" Solid-state drives are fast becoming popular replacements for hard drives, especially in laptops, but experts caution that SSDs aren't as secure as commonly thought." - imabonehead
via Bookmarklet
"A hacker could easily unsolder NAND chips from an SSD and read the data using a flash chip programmer.
Once the data is read, the files could be reassembled using data recovery software, Handy said. "There's really nothing sophisticated about this process," he said.
Another physical hack involves using an ultraviolet laser to wipe out lock bits -- or encryption locks -- from fuses on chips that secure SSDs, said a chip hacker who prefers to be called Bunnie and runs the blog site bunnie studios. Data arrays from SSDs can be read using standard means after the lock bits are wiped." - imabonehead
"Steganography uses innocuous documents, usually an image file, as carriers for secret messages. Unlike encryption, steganography encodes the message while at the same time concealing the fact that a message is being sent at all. The Greek-derived name means “covered writing.” The earliest steganographers were said to be Greek generals who tattooed sensitive information onto the shaved heads of messengers. Once the hair grew back, the messenger could travel without suspicion to the intended recipient, who “decrypted” the secret message by shaving the messenger’s head again. In its current incarnation, steganography often makes use of e-mail, an ideal carrier for any corporate spy, disgruntled employee, or terrorist." - imabonehead
via Bookmarklet
"Bertolino’s method turns this technology on itself. The key to jamming steganography, he says, is using steganography—what he calls “double-stegging.” Double-stegging adds some noise, scrambling some of the image’s least-significant bits. “As long as you’re damaging at least some part of the file,” Bertolino explains, the hidden file becomes garbled and cannot be deciphered." - imabonehead
"A security researcher has been in discussions with Google on an exploit he plans to release that would allow a hacker to easily intercept someone's communications with supposedly secure Web sites over an unsecured Wi-Fi network, but other sites, like Facebook, Yahoo Mail, and Hotmail, remain vulnerable.
Mike Perry, a reverse engineer and developer at Riverbed Technology, says he announced on the BugTraq e-mail list a year ago a common flaw with the way Web sites implement the SSL (Secure Sockets Layer) protocol that is designed to protect people's data when they surf the Web. Typically, they only use SSL for encrypting communications during the log-in stage, he says." - imabonehead
via Bookmarklet
I'm glad it's being pointed out (again) and getting some attention, but these types of sidejacking attacks have been known about for a long time. What we need is for the average user to get informed. Accessing ANY sensitive personal data on an open wifi network is just a very bad idea, unless you are using a SSL'd VPN tunnel of some sort (SSH, IPSec, PPTP, etc) and even then you want to be Very sure the initial sign-on to the Tunnel is done in a correct and completely un-sniffable way. - Freemor
"Most people know Websense as the forbidding white page that pops up when you try to visit a Web site your employer doesn't care for. But that business isn't enough in the ever more complex world of Internet security.
That's why Websense (NasdaqGS:WBSN - News) has been buying companies that help it become a more complete Web security firm. Most recently, it shelled out $400 million last fall for one of its biggest rivals, SurfControl." - imabonehead
via Bookmarklet
