Gmail Security Flaw Proof of Concept

Monday, November 24th, 2008

Is it possible for someone to create a malicious filter without having access to your Gmail username and password? No, however, they can force you to create the filter without your knowledge. The blogosphere is buzzing about a Gmail Security Flaw that has caused some people to lose their domain names ...

TrueCrypt 6.1 encryption software released

Monday, November 3rd, 2008

TrueCrypt 6.1, the open source, cross platform disk encryption tool, now supports the encryption of non-system partitions under Windows Vista and Server 2008, without losing the existing data on that partition. However users need to choose "Create Volume/Encrypt a non-system partition/Standard volume/Select Device/Encrypt partition in place" to make use of ...

Keyboards can be snooped remotely

Tuesday, October 21st, 2008

Computer keystrokes can be snooped from afar by detecting the slight electromagnetic radiation emitted when a key is pressed, according to new research. Other security experts have theorised keyboards were vulnerable to such detection, wrote Sylvain Pasini and Martin Vuagnoux, both doctorate students with the Security and Cryptography Laboratory at the ...

Anatomy of a SQL Injection Attack

Wednesday, October 8th, 2008

While there are a number of security risks in the world of electronic commerce, SQL injection is one of the most common Web site attack techniques used to steal customer data such as credit card numbers, hold customer data hostage by encrypting it or destroy data outright. Where a Web server ...

Wells Fargo Passwords Are Not Case-Sensitive!

Friday, September 5th, 2008

I just heard on the Security Now podcast a listener mention that his Wells Fargo password was not case-sensitive.  I'm not a Wells Fargo user but several users who are that I asked this morning actually confirmed this.  You will be logged in no matter what case you enter into ...