On Sunday, three researchers led by lock-picking expert Marc Webber Tobias showed how they could easily “bump” and pick Biaxial and high-security M3 locks made by Medeco Security Locks, a Virginia-based company that claimed last year that its locks were “bump-proof.”
I’ve seen some of these lock picking demonstrations in person, and it’s very impressive. [...]
Also filed in
|
|
We’ve heard about spear phishing, where the target is personally singled out, rather than just part of a larger spam group. Now it looks like phishers are starting to focus on more valuable targets, such as CEOs, other corporate executives, and even their families. I’m not too surprised, since the computers these attacks might compromise [...]
Also filed in
|
|
This article in CIO tells a great story about the current state of forensics and anti-forensics. It really exposes the bleak state of affairs when it comes to relying on digital evidence in criminal investigations. Several anti-forensic tools are mentioned, including Slacker (hides data in slack space), Timestomp (arbitrarily sets timestamps on files), and MosDef [...]
It’s one thing to learn about buffer overflows, reverse engineering, and SQL injection, but it’s a lot more helpful to actually do them hands-on. Damn Vulnerable Linux, a distribution based on Damn Small Linux, comes with all the outdated, unpatched, highly vulnerable software you could possibly want in a security playground. It also comes with [...]
Do you trust standard RFID cards to perform a security function? Probably; most companies use electronic access cards based on RFID, such as those made by HID, to open doors. Unfortunately, they’re not much more secure than a secret handshake - someone could easily watch you do it, and then repeat it himself as needed. [...]
