Instant decryption of MS Office 2010 documents now possible

Passware announced Passware Kit Forensic 11.7, which includes live memory analysis and subsequent decryption of MS Word or Excel 2007-2010 files. In addition, the new version instantly decrypts PGP Whole Disk Encrypted volumes and recovers passwords for Apple disk images.
Full Story

RSA Software Tokens Hacked

As if the RSA hack last year wasn't enough. Now researchers have found flaws in their software based tokens.

What is a SSL cert?

A funny and interesting way to explain it to dummies (and a reference to rest of us).

Anonymous claims it hacked a DOJ site

The U.S. Department of Justice said Tuesday it was looking into the unauthorized access of a website server in its statistics wing, after hacker group Anonymous claimed to have collected and released 1.7GB of data from it.
Full Story

Banking malware spies on victims by hijacking webcams, microphones, researchers say

A new variant of SpyEye malware allows cybercriminals to monitor potential bank fraud victims by hijacking their webcams and microphones, according to security researchers from antivirus vendor Kaspersky Lab.
Full Story


Anonymous #OpIndia Engaged

Update 09-May-2012:
This time the big guy have decided to attack the Govt of India. The rationale is (somewhat) explained in their YouTube video.

Update 20-May-2012:
The websites belonging to India’s Supreme Court, the Ministry of Communications and Information Technology, the Department of Telecommunications, and both of the nation’s political parties were targets. Full Story Here

How To Make An Auto Hacking Usb Drive

A simple way of creating malicious auto run USB drives, to steal passwords, or to just steal data.


Kickstarter's API bug exposes user data

Based on our research, the overwhelming majority of the private API access was by a computer programmer/Wall Street Journal reporter who contacted us. Outside of that person's use, our research shows that a total of 48 unlaunched projects were accessed during the three weeks this bug was live (this number includes a number of views by Kickstarter's developers working on the API itself).
Full Story


The Blackberry Project: how easily do we sell our privacy?

... as results from the project begin to appear, the main conclusion from Singularity appears to be a generational shift in attitudes towards privacy. The researchers “went to great lengths not to betray the confidence of the teens to their parents, even when some of the kids ran away from home or illegal activities were being discussed.” The kids seemed to be content with this.
Full Story


OpenDNS launches a tool to encrypt DNS requests

DNS requests [by default] are unencrypted, meaning that an interloper monitoring a person's internet traffic, such as over an unencrypted public Wi-Fi access point at an airport or cafe, could see the requests and compromise a person's privacy.
Full Story

Users Still The Weakest Link in the Security Chain

Well, it is an age old known fact. One of the many articles that talks about it


Engineering mistake exposes clear-text passwords for Lion

A debugging switch inadvertently left on in the current release of Lion, version 10.7.3, records in clear text the password needed to open the folder encrypted by the older version of FileVault.
Full Story


Stenography used by al Qaeda

On May 16 last year, a 22-year-old Austrian named Maqsood Lodin was being questioned by police in Berlin. He had recently returned from Pakistan via Budapest, Hungary, and then traveled overland to Germany. His interrogators were surprised to find that hidden in his underpants were a digital storage device and memory cards. Buried inside them was a pornographic video called "Kick Ass" -- and a file marked "Sexy Tanja."
Full Story

Browser For Hackers

Best browser for hackers with built in features for hackers- OWASP Mantra Browser Security Framework for penetration testers
Full Story 

Hackers blackmail Belgian bank with threats to publish customer data

The hackers call their demand an "idiot tax" because the information was unencrypted on the bank's web server
Cyber Extortion


Google StreetView's Wi-Fi Snooping

Okay, there was an intentional reason why I didn't post about this 2010 matter.

The Story via PCWorld:
Google's Wi-Fi woes started in 2010 after the company received a request from Germany's data protection authority to audit the information that Street View cars collected. As part of the project, Google was recording publicly available identifying information from Wi-Fi routers around the world in order to create a router location database to help improve the accuracy of location-based services for Android phones and other Google products. But the search giant also said its cars had mistakenly collected fragments of user data in the process.
Google's Response:
Google publicly apologized for the action, and got an external auditor to check their code, and also validate they have deleted all the personal information.

Realistic View:
So, how much personal data, could a moving car have picked up? If a person leaves his house door open, and a person standing on the street, inadvertently peeps inside and catches a glimpse of a confidential piece of paper - then who is at fault?