The safer SecureZeroMemory()

Paladion
By Paladion

September 8, 2005

A few months ago, we discussed how memory viewers could be used to see the residues of passwords in memory. In a recent issue of Palisade, Priyali explains how the enhanced SecureZeroMemory() function is useful to solve this problem in .Net applications.

The ZeroMemory() function was available in Visual C++ to fill blocks of memory with zeroes, say the password variable after authentication, or credit card details after authorization. That, however, wasn't secure enough. The ZeroMemory function could easily get optimized out by the compiler, if the block of memory it filled was never used again. The compiler would observe that the memory being modified was never referenced again, and so silently ignore the call to ZeroMemory.

SecureZeroMemory fixes that problem. It ensures that the memory is filled with zeroes even if the memory is never used again.


Tags: Uncategorized

About

Paladion

SUBSCRIBE TO OUR BLOG

Buyers-Guide-Collateral

WHITEPAPER

Buyer’s Guide to Managed Detection and Response

Download
MDR

Get AI Powered

Managed Detection and Response

MDR-learmore-btn

 

MDR-Guide-Collateral

REPORT

AI-Driven Managed Detection and Response

Download Report
Episode

EPISODE-25

Red-LineAsset-6

Why Your ‘Likes’ on Facebook May Be Revealing Far More than You Thought

Click URL in the Post for the Full Podacst
  • FacebookAsset
  • LinkedinAsset
  • TwitterAsset