It’s not surprising that some frightening new security exploits came out of the Black Hat conference in Washington DC this week. One exploit in particular caught my eye because it relates to something I carry around in my wallet, my American Express credit card.
A guy named Adam Laurie who is considered an expert [...]

[Read more →]

New research shows that it’s possible to retrieve an encryption key from DRAM (the main memory chips used to store data while the system is running) during a power cycle.
Apparently the data on a DRAM chip fades slower at power loss than experts believed, allowing it to be retrieved with a quick reboot into a [...]

[Read more →]

Just two days ago I wrote about penetration testing using Firefox extensions. Well it turns out there’s another interesting security auditing tool that has just been released called Goolag Scanner, which essentially uses the Google search engine to attempt to “Google Hack” into your site. The results of the scan do not harm [...]

[Read more →]

If you write web applications as a hobby or a business, you should ensure they are as secure as possible before launching them into public beta. All too often we hear that flaws in software code are exploited by hackers every day, most of the time these exploits are the result of sloppy code. [...]

[Read more →]

According to a recent report by engadget posted earlier this week, you’d be well advised to steer clear of digital photo frames for a little while. Apparently the trojan that was found on the Insignia units (manufactured in China) is worse than initially thought by security researchers at Computer Associates.
The trojan is able to [...]

[Read more →]

Recently Acrobat and Quicktime both had some major security flaws, that could be alleviated with product upgrades/patches. The problem is, more often than not people simply don’t know they’re running a vulnerable version of a product. Either the software informs them, depending on settings, or they never upgrade and end up with a [...]

[Read more →]

According to a security research company in Russia, Real Player 11 has a zero-day security vulnerability. A zero-day vulnerability means there are instances of this vulnerability in the wild affecting computers, even before the software vendor (Real in this case) can produce a patch to fix the affected software. Apparently the Russian research company [...]

[Read more →]

Do you have 1 universal password for every thing you do online, or do you follow best practices and create a unique password for everything? If I had to wager a guess I would say a majority of users create 1 or maybe 2 passwords that are both easy to remember and used for [...]

[Read more →]

Just three days ago on February 7th Firefox 2.0.0.12 was released. The bad news is that if you downloaded this version you were immediately vulnerable to a directory traversal trick, via the view-source mechanism. The good news is you can protect yourself from this vulnerability by disabling scripting in Firefox. There [...]

[Read more →]