funsec mailing list archives
Re: ram scraper
From: "Young, Keith" <Keith.Young () montgomerycountymd gov>
Date: Thu, 10 Dec 2009 13:41:58 -0500
what is the types of processes to protect from RAM pilfering? I have to admit I never thought this one. http://www.theregister.co.uk/2009/12/09/ram_scraper_credit_card_theft/
Considering "...The RAM scraper dumped the contents of the server’s live memory into a file named dumper.dll in the Windows system subdirectories..." it (the scraper) must have had at least local admin access, if not system access, in order to write a file there (unless security was thoroughly hosed on the system in the first place). Wouldn't simply zeroing out the buffer that held the data mitigate something like this? Is that too easy? I know security-savvy programmers are rare but it seems like an easy win.
The solutions are already there. Hmm... if it is a POS terminal, why wouldn't it: 1) be locked down to only allow running of the POS application, and 2) have "file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files;" [11.5] --Keith Keith Young, Security Official Department of Technology Services Montgomery County, Maryland phone - (240) 777-2955 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- ram scraper RandallM (Dec 10)
- Re: ram scraper Valdis . Kletnieks (Dec 10)
- Re: ram scraper Larry Seltzer (Dec 10)
- Re: ram scraper RandallM (Dec 10)
- Re: ram scraper The Security Community (Dec 10)
- Re: ram scraper Michael Collins (Dec 10)
- Re: ram scraper Larry Seltzer (Dec 10)
- Re: ram scraper The Security Community (Dec 10)
- Re: ram scraper Young, Keith (Dec 10)
- Re: ram scraper Valdis . Kletnieks (Dec 10)