nCifer published a paper describing this technique at the begining of last year - http://www.ncipher.com/products/files/papers/angui lla/keyhide2.pdf. This technique was used to show that Microsoft had two keys in its Crypto API.dll.
If you can subvert a server then you can scan memory or the swap file for possible keys and post them back to the attacker. The search space is tiny compared to the whole of the server's file system.
Slashdot Mirror
Or even Groovier
#!/usr/bin/env groovy
println "Hello world"
args.each {println "Argument: ${in}"}
In order to complain you need to download a Microsoft Word document from http://www.informationcommissioner.gov.uk/eventual .aspx?id=95
Then you need to print it out, fill it in, sign it and them snail mail it to the Agency.
It beggers belief
nCifer published a paper describing this technique at the begining of last year - http://www.ncipher.com/products/files/papers/angui lla/keyhide2.pdf. This technique was used to show that Microsoft had two keys in its Crypto API .dll.
If you can subvert a server then you can scan memory or the swap file for possible keys and post them back to the attacker. The search space is tiny compared to the whole of the server's file system.