Researchers with Princeton University and the Electronic Frontier Foundation have found a flaw that renders disk encryption systems useless if an intruder has physical access to your computer — say in the case of a stolen laptop or when a computer is left unattended on a desktop in sleep mode or while displaying a password prompt screen. The attack takes only a few minutes to conduct and uses the disk encryption key that’s stored in the computer’s RAM. The attack works because content as well as encryption keys stored in RAM linger in the system, even after the machine is powered off, enabling an attacker to use the key to collect any content still in RAM after reapplying power to the machine.

“We’ve broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers,” said J. Alex Halderman, one of the researchers, in a press release. “Unlike many security problems, this isn’t a minor flaw; it is a fundamental limitation in the way these systems were designed.” The researchers successfully performed the attack on several disk encryption systems — Apple’s FileVault, Microsoft’s BitLocker, as well as TrueCrypt and dm-crypt — but said they have no reason to believe it won’t work on other disk encryption systems as well, since they all share similar architectures. They released a paper about their work as well as a video demonstration (available at YouTube) of the attack.

Source: Wired News.

This occured about one month ago but somehow i forgot to post it here for you to read. The open-source file sharing program Shareaza is facing some serious troubles because of the anti-piracy efforts of companies and coporations world-wide.

The following article was posted in Releaselog and it is very interesting. If this gets its way somehow, the open-source developers are in risk of loosing its work anytime, if legal problems such as the one Shareaza is facing arise.

Beginnings Are a Good Place To Start

In mid 2002, a lone programmer by the name of Micheal Stokes released the first version of a Gnutella client he had written, dubbed “Shareaza”. Over the next two years Micheal added to his client and coded in support for the eDonkey 2000 network, BitTorrent and a rewritten Gnutella-based protocol which he named Gnutella2.

Shareaza gradually became more and more popular and Mike started to receive several job offers based on the strength of his work on Shareaza. He eventually decided that continuing to work on a p2p application in an increasingly hostile legal climate was too risky, but he did the honorable thing and released the Shareaza source code under the GNU GPLv2 on June 1, 2004 (which coincided with the release of Shareaza v2.0).

Mike stopped working on Shareaza and went on to develop a new p2p-based streaming radio project named Mercora. As part of distancing himself from Shareaza, he transfered the shareaza.com domain to one of his old alpha testers named Jon Nilson, who continued to administer the domain until late 2007.

Read the rest of this entry »

Microsoft is set to begin a pilot of a new Genuine Advantage anti-piracy mechanism for Office that will add a “nag-like” feature, akin to what is now part of Windows Vista, to Office. Office already currently includes an Office Genuine Advantage (OGA) validation mechanism (for Office XP and Office 2007), but Microsoft doesn’t do a whole lot to “punish” those it deems to be running non-Genuine versions of Office. However, as part of a new OGA notifications pilot program — which Microsoft is launching in Chile, Italy, Spain and Turkey, according to an April 8 announcement buried in a Q&A on Microsoft’s Web site — Microsoft is set to turn up the unpleasantness a notch.

Today, in current OGA validation process, there is no visual & persistent representation within the experience of being a non-genuine Office user. The outcome for being non-genuine today is that the user does not gain access to Office templates and other downloads. In the pilot the non-genuine copy of Office will also have an icon on the toolbar or ribbon indicating that it is non-genuine. After receiving these dialog box notifications for 30 days, Office applications will be marked with a visual reminder that the copy of Office is not genuine. Both the dialog box and/or the visual reminder will disappear once the customer gets genuine Office and/or uninstalls the non-genuine Office products.

Source: ZDNet News.

Paint.NET is the most comprehensive free image editor. It supports layers, unlimited undo, special effects, and a a great variety of useful tools.

With it you can edit, compose, retouch, fix and repair images of any type.

You can export them to a wide array of image types as well.

Highly recommended.

Website Download

This freeware text editor can replace notepad and add many useful features.

Description

Notepad2 is a light-weight, free and open source Notepad-like text editor with syntax highlighting for a few commonly used languages.

It’s based on the Scintilla source code editing component.

Features

- Syntax highlighting: HTML, XML, PHP, ASP (JS, VBS), CSS,
JavaScript, VBScript, C/C++, C#, Resource Script, Makefiles, Java,
Visual Basic, Pascal, Assembly, SQL, Perl, Python, Configuration
Files, Apache Config Files, Batch Files, Diff Files
- Drag & drop text editing inside and outside Notepad2
- Basic regular expression search and replace
- Useful word, line and block editing shortcuts
- Rectangular selection (Alt+Mouse)
- Brace matching, auto indent, long line marker, zoom functions
- Support for Unicode, UTF-8, Unix and Mac text files
- Open shell links
- Mostly adjustable

Website Download

After finishing all the testing and exploring the new options in Wordpress 2.5 i upgraded my site. Now i can focus on posting again.

I will make some time to explore the Wordpress Plugin Directory to enhance the site a little more.

It took a little longer than expected because of the formatting of my desktop machine, where i make most of the posting. Later today you will find more content posted.

I just made some tests locally and everything went fine with my theme and plugins so far. Today i will make a clean install in my desktop pc (unattended as always) and i will upload the new Wordpress to my server in order to upgrade the site before i make other posts.

All this week i have been out of town looking for a job in the Oil industry. I hope to get one, as i have been interviewed by people in important companies.

I will return to my home tomorrow and i will resume the posting as soon as i can, i have been collecting some interesting articles and other software downloads for you.

I want to begin testing locally the new version of Wordpress before i upgrade my site because i need to make sure that all my plugins and the main theme works fine with the 2.5 version.