PuTTY 0.62 Released - Prevents passwords from being retained in memory. (opens in new tab)

(chiark.greenend.org.uk)

41 pointsRefringe14y ago9 comments

9 comments

The security issue itself is described in [1]. Also worth note (at least for me, not used to reading PuTTY's release notes and issue pages) is their class/difficulty/priority breakdown of the issue. I had never seen that pattern before.

The original link also points incidentally to a nice, recently updated survey of cryptography laws around the world. [2]

[1] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/p...

[2] http://rechten.uvt.nl/koops/cryptolaw/

cstuder14y ago

What are tuits and why are they fun?

biot14y ago

Tuits come in all shapes and sizes, but round ones are particular prized. It's amazing the amount of work you can accomplish once you get a round tuit.

1 more reply

skeletonjelly14y ago

This seems like a huge bug fix. What is the likely hood that the memory will be read by malware in previous versions? As in, does the malware process need administrative privileges to read the other processes memory?

ak21714y ago

I prefer using mintty with cygwin. This hole is absent from there since you'd be using openssh to manage logins.

kaerast14y ago

This also gives rsync, scp and all the other benefits of commandline ssh. Mintty was enough for me to be able to put off installing Debian for another month.

RexRollman14y ago

I love Putty! It is one of my favorite Windows programs.

j / k navigate · click thread line to collapse