Zero Knowledge

Tuesday, March 27, 2007

Gozi: The new trojan on the block.

A fascinating new trojan that manges to steal data, thought to be safe because of SSL/TLS, using advanced winsock2 functionality. Read the Secureworks article here. Discovered in January, it spread through an IE browser exploit.

Bot Infected PCs on the rise

Number of bots (infected PCs controlled by a hacker) has gone up significantly in March according to an article here. Another article on Securityfocus.org explains how China is becoming the new epicenter of Bot infected PCs with 26% of infected machines being in that country. Read here.

Wednesday, March 21, 2007

Vista kernel security features

Good article on reliability, recovery and security features in Microsoft's Vista OS. Read here.
Highlights include full-volume encryption and address space load randomization (long time coming in my opinion).

Saturday, March 10, 2007

Wireless Forensics

Cool article on Securityfocus: Wireless Forensics: Tapping the Air. Part-1 and Part-2

Talk: Anatomy of a voting system hack

Harri Hursti is giving a talk on "Anatomy of a voting system hack" at the next Princeton ACM meeting on March 15, 2007.

Windows updates and user-consent

First we learnt from Heise Security that the Windows Genuine Advantage (WGA) tool sends some user computer related data to microsoft servers even if the user cancels installation of WGA. This includes values from the registry such as a unique GUID which may aid in computer identification. Now it turns out all Microsoft updates engage in similar behaviour. A Microsoft developer says it's all innocuous.

Photo Authentication coming in Photoshop

Last few years have seen multiple high-profile photo altering scandals in the news. In light of these Adobe has decided to move towards introducing a photo-authentication plugin in Photoshop. Read the related Wired story here.

Thursday, March 08, 2007

Cloning RFID passports

A "Daily Mail" article chronicles how the new RFID passports in UK can be cloned. Poor security design continues to be the bane of emerging RFID applications. Read article here

Wednesday, September 13, 2006

Hacking the Diebold AccuVote-TS voting machine

Ari Feldman, Alex Halderman and Ed Felten have just released a paper exposing security problems in the Diebold AccuVote-TS voting machine. Click here to find out how easily elections can be stolen.

State of Hash functions

Check out these notes from a panel discussion at the second hash workshop held at NIST. Very interesting read to gauge the state of hash functions today and thoughts about the future from the guys who really know their stuff.

2006 Young Innovators Under 35

2006 Young Innovators Under 35: "The editors of Technology Review have once again selected the TR35, 35 outstanding young innovators under the age of 35. Their work--spanning medicine, computing, nanotechnology, and a lot more--is changing our world."

Friday, September 08, 2006

The Great '06 Cannon Hack

The Great '06 Cannon Hack: "A resourceful (and, of course, anonymous) group of MIT students pulls off a bicoastal prank."

Samsung website hosts password stealing trojan

Samsung website hosts password stealing trojan: "Samsung's US Web site is hosting a Trojan horse that logs keystrokes, disables antivirus applications and steals online banking access codes."

Any website can see what you have on your clipboard

Any website can see what you have on your clipboard: "That is if you're using Windows + IE which lots of people do. Copy something onto your clipboard and then follow the link & scroll to the bottom. Never copy and paste a password again- no, I know you'd never do it, but tell your parents not to :)"

Facebook Scrambles after Unexpected Privacy Fumble

Facebook Scrambles after Unexpected Privacy Fumble: Facebook is responding to the recent uproar among its users by deploying better privacy protections and control, as well as being more open about future changes. This could be a case study for other social networking sites on how to avoid or deal with similar problems in the future.