Friday, March 26, 2010

My Question on the Security Now Show

Security Now!

I have been following a Security Now! show for a while. It is a weekly show where Steve Gibson and Leo Laporte talk about Security. You can find the show at GRC or TWIT. But usually, I subscribe to its podcast version on i-Tune.

Why do I like this show
Steve Gibson is not only a Security Guru, but also the one who know how to make things easy. The show is fun and insightful. I have learned a lot listening to this show during past few years.


How do I find time to listen?
Life is busy, isn't it? Fortunately of our five senses, listening does not  require much attention. I listen very frequently during a day--walking from one place to another, driving, jogging, even brushing. It's amazing how much time you can find out of your daily activity.


The Show, the comments, and the questions.
On every other episode, Steve chooses and replies 12 questions and comments from listeners. As you might expect, I have great respect for Steve Gibson. You can imagine how much message a public figure like him get everyday. Getting a question selected means that the question means something. It is of interest to the general public.


My Question is ...
in response to the comment to Steve's comment on "should we encrypt data in RAM?" The quick answer was "no, since the data in RAM is lost as soon as the computer loses its power".

Then my comment was "you might want to be a bit careful". From time to time, computers write data in RAM into a swap space (e.g., pagefile.sys in a windows system). This can be a problem if a bad guy get a hold of your computer. In fact, Steve's answers was swap space is the of the first places, where the computer forensic investigators look for sensitive data. The solution is to use full hard drive encryption such as Truecrypt, which encrypts the pagefile.

----------------------------------------------------------------------------------
To probe further, you may listen to at my comments around 01:05:32 - 01:13:29 of the epoisode 278 [ get it here ] or  [ get it here ] of Security Now!

No comments: