Actually in order for them to be sent to the server they have to be loaded into a variable that has an allocated memory space before they can be sent to the server or else the keystrokes could never make it to the server or to the operating system for that matter or even out of the keyboard buffer which is also memory and readable.
Sooooo as I mentioned before, it adds no security at all. Now sure it may not stay resident in memory but that adds no security all because again with the right coding ability you could easily read the password from the keyboard buffer or the variable used as a password sending queue. Not to mention the fact that the password you entered is also stored in memory by the protocol stack for a split second before it is forwarded out of your machine.
I have to admit though, this VU does not seem as bad as some I have seen.
Last edited by Kaiser; 12-13-2007 at 04:03..
|