Typing your password or credit card number into a computer is a moment's work. But if you think your personal details disappear as soon as you hit the Return key, think again: they can sit on the computer's hard disk for years waiting for a hacker to rip them off.
They hope their results will convince programmers to work harder at making computers more secure.
As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. There are some obvious safeguards, such as never allowing your computer to store your passwords. But even that is no guarantee of security.
When you type in a password, it is stored in random access memory (RAM), where it is held temporarily until other data overwrites it or the computer is switched off.
But every so often, the computer copies the contents of its RAM onto hard disk, where it is easy prey for a hacker, who can read it directly or design a worm to email it back. The longer sensitive data stays in RAM, the more likely it is to be copied onto the disk, where it stays until it is overwritten – which might not happen for years. [Privacy Digest]