Pervasive memory scraping enables hackers to grab personally identifiable information from users' PCs Pervasive memory scraping enables hackers to grab personally identifiable information from users' PCs - RSS feed from Security Park
(28/02/2011)

The SANS Institute has reported a new trend in hacking techniques, used by hackers to grab personally identifiable information (PII) from users' PCs. Known as ‘pervasive memory scraping,’ the technique relies on the fact that certain areas of Windows memory are only occasionally overwritten, meaning that data from software that has been closed down on the PC, can still remain for some time after.

“The SANS Institute is reported to have spotted evidence of this type of attack methodology on an increasing basis. This means that, where a Windows PC user loads a secure application to view data, views that data and then closes the application, there is a chance that the data may continue to reside in the computer's memory for some time after," said Phil Lieberman, CEO of Lieberman Software.

“Put simply, this means that, even if the secure software checks for the presence of trojans and similar credential scanning malware - and locks down the malware whilst it is loaded - once the application is closed, the contents of the computer memory can still be subsequently lifted by a remote scanning piece of malcode,” he added.

The solution to this is quite simple said Lieberman. Users must either use a secure Web browser with a memory sandbox feature - meaning all trace of the viewed data disappears along with the browser as it closes - or that secure data should not be loaded on to the computer in the first place.

Secure/sandbox browser sessions, he explained, are easy to set up and use, but their functionality and interaction with third-party applications on the host computer is severely restricted.

This means, said Lieberman, that the only real solution to the problem of pervasive memory scraping is to store and control private data on a centrally-managed basis. Using this methodology, he added, ensures that private information is stored and accessed using a data-centric, policy-based protection basis across all endpoints.

"It also, unlike secure/sandbox Web browsing, means that there is minimal impact on the user experience and operational processes in the course of regular business operations," he said.

“The fact that the SANS Institute has expressed concern about this security issue should be a red flag in itself. IT security managers need to be aware of this problem, and how to remediate it without it costing the earth, and causing efficiency issues within their organisation,” he said.

Related topics:  Hacking and intrusion prevention   Internet and Web security   Security threats and vulnerabilities 


print versionPrint version | email this to a friendEmail to a friend | related articlesRelated articles


Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.


Other Security news and resources


Security News Suppliers Directory Jobs forum Classifieds Knowledge base White papers Research library Security books Special reports Security interviews Security companies Security events Security links Security market

Product channels

Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products

IT Security white papers and research library

Access Control  Authentication  Data Management  Data Security  Digital Signatures  Email Security  Identity Management  Internet Security  Intrusion Prevention  Network Security  Remote access security  Security Management  Security Policies  Security Software  Security Threats  Virus Detection Software  Virus Protection  VPN  Vulnerability Assessment  Wireless Security 

Security books, guides, standards and toolkits

RFID and Smart Cards books, guides and reference documents  Biometric books, guides and reference documents  CCTV books, guides and reference documents  Intruder alarms and intrusion detection systems books, guides and reference documents  Monitoring and surveillance books, guides and reference documents  IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits  Fire, Health & Safety books, guides and reference documents

Security Resources
Directory GET LISTED! Jobs forum Classifieds Knowledge base White papers Research library Security books Security videos Special reports Security companies Security events Security links Security market Company news

Security Products
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Security products

Security Markets
Bank and financial services security Corporate and enterprise security Education and school security Entertainment and events security Homeland and Government security Hospital and healthcare security Infrastructure and utilities security Manufacturing and industrial security Public sector security Residential and home security Retail security Small business security Sports and recreational security Transport and logistics security


Ensure that you conduct an effective information security risk assessment that is in line with ISO 27001 by purchasing vsRisk™ Risk Assessment Tool

Need a
Security reference book?
Find it on Amazon
Security books







advertise
sumbit an article
copyright
terms & conditions
privacy policy


CMS and Web design by www.Areza.com

Article search

Directory search


add your company
Google

ISO 18028 (Network Security Management)
Home | About | Contact | Submit article | Advertise | Newsletter | RSS | Search