Numerous fingerprint “protected” USB sticks on the market purport to allow access to a protected portion of the flash memory only when the proper fingerprint is detected. It turns out that bypassing this “protection” is fairly simple. All you need to do is use the PLscsi tool to send a single USB command – Command Descriptor [...]

The latest exploit affects both Macs and Windows machines. The vulnerability lies in the way FireWire handles Direct Memory Access (DMA). Theoretically, this exploit could be extended to other I/O that use DMA. This exploit is apparently not new, but is receiving more attention due to the recent memory attacks demoed by a few Princeton students. If [...]

PayPal has advised its customers to avoid using Apple’s Safari browser, because it lacks some anti-phishing features that some of the other browsers have. Safari also lacks Extended Validation (EV) certificates. While these anti-phishing measures make users feel warm and safe, they are not the “end-all” of web exploitation. The only person who can fully insure [...]

A group of Princeton computer scientists has published a paper(pdf) demonstrating a method for accessing a computer’s memory to gain access to encryption keys. Contrary to popular belief, RAM contents are not immediately erased once a computer is shut down. It can take 2.5 to 35 seconds for the data to fade away. This time [...]

There is a community of geeks that track the orbit of satellites across the night sky despite the fact that many of these satellites are supposed to be government secrets.(#) “If Ted can track all these satellites,” Pike said, “so can the Chinese.”

Anyone who travels often will drool over the 3-pound computer that’s so thin that it fits into a manila envelope. (Though your IT security department is probably worrying about that capability, right about now.)(#) So, Apple should make their notebooks thicker and heavier to please security professionals?

When Computerworld says it’s a “brick”. Computerworld is reporting that an exploit has been found that affects HP and Compaq computers and results in the computer being “bricked”. According to the article, “the Software Update bugs let an attacker corrupt Windows’ kernel files, making the laptop unbootable, or with a little more effort, allow hacks [...]

Security Update 2007-009 • Address Book CVE-ID: CVE-2007-4708 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A format string vulnerability exists in Address Book’s URL handler. By enticing a user to visit a maliciously crafted website, a remote attacker [...]

Over the past week some Mac sites (four that I know of) were defaced by someone calling himself “malcor”. This, in turn, brought about some panic in the security and Wordpress communities. A couple security firms blogged about the incident (Avert Labs, Blogvis.com) which only served to increase the awareness/panic. The so-called hacker named “malcor” [...]

Secunia has issued a security advisory (SA27755) for a buffer overflow exploit in QuickTime and has labeled it as “extremely critical”. The vulnerability is caused due to a boundary error when processing RTSP replies and can be exploited to cause a stack-based buffer overflow via a specially crafted RTSP reply containing an overly long “Content-Type” header.