Do you use Microsoft Window’s Bitlocker? TrueCrypt? DMCrypt? Or whatever the hell Apple calls their disk encryption?
If you do. Here’s something for you to think about. That encryption key is more vulnerable than you probably realize. It’s always going to be sitting somewhere in your ram while you’re logged onto your system. If you put your machine to sleep, it’s going to be there. Even if you completely power off your laptop/computer, it will still be sitting in that ram chip for at least a little while.
This video demonstrates an attack against Bitlocker:
Want to feel safe again?
Always shutdown your computer. Not sleep,hibernate, or any other lowpower state.
Find a program to scramble your ram on shutdown.
Don’t use liquid nitrogen to cool your ram.
Reevaluate your encryption needs, because most likely you don’t need to encrypt the WHOLE disk. If you’re using linux; look into setting up encryption per user per their home folder.
I’m not entirely sure I’d call it a worm since it doesn’t really spread automatically and on its own, but anyway. I saw this on gHacks and thought it was cool.
Basically this guy discovered seven vulnerabilities in the latest version of Wordpress and decided to write a worm that will go into your site and patch the problems. All you have to do is login as an admin, post a comment containing a link to http://mybeni.rootzilla.de/mybeNi/ and click on it from the Moderate Comments admin panel. This will take you to his site where you then would have to click “Secure my blog” to continue. It’ll go back to your admin panel and guide you through the process of patching 3 files to stop this kind of XSS/ Cross-site-scripting vulnerability.
Of course you’ll have to trust that this won’t do any harm to your wp installation
If you don’t want to do it this way and can wait. This is all fixed in the next update; which you can get off of the SVN repo right now.
The number of the day is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Digg got told by HD DVD to remove a story about hd-dvd’s processing key from doom9’s forums and now the internet’s basically pissed at them for choosing a sponsor over their users. Digg users are revolting by digging only stories with the key to the front page of digg.
There’s t-shirts, songs, videos, domains, and lots of other creative things containing the key now. ThePirateBay is embracing the numbers.
I’ll wait til andy watches the next episode of diggnation and see if they say anything about it.
They want to give this guy 60 years in prison for doing nothing really.. He didn’t break anything. I love how the reporter tries to act like he knows something about what he’s talking about, but doesn’t really.
“ In 2002, Gary McKinnon was arrested by the UK’s national high-tech crime unit, after hacking into NASA, and the US military. He says he spent two years looking for photographic evidence of alien spacecraft and advanced power technology. America now wants him on trial, and if tried there he could face 60 years behind bars. Gary’s been banned from using the Internet. We asked for his side of the story ahead of his extradition hearing on Wednesday,”
