Stateless session cookies allow web applications to alter their
behaviour based on user preferences and access rights, without maintain-
ing server-side state for each session. This is desirable because it reduces
the impact of denial of service attacks and eases database replication
issues in load-balanced environments. The security of existing session
cookie proposals depends on the server protecting the secrecy of a sym-
metric MAC key, which for engineering reasons is usually stored in a
database, and thus at risk of accidental leakage or disclosure via appli-
cation vulnerabilities. In this paper we show that by including a salted
iterated hash of the user password in the database, and its pre-image
in a session cookie, an attacker with read access to the server is unable
to spoof an authenticated session. Even with knowledge of the server's
MAC key the attacker needs a user's password, which is not stored on the
server, to create a valid cookie. By extending an existing session cookie
scheme, we maintain all the previous security guarantees, but also pre-
serve security under partial compromise.

Side channel attacks on RSA on x86 via ultrasonic waves and USB voltage monitoring

BotHunter is a passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter. Using an advanced infection-dialog-based event correlation engine (patent pending), BotHunter represents the most in-depth network-based malware infection diagnosis system available today.

I've put together a single floppy or CD which contains things needed to edit the passwords on most systems. The CD can also be installed on a USB drive, see readme.txt on the CD.