A short while back, researchers at Princeton University published a detailed research paper in which they discussed the process of recovering encryption keys out of computer memory (RAM) after a cold boot.
The researchers successfully recovered encryptions keys for popular disk encryption systems such as BitLocker, dm-crypt and developed new algorithms for finding such keys in [...]

Today Flash is the de-facto standard for developing interactive and rich web-based applications. It even comes installed on every new computer (it’s part of Windows XP installation). That’s what makes Flash applications a perfect target for client-side attacks.
So what exactly makes Flash a potential security threat? Its features. Flash applications can execute JavaScript when embedded [...]

Untidy is a Python-based XML fuzzer. It takes XML data as input and generates a set of modified, potentially invalid XML data based on the source input.
In a nutshell, fuzzing testing, is a software testing technique that sends random inputs to an application. If the target application contains a vulnerability that can lead to a [...]

Email is sent across the Internet as plain text, which means that almost anyone can read your private emails and sensitive information. We’ve already covered before how to send encrypted emails with Mozilla Thunderbird, and while Thunderbird is a cross-platform email client that will work on Mac OS X, it just might not be your [...]

The central ingredient of Web 2.0 web applications is Ajax. There is not security weakness in Ajax itself, but adaptation of this technology has changed the Web application development approach.
aSSL, or Ajax Secure Service Layer, is an open source library designed to substitute the need for Secure Socket Layer (SSL) in Ajax web-applications. In a [...]

Most Windows users work with administrative privileges all the time. Everything they do, from browsing the Internet, and writing documents is performed with full and unnecessary administrative control. From a security perspective, running with administrative privileges is dangerous to your computer and data, but sometimes it’s part of the job.
Web browsing and reading emails are [...]

Clipperz, the recently launched online password manager, can be used to store any kind of sensitive information, such as passwords, confidential notes, credit and debit card details, and so on.
It is free and completely anonymous, and the real cool feature is the direct login: users can save the credentials of their online accounts into [...]

If you are responsible for the security of your web applications, you know that auditing them for vulnerabilities is a challenging task. You will want to get familiar with the W3AF Web application attack and auditing framework to test your web applications before an attacker with malicious intent does it for you.
W3AF is designed for [...]

Phishing attacks have become the epidemic in the past few years. They usually involve fraudulent web sites and email scams that try to collect sensitive information from Internet users such as account names, passwords, and credit card numbers.
To combat phishing attacks, you must know how to spot a phony web site. However, without proper knowledge, [...]

In Windows Vista, you have limited privileges on the machine, although you’re a power user. This means that programs you run have limited permissions, and you must elevate your privileges whenever you want to perform certain administrative-tasks, such as changing system settings or installing programs.