CUPS flaw
A rather scary looking bug was noticed in CUPS last week:
CUPS "process_browse_data()" Double Free Vulnerability
This is always one of the things that makes security and Open Source quite the challenge, yet also something positive. This bug was reported to the CUPS project in January, but nobody noticed until last week that it was even there. In a closed source project, a bug such as this would probably go unnoticed, and never be called a security issue. The "many eyes" aspect of Open Source is what got this noticed, and thanks to Secunia, the various interested vendors shipping a vulnerable version of CUPS were able to apply the fix to keep their users secure.
Disk Encryption Isn't So Safe
New Research Result: Cold Boot Attacks on Disk Encryption
This research paper is quite brilliant, while also being amazingly simply when you really think about it. It's never been a secret that RAM can hold its contents for an extended period of time. It's assumed that it should be possible to inspect RAM under an electron microscope and reveal the previous contents long after a machine has been powered off. The scary thing about this paper is that simply quickly rebooting a machine should make it quite possible to extract previous RAM contents.
While I don't think it's worth building a bomb shelter in your backyard over this, any paranoid tech traveler should be aware of this paper.
Updated 2008-02-26
I received a question about inspecting computer memory to discover its previous contents. As I recall hearing about this during a lecture in my undergraduate days, I decided to see what Google has to say. Here are the search terms that should return some interesting results:
data remanence volatile semiconductor memory
