Gozi: The new trojan on the block.

A fascinating new trojan that manges to steal data, thought to be safe because of SSL/TLS, using advanced winsock2 functionality. Read the Secureworks article here. Discovered in January, it spread through an IE browser exploit.

Bot Infected PCs on the rise

Number of bots (infected PCs controlled by a hacker) has gone up significantly in March according to an article here. Another article on Securityfocus.org explains how China is becoming the new epicenter of Bot infected PCs with 26% of infected machines being in that country. Read here.

Vista kernel security features

Good article on reliability, recovery and security features in Microsoft's Vista OS. Read here.
Highlights include full-volume encryption and address space load randomization (long time coming in my opinion).

Wireless Forensics

Cool article on Securityfocus: Wireless Forensics: Tapping the Air. Part-1 and Part-2

Talk: Anatomy of a voting system hack

Harri Hursti is giving a talk on "Anatomy of a voting system hack" at the next Princeton ACM meeting on March 15, 2007.

Windows updates and user-consent

First we learnt from Heise Security that the Windows Genuine Advantage (WGA) tool sends some user computer related data to microsoft servers even if the user cancels installation of WGA. This includes values from the registry such as a unique GUID which may aid in computer identification. Now it turns out all Microsoft updates engage in similar behaviour. A Microsoft developer says it's all innocuous.

Photo Authentication coming in Photoshop

Last few years have seen multiple high-profile photo altering scandals in the news. In light of these Adobe has decided to move towards introducing a photo-authentication plugin in Photoshop. Read the related Wired story here.

Cloning RFID passports

A "Daily Mail" article chronicles how the new RFID passports in UK can be cloned. Poor security design continues to be the bane of emerging RFID applications. Read article here