Session Hijacking in Windows Networks

Saturday, March 29th, 2008

I found a great write-up over at SANS that goes over session hijacking in amazing detail.  Click the link below to read the full 49-page white paper. Session Hijacking in Windows Networks

Guarding the guardians: A story of PGP key ring theft

Thursday, March 27th, 2008

A couple of weeks ago, we received a CHM, or Windows Help file, embedded in e-mail as part of a targeted attack campaign against an NGO. Virus detection was near zero. On Virustotal.com, two solutions actually flagged it as malicious. After decompiling the CHM file, which you can easily do using tools ...

New Technique Eases Encryption for Databases

Thursday, March 20th, 2008

Voltage Security offers to make deploying encryption at the database level less painful with a technique called Format-Preserving Encryption. Shocking the encryption market is not easy to do, but officials at Voltage Security must hope their new approach to encryption will do exactly that. The company's flagship SecureData product uses a cryptographic ...

Wi-Fu! Attacking the 802.11 Client

Monday, March 17th, 2008

Wi-Fu! More than just a statement, it reflects you wireless security skill set from knowledge and practical experience. This covers everything from using the tools out there to profile and attack your wireless network, to checking the security of your client devices yourself. If you feel your Wi-Foo is slipping, ...

TrueCrypt 5.1 Is Out

Tuesday, March 11th, 2008

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the ...