A short while back, researchers at Princeton University published a detailed research paper in which they discussed the process of recovering encryption keys out of computer memory (RAM) after a cold boot.

The researchers successfully recovered encryptions keys for popular disk encryption systems such as BitLocker, dm-crypt and developed new algorithms for finding such keys in memory images.

msramdmp is a bootable syslinux USB stick that manages to boot itself without overwriting the contents of RAM. This allows msramdmp to dump the contents of RAM to the USB stick for information gathering purposes. Those who can’t boot from a USB device can use the bootable ISO version.

Today Flash is the de-facto standard for developing interactive and rich web-based applications. It even comes installed on every new computer (it’s part of Windows XP installation). That’s what makes Flash applications a perfect target for client-side attacks.

So what exactly makes Flash a potential security threat? Its features. Flash applications can execute JavaScript when embedded in a HTML page; Forge binary requests and HTTP requests; Execute external Flash movies and much more. And let us not forget the multiple vulnerabilities recently discovered.
Continue Reading »

Untidy is a Python-based XML fuzzer. It takes XML data as input and generates a set of modified, potentially invalid XML data based on the source input.

In a nutshell, fuzzing testing, is a software testing technique that sends random inputs to an application. If the target application contains a vulnerability that can lead to a crash, or a server error (in case of web applications), it can be determined and be noted. Continue Reading »

Want to jailbreak your 1.1.1 iPhone so you can install third party applications and use it on any GSM network? Now you can. Two weeks after Apple released the update that disabled iPhones that had been unlocked or had third-party software installed, the iPhone Dev Team has officially announced the iPhone 1.1.1 Jailbreak. Continue Reading »

Public areas that offer access to the Internet (airports, open wireless networks etc.) have no security in place. If you’re at a public WiFi spot, your personal information can be sniffed by other malicious users. This hack will show you a way to secure your web browser when using public networks.

In a nutshell, we’re going to setup a proxy server (Squid) on a trusted SSH server and create a secure connection from our laptop, over a public network to a secure remote server. We’ll tell the browser to use the secure SSH tunnel as a HTTP proxy. Continue Reading »

For most Internet users, spam is a daily hassle that can’t be remedied easily. Chances are that if you use Gmail, you’re less concerned about spam due to the excellent Gmail spam filter.

However, if you’re looking for a way to prevent untrusted web services from having your Gmail address and flooding you with spam, you should consider making an alias of your Gmail address to use when signing up for untrusted web sites. Continue Reading »

Laptop theft is a huge problem. It is common nowadays to use a laptop to get work done away from your home or office. Unfortunately, the mobility and technology that make laptops so valuable also make them the target for theft around the world.

If your laptop is stolen, company information can be exposed, as well as your personal information can lead to identity theft. In this hack, we’ll show you 5 essential tips to learn how you can keep your laptop more secure. Continue Reading »

Email is sent across the Internet as plain text, which means that almost anyone can read your private emails and sensitive information. We’ve already covered before how to send encrypted emails with Mozilla Thunderbird, and while Thunderbird is a cross-platform email client that will work on Mac OS X, it just might not be your favorite email application.

If you’re concerned about your email’s security, this hack shows four easy steps to configure Apple’s Mail.app email client to send and receive encrypted emails. Continue Reading »

Privacy and security are two very real concerns. The default settings in Firefox are pretty good at protecting your privacy and security, but you can make some adjustments to protect yourself even more. In this hack, we’ll show you how to prevent malicious JavaScript code to alter your browser and steal your information.

Why would you need to protect yourself from JavaScript code? Malicious JavaScript code is a new emerging threat that no one has yet figured out how to fix without degrading your Internet experience. Continue Reading »

The central ingredient of Web 2.0 web applications is Ajax. There is not security weakness in Ajax itself, but adaptation of this technology has changed the Web application development approach.

aSSL, or Ajax Secure Service Layer, is an open source library designed to substitute the need for Secure Socket Layer (SSL) in Ajax web-applications. In a nutshell, aSSL enables the browser to negotiate a secret random 128-bit key with the server using the RSA algorithm. Once a connection is established, the transmitted data will be encrypted using the AES encryption algorithm.

The aSSL library lets web developers to send data safely over the Internet when SSL is not available, or not needed. aSSL is designed for Ajax developers and includes both client and server-side code. aSSL should be be used in non-critical web applications such as chats, blogs and so on.