Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Memory Scraping Technique Puts Residual Data At Risk

Lieberman Software : 25 February, 2011  (Technical Article)
Lieberman Software explains a new hacking technique known as pervasive memory scraping which scans residual memory traces left after the closure of an application, potentially giving unauthorised access to personally identifiable information

Reports are coming in of a new trend in hacking techniques. Known as ‘pervasive memory scraping,’ the technique relies on the fact that certain areas of Windows memory are only occasionally overwritten, meaning that data from software that has been closed down on the PC, can still remain for some time after.

According to Lieberman Software the red flag was raised recently by the SANS Institute about this new hacker technique. Since then hackers have used the technique to grab personally identifiable information (PII) from users' PCs.

“The SANS Institute is reported to have spotted evidence of this type of attack methodology on an increasing basis. This means that, where a Windows PC user loads a secure application to view data, views that data and then closes the application, there is a chance that the data may continue to reside in the computer's memory for some time after," said Phil Lieberman, CEO of Lieberman Software.

“Put simply, this means that, even if the secure software checks for the presence of trojans and similar credential scanning malware - and locks down the malware whilst it is loaded - once the application is closed, the contents of the computer memory can still be subsequently lifted by a remote scanning piece of malcode,” he added.

The solution to this is quite simple said Lieberman. Users must either use a secure Web browser with a memory sandbox feature - meaning all trace of the viewed data disappears along with the browser as it closes - or that secure data should not be loaded on to the computer in the first place.

Secure/sandbox browser sessions, he explained, are easy to set up and use, but their functionality and interaction with third-party applications on the host computer is severely restricted.

This means, said Lieberman, that the only real solution to the problem of pervasive memory scraping is to store and control private data on a centrally-managed basis.

Using this methodology, he added, ensures that private information is stored and accessed using a data-centric, policy-based protection basis across all endpoints.

"It also, unlike secure/sandbox Web browsing, means that there is minimal impact on the user experience and operational processes in the course of regular business operations," he said.

“The fact that the SANS Institute has expressed concern about this security issue should be a red flag in itself. IT security managers need to be aware of this problem, and how to remediate it without it costing the earth, and causing efficiency issues within their organisation,” he said.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo