some piece of software is really lousy at handling passwords and keeps them around as cleartext for a long time, how can I know that a small string found in those memory chunks is a password? And even then... whose password is it? and to get access to what?
The more I think about it, the more I think changing all our passwords is really not that useful. Credit card numbers, however... that's a more scary possibility. Searching for strings of 15 or 16 digits is not that hard.
yeah I'm a lefty. That's an Ibanez Gio, not much really but not bad, with 2 humbuckers. Though it's mostly decorative now... I'm really into bass (a good bass is harder to find than a guitar when you're lefty) and the Chapman Stick (where handedness is not really an issue, it's more like a piano).
Perhaps something exactly like #Heartbleed is harder or impossible to code in other languages, but it's just plain delusional to think security will improve just by dumping C.
As a counterexample I give you my favorite pet peeve:PHP. Basically a DSL to write SQL injection processors.
Damn I think all those Gibson and Stephenson novels have warped my fragile little mind...
- Software Developer, present
Geddy Lee Dives Into Rush's Video Timeline Pictures | Rolling Stone
Hear Geddy's thoughts on ' 2112,' the Hall of Fame jam and bad haircuts
Alterna Jazz presenta: Alonso Arreola + Trey Gunn + Michael Manring
La primera temporada del ciclo Alterna Jazz cierra con broche de oro: tres músicos con mucho talento y trayectorias difíciles de superar. Ca
Usuarios acusan encierro en Cinemex durante sismo; empresa revisa el caso
Asistentes a Cinemex señalan que en pleno sismo el personal no les permitió abandonar las salas hasta que entregaran los lentes 3D
Scala sets sights on top-tier status among the Java faithful
To hear Typesafe folks tell it, the Scala programming language and associated middleware is about to join the ranks of first-tier developme
The Surprising Truth: Technology Is Aging in Reverse | Wired Opinion | W...
We may be trained to think that the new is about to overcome the old, but that’s just an optical illusion. Because the failure rate of the n
Hooray, an optical illusion of a building filled with giant spiders
For hilarious and sadistic kicks, German designer Friedrich van Schoor created this projection mapping installation of an entire building st