Anonymous and Secure TorFox Browser

Tuesday, June 16th, 2009

Torfox is a mash-up between Firefox and Tor. Ideally, we want to completely remove all direct communication between Firefox and the localhost. Instead, all address lookups are done through tor-resolve and all connections are made through tor socks server. Right now the project only works on Windows and relies on ...

Computer Security Myth: Defeating Keyloggers With Onscreen Keyboards

Monday, June 15th, 2009

I recently came upon a few articles that once again offered the computer security tip to use onscreen keyboards to defeat keyloggers. Most of these tips are suggesting to install an onscreen keyboard or make use of the default one of the operating system to defeat keyloggers while making transactions ...

Firefox 3.0.11 Released

Thursday, June 11th, 2009

Firefox 3.0.11 fixes several security issues found in Firefox 3.0.10: JavaScript chrome privilege escalation XUL scripts bypass content-policy checks Incorrect principal set for file: resources loaded via location bar Arbitrary code execution using event listeners attached to an element whose owner document is null Race condition while accessing the private data of a NPObject JS wrapper ...

The First Few Milliseconds of an HTTPS Connection

Thursday, June 11th, 2009

Here is a great post from Jeff Moser over at Moserware that gives you a detailed walk-through of what exactly happens when you make an https connection to a server (in this example: amazon.com). So much more happens than just the URL changing from http to https and a padlock ...

Attacks on SHA-1 made even easier

Thursday, June 11th, 2009

Australian researchers have described a new and faster way of provoking collisions of the SHA-1 hash algorithm. With their method, a collision can be found using only 252 attempts. This makes practical attacks feasible and could have an impact on the medium-term use of the algorithm in digital signatures. SHA-1 is ...