May 21
Want to snoop on your friends’ porn viewing habits? Then follow these simple steps:
Step 1. Copy and paste some code into a widget on your website or blog.
Step 2. Send you friends to the webpage where you put the widget. Their porn history will be captured in the widget.
Step 3. See what porn sites your friends have been visiting by looking at the widget you put on your website.
How does this work? The widget takes advantage of a security leak in the web style sheets (CSS). Your web browser displays links you have visited in a different color. The code mentioned above displays a list of porn sites and detects which sites have been visited based on the link color. The best/worst part of this trick is that will likely never be fixed because it is a fundamental feature of the Web browser.
We installed this on one of our blogs, and it failed to catch any of the porn sites that we’ve visited. I guess ProgrammersLoveMeganFox.com isn’t considered porn.
I Caught You Watching Porn
Popularity: 3% [?]
Apr 07
From xkcd: A webcomic of romance, sarcasm, math, and language
More funny stuff
Popularity: 2% [?]
Mar 20
Presenters at the CanSecWest security conference detailed how to sniff data by analyzing keystroke vibrations using a laser pointed at a laptop computer, or through electrical signals coming from a PS/2 keyboard on a PC plugged into an electrical socket.
Using about $80 worth of equipment, researchers pointed a laser on the reflective surface of a laptop between 50 feet and 100 feet away and were able to determine what letters were typed. Line-of-sight is required, but it works through a glass window. Using an infrared laser would prevent the victim from discovering they are under surveillance.
In the second attack method, researchers were able to determine keystrokes on a PS/2 keyboard through a ground line from a power plug in an outlet 50 feet away. They used a digital oscilloscope and analog-digital converter, as well as filtering technology to isolate the keystroke pulses from other power line noise.
Story at CNET
Popularity: 2% [?]
Mar 11
For decades we’ve been told by security software vendors that to truly delete data from a hard drive, you have to overwrite the data multiple times with different patterns of 0s and 1s. But now we can file this away with other computer urban legends.
Computer forensics expert Craig Wright and his colleagues ran a scientific study that overwrites hard drive data and then examines the magnetic surfaces with a microscope. They published their results in Lecture Notes in Computer Science as Overwriting Hard Drive Data: The Great Wiping Controversy.
The study concludes that after a single overwrite of hard drive data, the likelihood of being able to reconstruct a single byte is 0.97 percent. The odds of recovering multiple sequential bytes of data (such as a password or document) are significantly less and would require exact knowledge of where on the hard drive the sensitive data is located.
This means data-wiping software that overwrites data up to 35 times may make you feel better, but it only wastes your time and money.
A much bigger data security hole is to overwrite all copies of the data that’s to be deleted. This is not a problem if you are wiping an entire hard drive, but if you are trying to delete a single sensitive document, you have to worry about temp files, shadow copies, backups, file fragments, the Windows swap file, etc.
Popularity: 1% [?]
Jan 14
Experts from more than 30 U.S. and international cyber-security organizations jointly released a consensus list of the 25 most dangerous programming errors that lead to security bugs and cyber-crime.
The impact of these programming errors is significant. Just two of these errors resulted in more than 1.5 million website security breaches during 2008. These breaches allowed malicious software to take control of the computers that visited those web sites, turning their computers into zombies that committed further cyber-crimes.
Shockingly, most programmers do not understand or look for these errors. Colleges rarely teach programming students how to avoid these errors. And most software companies don’t explicitly test for these errors before releasing their products.
Continue reading »
Popularity: 4% [?]
