Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Re: Xfree86 video buffering?

from [Riad S. Wahby] Network Security [Permanent Link]
Subject: [Full-Disclosure] Re: Xfree86 video buffering?
Date: Fri, 25 Feb 2005 11:40:18 -0600 
Stan Bubrouski <stan.bubrouski@gmail.com> wrote:

With this solution someone could intentionally crash your machine to
avoid those routines from running.  I'm not trying to put you down or
anything, in fact I probably know less about video related stuff than
most on the list, this just doesn't seem like the best way to do it.
I have no better suggestions, I'll leave this one to the experts.


You've found a valid case where clear-on-shutdown breaks, but your
solution doesn't solve the problem, it exacerbates it!

Let's consider the threat here.

- I'm looking at something sensitive on my screen.
- I shut down my computer.
...some time passes...
- Mallory boots my computer and reads out the buffers from my video
  card, thereby obtaining the sensitive information.

By your proposal, we _intentionally_ leave the data on the video card
until Mallory already has access to the machine, trusting that he'll
be stupid enough to load our clear-on-startup video card drivers before
dumping out the framebuffer.

The alternative, to clear-on-shutdown, is obviously better under
normal circumstances, since sensitive data are never left in the
framebuffer. In an exceptional case such as the computer crashing and
failing to clear the framebuffer, it's true that the data remain on the
card. Note, however, that we're in the same situation post-crash that
we'd _always_ be in under your proposed system.

It's obvious that clear-on-startup is strictly worse than clear-on-
shutdown; implementing the latter will prevent a casual observer from
seeing anything sensitive on the screen at startup, but it doesn't
actually grant you any more security, since the data are still
physically on the card.  Implementing both gives you a slight edge
against a passive attacker in a small range of exceptional cases, so it
might be the right way to do things.

Has anyone ever noticed this behavior with Windows, say, after a crash?
I'm not saying I have (haven't actually run a Windows machine regularly
in years, so I probably wouldn't remember anyway), I'm just curious.

-- 
Riad S. Wahby
rsw@jfet.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] phpWebSite-0.10.0_exploit, Colin . Scott
Next by Date:  [Full-Disclosure] RE: Firescrolling [Firefox 1.0], Eric McCarty
Previous by Thread:  Re: [Full-Disclosure] Xfree86 video buffering?, Stan Bubrouski
Next by Thread:  [Full-Disclosure] Re: Xfree86 video buffering?, Stan Bubrouski
Indexes:  [Date] [Thread] [Top] [All Lists]