document updated 12 years ago, on Dec 22, 2012
This page doesn't go into a ton of detail about specific techniques. Rather, it's meant to serve as a heads-up to people who don't pay attention to security very often, about what sort of things are possible these days.
- BitLocker, PGP, and TrueCrypt keys can be extracted from RAM and RAM dumps in an automated manner
- File carving tools make it MUCH easier to undelete data than previous tools. Because undeleting is so much easier than it was before, computer specialists may make bad security decisions based on how troublesome it used to be to undelete things.
- WEP is an extremely flawed security option for Wifi. It takes ~5 minutes for WEP to be cracked.
- Some people think that now that switches have replaced hubs in networking equipment, that sniffing other people on the same LAN is impossible. This isn't true — ARP spoofing tools are widely available.
- Several MITM attacks are very dangerous
- In particular rogue Access Points. Wifi Pinaepple [2] is the user-friendly version of this.
- HTTPS (SSL) MITM attacks are getting more attention, particularly because of wifi MITM attacks. Recently, modern browsers have been making their SSL certificate warning screens more prominent and more difficult for end-users to unthinkingly bypass, however, some older browsers (possibly mobile ones) are very vulnerable to this.
- The USB-thumbdrives-dropped-in-a-parking-lot spearfishing tales are actually true. See the USB Rubber Ducky [2]