[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

• Previous message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Next message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Larry Sheldon writes:

> On 4/14/2014 9:38 AM, Matthew Black wrote:
> >Shouldn't a decent OS scrub RAM and disk sectors before allocating
> >them to processes, unless that process enters processor privileged
> >mode and sets a call flag? I recall digging through disk sectors on
> >RSTS/E to look for passwords and other interesting stuff over 30
> >years ago.
> 
> I have been out of the loop for quite a while but my strongly held
> belief is that such scrubbing would be an enormous (and intolerable)
> overhead in any but a classified system running up around "secret"
> or higher. (I know of a system in Silicon Valley where they would
> bring us core dumps to print because their system was down so hard.

In 2005, Stanford researchers "found that with careful design and
implementation, secure deallocation can be accomplished with minimal
overhead (roughly 1% for most workloads)".

https://www.usenix.org/legacy/events/sec05/tech/full_papers/chow/chow.pdf

This is for the RAM case rather than the disk case; maybe disk is worse
because writes are more expensive.

-- 
Seth David Schoen <schoen at loyalty.org>      |  No haiku patents
     http://www.loyalty.org/~schoen/        |  means I've no incentive to
  FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150  |        -- Don Marti

• Previous message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Next message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]