Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. Check out this video for detailed information and a demo.

Even if some think that the attack is not likely to happen, experts find it a difficult problem to solve. I personally think that using Vista while on the move without using the sleep function is not very realistic, so we’ll have to keep an eye on our notebooks even if we use full disk encryption.

Sun has recently updated its Java Runtime Environment due to multiple security vulnerabilities. While it’s an excellent idea to update the Java interpreter, don’t forget to remove the old versions from your PC. As you know, some applications may start a specific JRE version without you even know it, which would lead your system to being vulnerable.

You may check your PC against vulnerable software versions using Secunia brand new Software Inspector.

Computer Sweden has published the transcript of a chat with the developer of the trojan (Haxdoor) that was used in the recent fraud against Nordea bank. The journalist has been offered a personal version of the trojan for $3000. Interesting reading.

Secaron organizes, in partnership with Symantec and Enterasys, a free breakfast session introducing network admission control solutions. The aim of this breakfast session is to go further than the classical LAN security measures that enable user authentication and posture checks on the devices connecting to the internal network. We will see how to extend LAN security controls in order to perform pre-admission endpoint security policy checks and post-admission controls over where users can go on a network and what they can do.

The presentations are available for download.

Postbank aims to curb the theft of online personal information with the help of electronic signatures. The bank will begin attaching electronic signatures to all e-mail correspondence with customers.

They have a security dedicated page (german) on their web site explaining the risks of phishing and how to verify that an email is signed.