Monday, April 7th, 2008
Billy Rios has discovered a vulnerability in the Google Code service which could be exploited to steal passwords from developers who have registered on the site. The Google Security Team has since fixed the vulnerability.
Rios succeeded in gaining cross-domain access by uploading a crafted Java applet to a project on ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Sunday, April 6th, 2008
Spyware authors have ramped up their malicious code to invade users' privacy at unprecedented levels. The following list describes some of the most malicious activities of today's spyware, illustrating the need for solid antispyware defenses.
Changing network settings: To prevent signature updates for antivirus and antispyware tools, some spyware alters the ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, March 31st, 2008
Building on earlier research into cold-boot attacks on computer memory, two consultants showed off their prototype tools for grabbing passwords from untended computers, during a session at the CanSecWest conference last week.
The consultants -- Sherri Davidoff and Tom Liston, both of security firm Intelguardians -- found that numerous Windows and ...
Posted in Hardware, Privacy, Security | No Comments
Thursday, March 27th, 2008
While there might not be new malicious threats under the sun, there are plenty of new ways to spin old virus attacks. Trend Micro researchers discovered last weekend a new variation of a MBR rootkit released in the wild, which contains new technology to prevent detection. When combined with Web ...
Posted in Internet, Privacy, Security | No Comments
Wednesday, March 26th, 2008
winlockpwn is a memory analysis tool released by Adam Boileau of storm.net.nz. This utility exploits firewire's direct memory access. The operating system allows firewire devices to directly read/write memory without having to go through the processor. Sounds handy right? I installed winlockpwn on Ubuntu 7.10 and a fully patched Windows ...
Posted in Internet, Linux, Privacy, Security, Windows | 2 Comments