Blog Posts Across OpenSecurityCLUB

On Feb 5th 2008 a new version of TrueCrypt was released. Version 5.0 of the free encryption software offers some basic enhancements and new features.

TrueCrypt now supports not only Windows and Linux but also Mac OS. Under Windows the read/write performance can speed-up by up to 100% due to pipelined operations. A graphical user interface for the Linux version is now available. The Li…

Joanna Rutkowska, a rootkit expert, has published a new build of the virtualization rootkit Blue Pill. She provided open access to the source code on bluepillproject.org.
The new version is not just a revision of the prototype presented at the Black Hat Conference in Las Vegas 2006 but rather a completely new build with new functionality and support for hardware virtualiz…

Twenty years ago a German hacker was brought before court. He did break into the US Pentagon computer network and stole confidential information to sell it to the Sovjet secret service KGB.
The hacker calling himself Urmel did not receive much money for the information he sparsely offered to his KGB contact. It have been mostly information about the power of biological and chemical warfare of the US military. But the big bang already was scheduled: He intended to give the full control and…

Today Google has published its Safe Browsing API and enables client applications to use Google's Phishing and Malware blacklist. Google's intention is to provide developers with an API that allows them to better protect their users from malicious websites.
Some weeks ago this functionality was added to Firefox already. That time Security Companies like McAfee (SiteAdvisor), Trend Micro (…

Last weekend some 1000 webservers in Europe (mainly Italian ones) have been abused to infect users with trojans to spy their privacy. In most cases servers of harmless websites like travel, tourist, cinema businesses have been inoculated with an I-Frame, a single line piece of code, that connects to another server which uses the Web-Exploit-Toolkit MPACK to attack innocent visitors' computer. The Web-Exploit-Toolkit MPACK automatically detects OS and Browser of the victim and tests for known…

Tavis Ormandy of Google's Security Team has posted a new article about virtualization and the security layer virtual machines do establish.

Virtual machines are often thought of as impenetrable barriers between the guest and host and are therefore widely used in security environments to sandbox malware for analysis purposes.
But as this security layer consists of software and applications of that complexity never are 100% bu…

According to Arbor Networks the recent distributed denial of service (DDoS) targeting Estonia was not a regional organized attack but rather the spontaneous international pooling of like-minded people. Apparently the trigger was relocation of the Bronze Soldier, a memorial to the World War II Russian Unknown Soldier, from the centre of Tallinn to a suburban cemetery. This has provoke…

Symantec has released its new comprehensive security suite Norton 360 which promises an all-round protection starting from PC Security, includes PC tuneup technologies PLUS new antiphishing and automated backup. With all that functionality under one central administration console Norton 360 is unique in the field of end user security software.
The strategy seems clear: With all the aquisition Symantec made over the last few years they now are able to offer a comprehensive safety kit with…

As of march 7th the new internet security network has been launched and invites all folks interested in internet security to join the network. Meet the experts, be the expert. This is the place where questions are really answered.

Since years no security risk made it to the frontpage of newspapers of even to TV. The scene has changed but malware, spam and phishing still threaten computer, data and privacy of unsuspecting users. Security software has become technically mature and even M…