From the course: Threat Modeling: Information Disclosure in Depth
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Metadata and security
From the course: Threat Modeling: Information Disclosure in Depth
Metadata and security
- [Instructor] Processes have secrets, almost like people do. Processes want to keep their cryptographic keys and random numbers secret. They want to protect passwords that you've provided. This isn't information that needs to be protected in and of itself, it's stepping stones to other things attackers want. Information can be disclosed intentionally to a log, in a configuration file, or other storage. It can also be disclosed accidentally by a crash dump, in error message, or by your analytics software not knowing it was a secret. Like the secrets that process use to protect your information, they have information that they use to protect themselves. On a modern operating system where memory layout is randomized, information about that randomization is a stepping stone. It's not just secrets. Live file handles or socket handles can be stolen. Lastly, sometimes a process will use its own memory to provide random data.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.