Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. Check out this video for detailed information and a demo.

Even if some think that the attack is not likely to happen, experts find it a difficult problem to solve. I personally think that using Vista while on the move without using the sleep function is not very realistic, so we’ll have to keep an eye on our notebooks even if we use full disk encryption.

Good news for all Nokia (and Symbian) users that need a RSA keyfob to securely log into their applications. RSA authenticators are now available as software version that run on Nokia phones.

No need to carry a fob anymore, my E51 will do the job.

Those of you who do not have the chance to use the Nokia Intellisync platform for mobile email and have to install a BlackBerry infrastructure instead, should have a look at the BlackBerry dedicated security page. It’s a good resource to understand how the product works and more importantly, how it can be secured.

Apart from the technical controls, don’t forget to update your corporate security policy with the mobility aspects and develop a user awareness program. These two steps are particularly important when you consider who in your company is going to use this type of product.

If you work for a financial institution located in Luxembourg, have a look at chapter 8 of the CSSF 2005 annual report. Paragraph 2.2.1 is about push-mail and BlackBerry. It clarifies the position of the CSSF on the subject and gives some recommendations about implementation.

As you certainly remember, we did a wardriving evening with Laurent and Manu a while ago. I then developed a super-lots-of-features Perl script that would map the points to Google Earth. Well, I found on Laurent’s blog a nice website that is currently providing every kind of translation/mapping features. Have a look at it. Unfortunately, it’s in french

The website is http://www.gpsvisualizer.com/map?form=wifi.

Nothing is left to me but to execute: # > NStoGoogleEarth.pl

Goodbye :’(

As I was stucked in a traffic jam in downtown Brussels yesterday afternoon, I decided to power on my Palm Tungsten T|X in order to find a hotspot and read my mail : within 5 seconds, I found 28 access points, from which 27 were wide open. It looks like Brussels is a far greater city for anonymous surfing than Luxembourg is