PuTTY 0.62 Released - Prevents passwords from being retained in memory.
chiark.greenend.org.ukThe security issue itself is described in [1]. Also worth note (at least for me, not used to reading PuTTY's release notes and issue pages) is their class/difficulty/priority breakdown of the issue. I had never seen that pattern before.
The original link also points incidentally to a nice, recently updated survey of cryptography laws around the world. [2]
[1] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/p...
What are tuits and why are they fun?
Tuits come in all shapes and sizes, but round ones are particular prized. It's amazing the amount of work you can accomplish once you get a round tuit.
I see now. (I had been afraid that my Google-Fu had left me, but apparently only my english skills were lacking.)
For anyone else who thinks their english skills lacking, make sure you read the gp's post aloud
This seems like a huge bug fix. What is the likely hood that the memory will be read by malware in previous versions? As in, does the malware process need administrative privileges to read the other processes memory?
I prefer using mintty with cygwin. This hole is absent from there since you'd be using openssh to manage logins.
This also gives rsync, scp and all the other benefits of commandline ssh. Mintty was enough for me to be able to put off installing Debian for another month.
I love Putty! It is one of my favorite Windows programs.